scottk/nDPId
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/nDPId.git synced 2025-10-29 17:32:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Renamed basic event to error event for the sake of the logic.

Browse Source 
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
This commit is contained in:
Toni Uhlig
2022-03-13 03:08:44 +01:00
parent ed1647b944
commit daaaa61519
40 changed files with 11771 additions and 11771 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@@ -344,7 +344,7 @@ install(FILES examples/py-schema-validation/py-schema-validation.py
install(FILES examples/py-semantic-validation/py-semantic-validation.py
DESTINATION bin RENAME nDPIsrvd-semantic-validation.py
PERMISSIONS OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
install(FILES schema/basic_event_schema.json schema/daemon_event_schema.json
install(FILES schema/error_event_schema.json schema/daemon_event_schema.json
schema/flow_event_schema.json schema/packet_event_schema.json DESTINATION share/nDPId)
message(STATUS "--------------------------")

8
dependencies/nDPIsrvd.py vendored
View File

@@ -459,7 +459,7 @@ def validateAddress(args):
return address
global schema
schema = {'packet_event_schema' : None, 'basic_event_schema' : None, 'daemon_event_schema' : None, 'flow_event_schema' : None}
schema = {'packet_event_schema' : None, 'error_event_schema' : None, 'daemon_event_schema' : None, 'flow_event_schema' : None}
def initSchemaValidator(schema_dirs=[]):
if len(schema_dirs) == 0:
@@ -486,11 +486,11 @@ def validateAgainstSchema(json_dict):
except AttributeError:
jsonschema.validate(instance=json_dict, schema=schema['packet_event_schema'])
return True
if 'basic_event_id' in json_dict:
if 'error_event_id' in json_dict:
try:
jsonschema.Draft7Validator(schema=schema['basic_event_schema']).validate(instance=json_dict)
jsonschema.Draft7Validator(schema=schema['error_event_schema']).validate(instance=json_dict)
except AttributeError:
jsonschema.validate(instance=json_dict, schema=schema['basic_event_schema'])
jsonschema.validate(instance=json_dict, schema=schema['error_event_schema'])
return True
if 'daemon_event_id' in json_dict:
try:

2
examples/py-flow-dashboard/flow-dash.py
View File

@@ -62,7 +62,7 @@ def nDPIsrvd_worker_onJsonLineRecvd(json_dict, instance, current_flow, global_us
shared_flow_dict['total-events'] += 1
shared_flow_dict['total-json-bytes'] = nsock.received_bytes
if 'basic_event_name' in json_dict:
if 'error_event_name' in json_dict:
shared_flow_dict['total-base-events'] += 1
if 'daemon_event_name' in json_dict:

6
examples/py-flow-info/flow-info.py
View File

@@ -276,10 +276,10 @@ def onJsonLineRecvd(json_dict, instance, current_flow, global_user_data):
prettifyEvent(color, 15, 'DAEMON-EVENT'), daemon_msg))
stats.printStatus()
return True
if 'basic_event_id' in json_dict:
if 'error_event_id' in json_dict:
print('{}{}{} {}: {}'.format(timestamp, basic_daemon_event_prefix, instance_and_source,
prettifyEvent([TermColor.FAIL, TermColor.BLINK], 15, 'BASIC-EVENT'),
json_dict['basic_event_name']))
prettifyEvent([TermColor.FAIL, TermColor.BLINK], 15, 'ERROR-EVENT'),
json_dict['error_event_name']))
stats.printStatus()
return True
elif 'flow_event_id' not in json_dict:

2
examples/py-semantic-validation/py-semantic-validation.py
View File

@@ -143,7 +143,7 @@ def onJsonLineRecvd(json_dict, instance, current_flow, global_user_data):
td = instance.getThreadDataFromJSON(json_dict)
for event_name in ['basic_event_name', 'daemon_event_name',
for event_name in ['error_event_name', 'daemon_event_name',
'packet_event_name', 'flow_event_name']:
if event_name in json_dict and json_dict[event_name].lower() == 'invalid':
raise SemanticValidationException(current_flow,

190
nDPId.c
View File

@@ -275,9 +275,9 @@ enum flow_event
FLOW_EVENT_COUNT
};
enum basic_event
enum error_event
{
BASIC_EVENT_INVALID = 0,
ERROR_EVENT_INVALID = 0,
UNKNOWN_DATALINK_LAYER,
UNKNOWN_L3_PROTOCOL,
@@ -297,7 +297,7 @@ enum basic_event
MAX_FLOW_TO_TRACK,
FLOW_MEMORY_ALLOCATION_FAILED,
BASIC_EVENT_COUNT
ERROR_EVENT_COUNT
};
enum daemon_event
@@ -327,8 +327,8 @@ static char const * const flow_event_name_table[FLOW_EVENT_COUNT] = {[FLOW_EVENT
[FLOW_EVENT_DETECTED] = "detected",
[FLOW_EVENT_DETECTION_UPDATE] = "detection-update",
[FLOW_EVENT_NOT_DETECTED] = "not-detected"};
static char const * const basic_event_name_table[BASIC_EVENT_COUNT] = {
[BASIC_EVENT_INVALID] = "invalid",
static char const * const error_event_name_table[ERROR_EVENT_COUNT] = {
[ERROR_EVENT_INVALID] = "invalid",
[UNKNOWN_DATALINK_LAYER] = "Unknown datalink layer packet",
[UNKNOWN_L3_PROTOCOL] = "Unknown L3 protocol",
[UNSUPPORTED_DATALINK_LAYER] = "Unsupported datalink layer",
@@ -2539,7 +2539,7 @@ static void internal_format_error(ndpi_serializer * const serializer, char const
ndpi_reset_serializer(serializer);
}
static void vjsonize_basic_eventf(struct nDPId_reader_thread * const reader_thread, char const * format, va_list ap)
static void vjsonize_error_eventf(struct nDPId_reader_thread * const reader_thread, char const * format, va_list ap)
{
uint8_t got_jsonkey = 0;
uint8_t is_long_long = 0;
@@ -2679,23 +2679,23 @@ static void vjsonize_basic_eventf(struct nDPId_reader_thread * const reader_thre
}
}
__attribute__((format(printf, 3, 4))) static void jsonize_basic_eventf(struct nDPId_reader_thread * const reader_thread,
enum basic_event event,
__attribute__((format(printf, 3, 4))) static void jsonize_error_eventf(struct nDPId_reader_thread * const reader_thread,
enum error_event event,
char const * format,
...)
{
struct nDPId_workflow * const workflow = reader_thread->workflow;
va_list ap;
char const ev[] = "basic_event_name";
char const ev[] = "error_event_name";
ndpi_serialize_string_int32(&reader_thread->workflow->ndpi_serializer, "basic_event_id", event);
if (event > BASIC_EVENT_INVALID && event < BASIC_EVENT_COUNT)
ndpi_serialize_string_int32(&reader_thread->workflow->ndpi_serializer, "error_event_id", event);
if (event > ERROR_EVENT_INVALID && event < ERROR_EVENT_COUNT)
{
ndpi_serialize_string_string(&workflow->ndpi_serializer, ev, basic_event_name_table[event]);
ndpi_serialize_string_string(&workflow->ndpi_serializer, ev, error_event_name_table[event]);
}
else
{
ndpi_serialize_string_string(&workflow->ndpi_serializer, ev, basic_event_name_table[BASIC_EVENT_INVALID]);
ndpi_serialize_string_string(&workflow->ndpi_serializer, ev, error_event_name_table[ERROR_EVENT_INVALID]);
}
ndpi_serialize_string_int32(&reader_thread->workflow->ndpi_serializer,
"datalink",
@@ -2715,7 +2715,7 @@ __attribute__((format(printf, 3, 4))) static void jsonize_basic_eventf(struct nD
if (format != NULL)
{
va_start(ap, format);
vjsonize_basic_eventf(reader_thread, format, ap);
vjsonize_error_eventf(reader_thread, format, ap);
va_end(ap);
}
@@ -2838,12 +2838,12 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
}
else
{
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
jsonize_error_eventf(reader_thread,
UNKNOWN_DATALINK_LAYER,
"%s%u",
"layer_type",
ntohl(*((uint32_t *)&packet[eth_offset])));
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
return 1;
}
*ip_offset = sizeof(dlt_hdr) + eth_offset;
@@ -2853,14 +2853,14 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
{
if (header->caplen < sizeof(struct ndpi_chdlc))
{
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
jsonize_error_eventf(reader_thread,
PACKET_TOO_SHORT,
"%s%u %s%zu",
"size",
header->caplen,
"expected",
sizeof(struct ndpi_chdlc));
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
return 1;
}
@@ -2873,14 +2873,14 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
case DLT_PPP:
if (header->caplen < sizeof(struct ndpi_chdlc))
{
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
jsonize_error_eventf(reader_thread,
PACKET_TOO_SHORT,
"%s%u %s%zu",
"size",
header->caplen,
"expected",
sizeof(struct ndpi_chdlc));
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
return 1;
}
@@ -2899,9 +2899,9 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
case DLT_LINUX_SLL:
if (header->caplen < 16)
{
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(
jsonize_error_eventf(
reader_thread, PACKET_TOO_SHORT, "%s%u %s%u", "size", header->caplen, "expected", 16);
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
return 1;
}
@@ -2912,14 +2912,14 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
{
if (header->caplen < sizeof(struct ndpi_radiotap_header))
{
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
jsonize_error_eventf(reader_thread,
PACKET_TOO_SHORT,
"%s%u %s%zu",
"size",
header->caplen,
"expected",
sizeof(struct ndpi_radiotap_header));
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
return 1;
}
@@ -2930,21 +2930,21 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
/* Check Bad FCS presence */
if ((radiotap->flags & BAD_FCS) == BAD_FCS)
{
jsonize_error_eventf(reader_thread, PACKET_HEADER_INVALID, "%s%s", "reason", "Bad FCS presence");
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread, PACKET_HEADER_INVALID, "%s%s", "reason", "Bad FCS presence");
return 1;
}
if (header->caplen < (eth_offset + radio_len + sizeof(struct ndpi_wifi_header)))
{
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
jsonize_error_eventf(reader_thread,
PACKET_TOO_SHORT,
"%s%u %s%zu",
"size",
header->caplen,
"expected",
(eth_offset + radio_len + sizeof(struct ndpi_wifi_header)));
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
return 1;
}
@@ -2986,20 +2986,20 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
break;
}
case DLT_RAW:
jsonize_error_eventf(reader_thread, UNSUPPORTED_DATALINK_LAYER, NULL);
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread, UNSUPPORTED_DATALINK_LAYER, NULL);
return 1;
case DLT_EN10MB:
if (header->caplen < sizeof(struct ndpi_ethhdr))
{
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
jsonize_error_eventf(reader_thread,
PACKET_TOO_SHORT,
"%s%u %s%zu",
"size",
header->caplen,
"expected",
sizeof(struct ndpi_ethhdr));
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
return 1;
}
@@ -3012,15 +3012,15 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
{
if (header->caplen < sizeof(struct ndpi_ethhdr) + 20 /* sizeof(Ethernet/DCE-header) */)
{
jsonize_packet_event(
reader_thread, header, packet, *layer3_type, *ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
jsonize_error_eventf(reader_thread,
PACKET_TOO_SHORT,
"%s%u %s%zu",
"size",
header->caplen,
"expected",
sizeof(struct ndpi_ethhdr) + 2);
jsonize_packet_event(
reader_thread, header, packet, *layer3_type, *ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
return 1;
}
ethernet = (struct ndpi_ethhdr *)&packet[eth_offset + 20];
@@ -3033,15 +3033,15 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
{
if (header->caplen < sizeof(struct ndpi_ethhdr) + 4 /* sizeof(802.1Q-header) */)
{
jsonize_packet_event(
reader_thread, header, packet, *layer3_type, *ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
jsonize_error_eventf(reader_thread,
PACKET_TOO_SHORT,
"%s%u %s%zu",
"size",
header->caplen,
"expected",
sizeof(struct ndpi_ethhdr) + 4);
jsonize_packet_event(
reader_thread, header, packet, *layer3_type, *ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
return 1;
}
*layer3_type = ntohs(*(uint16_t *)&packet[*ip_offset + 2]);
@@ -3053,30 +3053,30 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
case ETH_P_IP: /* IPv4 */
if (header->caplen < sizeof(struct ndpi_ethhdr) + sizeof(struct ndpi_iphdr))
{
jsonize_packet_event(
reader_thread, header, packet, *layer3_type, *ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
jsonize_error_eventf(reader_thread,
IP4_PACKET_TOO_SHORT,
"%s%u %s%zu",
"size",
header->caplen,
"expected",
sizeof(struct ndpi_ethhdr) + sizeof(struct ndpi_iphdr));
jsonize_packet_event(
reader_thread, header, packet, *layer3_type, *ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
return 1;
}
break;
case ETH_P_IPV6: /* IPV6 */
if (header->caplen < sizeof(struct ndpi_ethhdr) + sizeof(struct ndpi_ipv6hdr))
{
jsonize_packet_event(
reader_thread, header, packet, *layer3_type, *ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
jsonize_error_eventf(reader_thread,
IP6_PACKET_TOO_SHORT,
"%s%u %s%zu",
"size",
header->caplen,
"expected",
sizeof(struct ndpi_ethhdr) + sizeof(struct ndpi_ipv6hdr));
jsonize_packet_event(
reader_thread, header, packet, *layer3_type, *ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
return 1;
}
break;
@@ -3085,9 +3085,9 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
case ETH_P_ARP: /* ARP */
return 1;
default:
jsonize_error_eventf(reader_thread, PACKET_TYPE_UNKNOWN, "%s%u", "layer_type", *layer3_type);
jsonize_packet_event(
reader_thread, header, packet, *layer3_type, *ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread, PACKET_TYPE_UNKNOWN, "%s%u", "layer_type", *layer3_type);
return 1;
}
break;
@@ -3105,9 +3105,9 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
case DLT_DSA_TAG_EDSA:
return 1;
default:
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(
jsonize_error_eventf(
reader_thread, UNKNOWN_DATALINK_LAYER, "%s%u", "layer_type", ntohl(*((uint32_t *)&packet[eth_offset])));
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
return 1;
}
@@ -3259,8 +3259,8 @@ static void ndpi_process_packet(uint8_t * const args,
{
if (distribute_single_packet(reader_thread) != 0)
{
jsonize_error_eventf(reader_thread, UNKNOWN_L3_PROTOCOL, "%s%u", "protocol", type);
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread, UNKNOWN_L3_PROTOCOL, "%s%u", "protocol", type);
}
return;
}
@@ -3272,14 +3272,14 @@ static void ndpi_process_packet(uint8_t * const args,
{
if (distribute_single_packet(reader_thread) != 0)
{
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
jsonize_error_eventf(reader_thread,
CAPTURE_SIZE_SMALLER_THAN_PACKET_SIZE,
"%s%u %s%u",
"size",
header->caplen,
"expected",
header->len);
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
}
}
}
@@ -3291,14 +3291,14 @@ static void ndpi_process_packet(uint8_t * const args,
{
if (distribute_single_packet(reader_thread) != 0)
{
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
jsonize_error_eventf(reader_thread,
IP4_SIZE_SMALLER_THAN_HEADER,
"%s%u %s%zu",
"size",
ip_size,
"expected",
sizeof(*ip));
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
}
return;
}
@@ -3310,9 +3310,9 @@ static void ndpi_process_packet(uint8_t * const args,
{
if (distribute_single_packet(reader_thread) != 0)
{
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(
jsonize_error_eventf(
reader_thread, IP4_L4_PAYLOAD_DETECTION_FAILED, "%s%zu", "l4_data_len", ip_size - sizeof(*ip));
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
}
return;
}
@@ -3328,14 +3328,14 @@ static void ndpi_process_packet(uint8_t * const args,
{
if (distribute_single_packet(reader_thread) != 0)
{
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
jsonize_error_eventf(reader_thread,
IP6_SIZE_SMALLER_THAN_HEADER,
"%s%u %s%zu",
"size",
ip_size,
"expected",
sizeof(ip6->ip6_hdr));
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
}
return;
}
@@ -3346,9 +3346,9 @@ static void ndpi_process_packet(uint8_t * const args,
{
if (distribute_single_packet(reader_thread) != 0)
{
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(
jsonize_error_eventf(
reader_thread, IP6_L4_PAYLOAD_DETECTION_FAILED, "%s%zu", "l4_data_len", ip_size - sizeof(*ip));
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
}
return;
}
@@ -3376,8 +3376,8 @@ static void ndpi_process_packet(uint8_t * const args,
{
if (distribute_single_packet(reader_thread) != 0)
{
jsonize_error_eventf(reader_thread, UNKNOWN_L3_PROTOCOL, "%s%u", "protocol", type);
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread, UNKNOWN_L3_PROTOCOL, "%s%u", "protocol", type);
}
return;
}
@@ -3391,6 +3391,13 @@ static void ndpi_process_packet(uint8_t * const args,
{
if (distribute_single_packet(reader_thread) != 0)
{
jsonize_error_eventf(reader_thread,
TCP_PACKET_TOO_SHORT,
"%s%u %s%zu",
"size",
header->caplen,
"expected",
(l4_ptr - packet) + sizeof(struct ndpi_tcphdr));
jsonize_packet_event(reader_thread,
header,
packet,
@@ -3400,13 +3407,6 @@ static void ndpi_process_packet(uint8_t * const args,
l4_len,
NULL,
PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
TCP_PACKET_TOO_SHORT,
"%s%u %s%zu",
"size",
header->caplen,
"expected",
(l4_ptr - packet) + sizeof(struct ndpi_tcphdr));
}
return;
}
@@ -3425,6 +3425,13 @@ static void ndpi_process_packet(uint8_t * const args,
{
if (distribute_single_packet(reader_thread) != 0)
{
jsonize_error_eventf(reader_thread,
UDP_PACKET_TOO_SHORT,
"%s%u %s%zu",
"size",
header->caplen,
"expected",
(l4_ptr - packet) + sizeof(struct ndpi_udphdr));
jsonize_packet_event(reader_thread,
header,
packet,
@@ -3434,13 +3441,6 @@ static void ndpi_process_packet(uint8_t * const args,
l4_len,
NULL,
PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
UDP_PACKET_TOO_SHORT,
"%s%u %s%zu",
"size",
header->caplen,
"expected",
(l4_ptr - packet) + sizeof(struct ndpi_udphdr));
}
return;
}
@@ -3553,6 +3553,11 @@ static void ndpi_process_packet(uint8_t * const args,
{
if (add_new_flow(workflow, &flow_basic, FS_SKIPPED, hashed_index) == NULL)
{
jsonize_error_eventf(reader_thread,
FLOW_MEMORY_ALLOCATION_FAILED,
"%s%zu",
"size",
sizeof(struct nDPId_flow_skipped));
jsonize_packet_event(reader_thread,
header,
packet,
@@ -3562,11 +3567,6 @@ static void ndpi_process_packet(uint8_t * const args,
l4_len,
NULL,
PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
FLOW_MEMORY_ALLOCATION_FAILED,
"%s%zu",
"size",
sizeof(struct nDPId_flow_skipped));
}
return;
}
@@ -3577,6 +3577,11 @@ static void ndpi_process_packet(uint8_t * const args,
{
if (add_new_flow(workflow, &flow_basic, FS_SKIPPED, hashed_index) == NULL)
{
jsonize_error_eventf(reader_thread,
FLOW_MEMORY_ALLOCATION_FAILED,
"%s%zu",
"size",
sizeof(struct nDPId_flow_skipped));
jsonize_packet_event(reader_thread,
header,
packet,
@@ -3586,11 +3591,6 @@ static void ndpi_process_packet(uint8_t * const args,
l4_len,
NULL,
PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
FLOW_MEMORY_ALLOCATION_FAILED,
"%s%zu",
"size",
sizeof(struct nDPId_flow_skipped));
}
return;
}
@@ -3602,16 +3602,7 @@ static void ndpi_process_packet(uint8_t * const args,
{
workflow->max_flow_to_track_reached = 1;
jsonize_packet_event(reader_thread,
header,
packet,
type,
ip_offset,
(l4_ptr - packet),
l4_len,
NULL,
PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
jsonize_error_eventf(reader_thread,
MAX_FLOW_TO_TRACK,
"%s%llu %s%llu %s%llu %s%llu",
"current_active",
@@ -3622,6 +3613,15 @@ static void ndpi_process_packet(uint8_t * const args,
workflow->max_active_flows,
"max_idle",
workflow->max_idle_flows);
jsonize_packet_event(reader_thread,
header,
packet,
type,
ip_offset,
(l4_ptr - packet),
l4_len,
NULL,
PACKET_EVENT_PAYLOAD);
}
return;
}
@@ -3634,6 +3634,8 @@ static void ndpi_process_packet(uint8_t * const args,
{
workflow->flow_allocation_already_failed = 1;
jsonize_error_eventf(
reader_thread, FLOW_MEMORY_ALLOCATION_FAILED, "%s%zu", "size", sizeof(*flow_to_process));
jsonize_packet_event(reader_thread,
header,
packet,
@@ -3643,8 +3645,6 @@ static void ndpi_process_packet(uint8_t * const args,
l4_len,
NULL,
PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(
reader_thread, FLOW_MEMORY_ALLOCATION_FAILED, "%s%zu", "size", sizeof(*flow_to_process));
}
return;
}
@@ -3655,10 +3655,10 @@ static void ndpi_process_packet(uint8_t * const args,
if (alloc_detection_data(flow_to_process) != 0)
{
jsonize_error_eventf(
reader_thread, FLOW_MEMORY_ALLOCATION_FAILED, "%s%zu", "size", sizeof(*flow_to_process));
jsonize_packet_event(
reader_thread, header, packet, type, ip_offset, (l4_ptr - packet), l4_len, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(
reader_thread, FLOW_MEMORY_ALLOCATION_FAILED, "%s%zu", "size", sizeof(*flow_to_process));
return;
}

20
schema/basic_event_schema.json → schema/error_event_schema.json
View File

@@ -4,14 +4,14 @@
"alias",
"source",
"packet_id",
"basic_event_id",
"basic_event_name",
"error_event_id",
"error_event_name",
"datalink",
"global_ts_msec"
],
"if": {
"properties": { "basic_event_name": { "enum": [ "Unknown datalink layer packet", "Unknown packet type" ] } }
"properties": { "error_event_name": { "enum": [ "Unknown datalink layer packet", "Unknown packet type" ] } }
},
"then": {
"anyOf": [
@@ -21,7 +21,7 @@
},
"if": {
"properties": { "basic_event_name": { "enum": [ "Unknown L3 protocol" ] } }
"properties": { "error_event_name": { "enum": [ "Unknown L3 protocol" ] } }
},
"then": {
"anyOf": [
@@ -31,7 +31,7 @@
},
"if": {
"properties": { "basic_event_name": { "enum": [ "Packet too short", "IP4 packet too short",
"properties": { "error_event_name": { "enum": [ "Packet too short", "IP4 packet too short",
"IP6 packet too short", "TCP packet smaller than expected",
"UDP packet smaller than expected",
"Captured packet size is smaller than expected packet size" ] } }
@@ -44,7 +44,7 @@
},
"if": {
"properties": { "basic_event_name": { "enum": [ "Packet header invalid" ] } }
"properties": { "error_event_name": { "enum": [ "Packet header invalid" ] } }
},
"then": {
"anyOf": [
@@ -54,14 +54,14 @@
},
"if": {
"properties": { "basic_event_name": { "enum": [ "Flow memory allocation failed" ] } }
"properties": { "error_event_name": { "enum": [ "Flow memory allocation failed" ] } }
},
"then": {
"required": [ "thread_id", "size" ]
},
"if": {
"properties": { "basic_event_name": { "enum": [ "Max flows to track reached" ] } }
"properties": { "error_event_name": { "enum": [ "Max flows to track reached" ] } }
},
"then": {
"required": [ "thread_id", "current_active", "current_idle", "max_active", "max_idle" ]
@@ -81,12 +81,12 @@
"type": "number",
"minimum": 0
},
"basic_event_id": {
"error_event_id": {
"type": "number",
"minimum": 0,
"maximum": 16
},
"basic_event_name": {
"error_event_name": {
"type": "string",
"enum": [
"Unknown datalink layer packet",

12
test/results/4in4tunnel.pcap.out
View File

@@ -1,19 +1,19 @@
00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"4in4tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1537044271794}
00187{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537044271794}
00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJToWAAA\/wQRSEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGxLmgACAAAEc2wQAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
00187{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537044271794}
00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":5,"global_ts_msec":1537058551803}
00187{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537058551803}
00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRbZwAA\/wSeOUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzGjAACAAAAJvVqAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
00187{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537058551803}
00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":3,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1537082929816}
00187{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537082929816}
00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRsDwAA\/wSNkUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzKXAACAAABmvAmAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
00187{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537082929816}
00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":11,"global_ts_msec":1537138237839}
00187{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537138237839}
00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRnMwAA\/wSSbUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzXzgACAAAE5t9oAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
00187{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537138237839}
00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":14,"global_ts_msec":1537165843864}
00187{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537165843864}
00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJTPEAAA\/wQqkEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGz7LQACAAABZb+KAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
00187{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537165843864}
00471{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":17,"global_ts_msec":1537165843864}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 5/0
@@ -29,4 +29,4 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 192 chars
~~ json string max len.......: 496 chars
~~ json string avg len.......: 344 chars
~~ json string avg len.......: 343 chars

4
test/results/BGP_redist.pcap.out
View File

@@ -1,7 +1,7 @@
00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_redist.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1256636836167}
00187{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":104,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","protocol":34887,"global_ts_msec":1256636836167}
00503{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":163,"pkt_type":34887,"pkt_l3_offset":4,"pkt_l4_offset":0,"pkt_len":163,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"DwCIRwABLf5FwACbk8xAAP8G2sQCAgICBAQEBACz+C\/VqGxJPJL2UFAYP7QOoQAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/wBzAgAAAFxAAQECQAIAgAQEAAAAVkAFBAAAAGTAECAAAgBkAAAEVwAFAAAAAQIAgAAAAAAAAwCAAawQAgEAAIAOIQABgAwAAAAAAAAAAAICAgIAeAABkQAAAGQAAABkqgAAAA=="}
00187{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":104,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","protocol":34887,"global_ts_msec":1256636836167}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3}
00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":159,"pkt_l4_len":135,"thread_ts_msec":1256636836167,"pkt":"DwAIAEXAAJv\/w0AA\/gZtywICAgIFBQUFALPBGWeqNFC\/WbBkUBg\/x6y+AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/AHMCAAAAXEABAQJAAgCABAQAAABWQAUEAAAAZMAQIAACAGQAAARXAAUAAAABAgCAAAAAAAADAIABrBACAQAAgA4hAAGADAAAAAAAAAAAAgICAgB4AAGRAAAAZAAAAGSqAAAA"}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
@@ -21,4 +21,4 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 192 chars
~~ json string max len.......: 679 chars
~~ json string avg len.......: 427 chars
~~ json string avg len.......: 426 chars

24
test/results/ajp.pcap.out
View File

@@ -3,37 +3,37 @@
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584447,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9JcsXbLwAAAACgAjkI5g0AAAIEBbQEAggKTpxp5wAAAAABAwMH"}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584447,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSZfIk6AuuHLF2zCgEjiQFewAAAIEBbQEAggKHlfv2E6caecBAwMH"}
00197{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584447}
00392{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584447,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="}
00197{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584447}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1505154584447,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9JcsXbMJOgLrmAEABzfNQAAAEBCApOnGnoHlfv2A=="}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00197{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584447}
00392{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584447,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="}
00197{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584447}
00197{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584447}
00380{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1505154584447,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYEAAQAYOBKwdCZOsHQmSH0mXyJOgLrlyxds1gBAAcnzPAAABAQgKHlfv2U6caeg="}
00197{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584447}
00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":10,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":57,"global_ts_msec":1505154584448}
00391{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1505154584448,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADnBYUAAQAYN\/qwdCZOsHQmSH0mXyJOgLrlyxds1gBgAcjJ\/AAABAQgKHlfv2U6caehBQgABCQ=="}
00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":10,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":57,"global_ts_msec":1505154584448}
00199{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":11,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":878,"global_ts_msec":1505154584448}
01488{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":912,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":912,"pkt_l4_len":0,"thread_ts_msec":1505154584448,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAA26yzEAAQAYZXqwdCZKsHQmTl8gfSXLF2zWToC6+gBgAc\/j3AAABAQgKTpxp6B5X79kSNAM2AgQACEhUVFAvMS4xAAA0L0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbQAADDE3Mi4yOS4wLjEyOQD\/\/wAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAFAAAA6gBgAKa2VlcC1hbGl2ZQAADUNhY2hlLUNvbnRyb2wAAAltYXgtYWdlPTAAAAZPcmlnaW4AAB5odHRwOi8vc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAABlVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzAAABMQCgDgBpTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjAuMC4zMTEyLjExMyBTYWZhcmkvNTM3LjM2AKAHACFhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAoAEAVXRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgAoA0AW2h0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy9yZWxhdG9yaW9EZU9yZGVtRGVTZXJ2aWNvLnNlYW0\/Y2lkPTY4MDgAAA9BY2NlcHQtRW5jb2RpbmcAAARnemlwAAAPQWNjZXB0LUxhbmd1YWdlAAAjcHQtQlIscHQ7cT0wLjgsZW4tVVM7cT0wLjYsZW47cT0wLjQAoAgAAzIxOQCgCQAySlNFU1NJT05JRD0wODUzOTA3RDhFMzI0Nzc2QTc0QzJBNTBBMzI2NjRFMi4wMDkxNDcAoAsAF3Npc3RlbWFzY2NwLmluZXAuZ292LmJyAAAMWC1JTUZvcndhcmRzAAACMjAABgAGMDA5MTQ3AAoAD0FKUF9SRU1PVEVfUE9SVAAABDU3MDUACgAQSktfTEJfQUNUSVZBVElPTgAAA0FDVAD\/"}
00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":11,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":878,"global_ts_msec":1505154584448}
00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":16,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584448}
00381{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1505154584448,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="}
00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":16,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584448}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584618,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9KcsXbLwAAAACgAjkI5gwAAAIEBbQEAggKTpxp5wAAAAABAwMH"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584618,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSpfIk6AuuHLF2zCgEjiQFesAAAIEBbQEAggKHlfv2E6caecBAwMH"}
00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584618}
00393{"packet_event_id":1,"packet_event_name":"packet","packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="}
00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584618}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1505154584618,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9KcsXbMJOgLrmAEABzfNMAAAEBCApOnGnoHlfv2A=="}
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584618}
00393{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="}
00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584618}
00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":27,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584618}
00381{"packet_event_id":1,"packet_event_name":"packet","packet_id":27,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYEAAQAYOBKwdCZOsHQmSH0mXyJOgLrlyxds1gBAAcnzPAAABAQgKHlfv2U6caeg="}
00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":27,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584618}
00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":29,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":57,"global_ts_msec":1505154584618}
00391{"packet_event_id":1,"packet_event_name":"packet","packet_id":29,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADnBYUAAQAYN\/qwdCZOsHQmSH0mXyJOgLrlyxds1gBgAcjJ\/AAABAQgKHlfv2U6caehBQgABCQ=="}
00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":29,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":57,"global_ts_msec":1505154584618}
00199{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":30,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":878,"global_ts_msec":1505154584618}
01488{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":912,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":912,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAA26yzEAAQAYZXqwdCZKsHQmTl8gfSXLF2zWToC6+gBgAc\/j3AAABAQgKTpxp6B5X79kSNAM2AgQACEhUVFAvMS4xAAA0L0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbQAADDE3Mi4yOS4wLjEyOQD\/\/wAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAFAAAA6gBgAKa2VlcC1hbGl2ZQAADUNhY2hlLUNvbnRyb2wAAAltYXgtYWdlPTAAAAZPcmlnaW4AAB5odHRwOi8vc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAABlVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzAAABMQCgDgBpTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjAuMC4zMTEyLjExMyBTYWZhcmkvNTM3LjM2AKAHACFhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAoAEAVXRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgAoA0AW2h0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy9yZWxhdG9yaW9EZU9yZGVtRGVTZXJ2aWNvLnNlYW0\/Y2lkPTY4MDgAAA9BY2NlcHQtRW5jb2RpbmcAAARnemlwAAAPQWNjZXB0LUxhbmd1YWdlAAAjcHQtQlIscHQ7cT0wLjgsZW4tVVM7cT0wLjYsZW47cT0wLjQAoAgAAzIxOQCgCQAySlNFU1NJT05JRD0wODUzOTA3RDhFMzI0Nzc2QTc0QzJBNTBBMzI2NjRFMi4wMDkxNDcAoAsAF3Npc3RlbWFzY2NwLmluZXAuZ292LmJyAAAMWC1JTUZvcndhcmRzAAACMjAABgAGMDA5MTQ3AAoAD0FKUF9SRU1PVEVfUE9SVAAABDU3MDUACgAQSktfTEJfQUNUSVZBVElPTgAAA0FDVAD\/"}
00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":30,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":878,"global_ts_msec":1505154584618}
00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584618}
00381{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="}
00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584618}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584447,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00470{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":26,"total-skipped-flows":0,"total-l4-data-len":2594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":39,"global_ts_msec":1505154584618}

10
test/results/alexa-app.pcapng.out
View File

@@ -1,9 +1,9 @@
00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"alexa-app.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1490976022526}
00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_msec":1490976022526}
00294{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":20,"pkt_type":6,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":20,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCAAYAAa+BAQA="}
00184{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_msec":1490976022526}
00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_msec":1490976022526}
00294{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":20,"pkt_type":6,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":20,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCAAYAAa+BAQA="}
00184{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_msec":1490976022526}
00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1490976022731,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1490976022731,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":78,"pkt_l4_len":24,"thread_ts_msec":1490976022731,"pkt":"MzP\/0\/vCePiC0\/vCht1gAAAAABg6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/0\/vChwCHAgAAAAD+gAAAAAAAAHr4gv\/+0\/vC"}
00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1490976022731,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
@@ -207,8 +207,8 @@
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043611,"flow_last_seen":1490976043611,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1490976043611,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1490976043611,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1490976043611,"pkt":"AMDKkaPvePiC0\/vCCABFAAA\/WlZAAEARM16sECrYrBAqAalWADUAK0G7veEBAAABAAAAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAE="}
00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043611,"flow_last_seen":1490976043611,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1490976043611,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00190{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":392,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_msec":1490976043617}
00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":392,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1490976043612,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"}
00190{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":392,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_msec":1490976043617}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1490976043811,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1490976043811,"pkt":"ePiC0\/vCAMDKkaPvCABFAABP0pFAAEARuxKsECoBrBAq2AA1qVYAO\/ZCveGBgAABAAEAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAHADAABAAEAAAAbAARIFc6H"}
00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976043811,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"72.21.206.135"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043814,"flow_last_seen":1490976043814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976043814,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -310,8 +310,8 @@
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1490976047908,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976047908,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo4nNAAEAGatesECrYSBXOh6SgAbtFc7N0poZxSlAQAVcJ5AAA"}
00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047858,"flow_last_seen":1490976047908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047908,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":726,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047858,"flow_last_seen":1490976047956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976047956,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00190{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":757,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_msec":1490976048620}
00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":757,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1490976048429,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"}
00190{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":757,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_msec":1490976048620}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976054009,"flow_last_seen":1490976054009,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976054009,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1490976054009,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976054009,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8L1JAAEAGF52sECrYNF7ohrJ3AbtDNXw1AAAAAKAC\/\/+MNwAAAgQFtAQCCAoA9lNnAAAAAAEDAwg="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1490976054070,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976054070,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwt0ZAAOcG6LM0XuiGrBAq2AG7snc6VHcpQzV8NnASH\/5LIgAAAgQFtAEDAwY="}
@@ -548,8 +548,8 @@
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1503,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":3,"flow_last_seen":1490976093486,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976093486,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8bNAAEAGXN+sECrYsCBlNKvhAbv82ZN2gXVAtlAQAVfCJwAA"}
00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1504,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976093358,"flow_last_seen":1490976093491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976093491,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01451{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976093358,"flow_last_seen":1490976093953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3594,"flow_avg_l4_payload_len":449,"midstream":0,"thread_ts_msec":1490976093953,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","server_names":"dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com","fingerprint":"27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C"}}
00191{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1524,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_msec":1490976094729}
00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":1524,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1490976094725,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"}
00191{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1524,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_msec":1490976094729}
01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1586,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976088937,"flow_last_seen":1490976099286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":802,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1490976099286,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1598,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976100559,"flow_last_seen":1490976100559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976100559,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1598,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1490976100559,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976100559,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8EgZAAEAGAiWsECrYNu8YuoUZAbtS0XeRAAAAAKAC\/\/9pqQAAAgQFtAQCCAoA9mWXAAAAAAEDAwg="}

876
test/results/anydesk-2.pcap.out
View File

File diff suppressed because one or more lines are too long

200
test/results/badpackets.pcap.out
View File

@@ -1,206 +1,206 @@
00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"badpackets.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1495451029466}
00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":237,"global_ts_msec":1495451029466}
00627{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":271,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcP1QgAOcRe9CDTlH+zLpQ5QA1zGcGtUqtAWiFkwABAAAADAABC3BobDFzcHJ0MTA4AmFkA2RsYQNtaWwAAAEAAcAbAAYAAQAAAh0ALQhlYWdsZWliMcAYC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAh0AmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="}
00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":237,"global_ts_msec":1495451029466}
00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":271,"global_ts_msec":1495451030401}
00671{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":305,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc9nogAOcRxKmDTlH+zLpQ5QA1PsIG13F6XwyFkwABAAAADAABC3BobDFzcHJ0MTA4BGRhYXMDZGxhA21pbAAAAQABwBgABgABAAAAbgAwCGVhZ2xlaWIxAmFkwB0LcmFuZHkuc21pdGjAHQExm5UAAAC0AAAAEgAJOoAAAAOEwBgALgABAAAAbgCgAAYIAwAAALRZLyttWSHuXTGGBGRhYXMDZGxhA21pbABfZgMcUaz74\/opjmPI6fIN7S4Ga9GN4s2JVqvb0uXXvbdLi9ee5JaFRYVlFB0RVerGRt3pX5esuSlY9ySHVHjOBX09ZI1nwdlSMxmFBY9ZemmmfYIR43tvzwqFnbufNVeL7\/vc0q83XBfNipWbDRE5bz+qVR8="}
00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":271,"global_ts_msec":1495451030401}
00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":161,"global_ts_msec":1495451039146}
00528{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":195,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc+0kgAD4R+SzH+X0BzLpQ5QA17UEGadbGg\/+EAAABAAcAAAABAmFjAmluAAAwAAHADAAwAAEAAAOEAIgBAAMHAwEAAaeWg1I7aL35m5DCbWdqIX1+dVtvwe4HaQJz7QrnwC+P8\/7Gi54fYbmoWgZ9BgFy+rRM5fLeLdyqgaAlGaU+qP7EB\/v\/pv\/GHQKcotJZ+biekG9TccSc6BYmV0hXKBRudE\/xZj\/qEl0HEAn3LKZa"}
00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":161,"global_ts_msec":1495451039146}
00231{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","size":46,"expected":60,"global_ts_msec":1495451051753}
00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcmCogADkR555F\/HiszLpQ5QA15twF1D2Yf1WEAA=="}
00231{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","size":46,"expected":60,"global_ts_msec":1495451051753}
00204{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":12,"global_ts_msec":1495451051753}
00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcmCogADkR555F\/HiszLpQ5QA15twF1D2Yf1WEAA=="}
00204{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":12,"global_ts_msec":1495451051753}
00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":242,"global_ts_msec":1495451098935}
00633{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":276,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc\/u8gAOcRvDSDTlH+zLpQ5QA1ofQGuiMOhg6FkwABAAAADAABDG5jYjFzZHYwMDcyMQNkaXICYWQDZGxhA21pbAAAAQABwCAABgABAAAAmQAtCGVhZ2xlaWIxwB0LcmFuZHkuc21pdGjAIHeyKSsAACowAAAEOAAJOoAAAAOEwCAALgABAAAAmQCbAAYIAgAAA4RZL+jmWSKr1jYkA2RsYQNtaWwAQ+NjrNptV+b2\/CTqZKH2biSP27tkOWTGq2KCUhlOH9E41MLSOk2lCYL6smDX5fmm1zJuobp2dyrUo+9Imrd8bXDxUMgbvMl\/t\/ob2CKRj1UwIaYHEuWwq3LEc5Fr"}
00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":242,"global_ts_msec":1495451098935}
00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_msec":1495451112063}
00502{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1QgADURSISMrBHtzLpQ5QA1RHoMIdhWPYOEEAABAA0ABAANCGVkZ2UtaGRxA3dvYwRub2FhA2dvdgAAAQABwAwABQABAAABLAAMB2VkZ2UtcDEBbMAZwAwALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgAf19hoQ062mEgmdReiMHoN\/8sTkGCL+YszFpFSC7g="}
00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_msec":1495451112063}
00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":469,"global_ts_msec":1495451113347}
00939{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":503,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":503,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAAgADIR1DehNyACzLpQ5QA1P3oNZUi5Fp+EEAABAA8ABAANA3d3dwRzd3BjBG5vYWEDZ292AAABAAHADAAFAAEAAVGAAA8IZWRnZS1ud3MDd29jwBXADAAuAAEAAVGAASEABQUEAAFRgFkri7dZIlE3vjIEc3dwYwRub2FhA2dvdgAj4QRDWjZKG5AY0wcqp07zy2N5LWrEg0t\/4W81\/I\/yU9kryWY5M6hQke0XIJhE4dUH120W7nAkWxQJVaZyLoMQin38ZiK2SNs\/MeioL4jAC1CzjiZ9JGBmrvUXfwx4WjCIZO3AWpZFqZpBYNrilA5xXqA6vClBMfN6kWmnwyqYMUdmG8SPzKDGLoKCurB88lxuBmDxFiEc7IRKwyXcJ47WkYAmncTdtBPbcng8wUk\/OSHputwVXEiz+4Hi1YSwyaZ\/bR92tO2XAf2y65TJB549EX80zlNliCWrbo6CKiF1dSuOYR0v1cuBHf05mH4wAy8XKl6vLSm5lJ0SyJmHuu8SwC8ABQABAAABLAAMB2VkZ2UtcDEBbMBhwC8ALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgCQTrqAqFPUlwzaSBYq8hc48+OOYcX3TV6bWxXaYm8="}
00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":469,"global_ts_msec":1495451113347}
00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":329,"global_ts_msec":1495451113448}
00748{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":363,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAEgADIR1DahNyACzLpQ5QA1FAoM2VerW6eEEAABAAYABAANA3d3dwNvcGMEbmNlcARub2FhA2dvdgAAAQABwAwABQABAAABLAAJBm9yaWdpbsAQwAwALgABAAABLAEhAAUFBQAAASxZK4tpWSJQ6VBkBG5jZXAEbm9hYQNnb3YAvM3K1OBR2VQQj4QVOGZxr6WG5B4+fABWkfGP1KGkGFsR4zOi7Eo7vmr2TJiaR66HfSMoitVNm4kwmQeusE1J+sPLARPh02h5Z1H+HsQ2b48KB6bVXbum1BeZX4yX1eoeScXJkBrFAe8F6pDF+Ml8UnuCbXzf+\/NtRUw9ZGk\/b8n+GLS5YEkLV6tINZ1NF7znVhYpo87DIH1d72melFmv8f65eH1mu6AzkUXSI502HCpox0\/KLdxxAP64c2LL03iQVYlgYQmiBnMT8YejrLi9PuDdsHa5wauH"}
00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":329,"global_ts_msec":1495451113448}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":9,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1160,"global_ts_msec":1495451113710}
01868{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1194,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAIgADIR1DWhNyACzLpQ5QA1\/wMKUGaWU+KEEAABAAIABAANA3d3dw9saWdodG5pbmdzYWZldHkEbm9hYQNnb3YAAAEAAcAMAAEAAQAAASwABIxaccjADAAuAAEAAAEsARwAAQUEAAABLFkri31ZIlD9PnMEbm9hYQNnb3YAFBTQGedUPGXlY8bN43JvkPLP\/vLkCv4PmFD+Yp\/wKTn0+3B8hqXsIbo6jgqCi3hM+7l3yndT6nZEOODHtVyiul17+C7883eqnN76iy6lo9R1eEKHDTvsvSdJsQx2dFH5NYDWOOjTdL3jybIGoJFlbIi+hHfzKdzFb0fO0kDYAdFs0mGEVvk\/ydoCnsE67n5RXLgALUI8enDF8d5JUZ3gz4Jmmium7SfonREBNj5MfQvR1R1JvVYPQQEWggJtIusb+MaDn2Gu7eaN7\/yF8WIh6HnwxWN7Z+YBGUTnTr0qXbOrrAMUycgB\/+tQ+zRqQIpZcUyO0tGVISl48WAUZAKbu8BcAAIAAQABUYAACAVucy1td8BcwFwAAgABAAFRgAAIBW5zLW53wFzAXAACAAEAAVGAAAcEbnMtZcBcwFwALgABAAFRgAEcAAIFAgABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AH\/\/EM5XxGUAJzS0k3FL5gqwtJA4FBuTo0uxBkbdgNOM7eIqyHshwuqLDq45ztJouzzqb5\/+QwdCyRboRA6YQcMyduo30hAwZBPjCwFtGtCbCO0zddpUh\/DZBFgSPh2dFJqb9c9JuhHoz3+E4Y9URJn+5DpaoXNsnl89Rx6siUb+Rihm7C+Vk315amYja69lUQmg3PNcdUVXF76DLNDZ9f0J\/NtTrjCtrMqxXjzjQDEOf1LyNKCNPvCsDV8BtRjU3VnXwwNw9fAKyA0zjlIJMDcZHgtkbmrTB9mFGy8tMxbqfFpB+6mG8tYtHiQWLDq6x9iFxvHJ7caHhZ1nCy6pTLXBmgABAAEAAVGAAASMWiHtwZoAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8FyAAEAAQABUYAABIysEe3BcgAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wYYAAQABAAFRgAAEoTcgAsGGABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBmgAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GaAC4AAQABUYAB"}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":9,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1160,"global_ts_msec":1495451113710}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":10,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":366,"global_ts_msec":1495451113809}
00802{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":400,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAQgADIR1DOhNyACzLpQ5QA1Z54M\/oF1LsqEEAABAAYABAANA3d3dw9hdmlhdGlvbndlYXRoZXIDZ292AAABAAHADAAFAAEAAAB4ABwPYXZpYXRpb253ZWF0aGVyBG5jZXAEbm9hYcAgwAwALgABAAAAeAEnAAUFAwAAAHhZK4siWSJQoibZD2F2aWF0aW9ud2VhdGhlcgNnb3YANj2uOA0qhMT+eoVBqvrrykuNqwkPVt8jdEhzF2Xc5aVSTWD5VljYyQWYC5vB2Pco+JCgeS7v+6P3ExqHKmNR0+\/rk7b14BLW1\/5AmNi\/7vapdiTq7yn43bnad9VKhNoyKYZcBBZ1b9tNkBEnELdSDbcDAQG053jlJWYvGHyMMJCHtDL+CPBtpJodRAacY+oZWSnBeiVMlLUCIdwUfsdnq5J46wTjS8+g3ZKLn4UR1XowHnaGOySsUz9hWM4CwtpTsVExgrAuWZ3ZCQmSQcr07tJKgCI7moO7D0IOvF0jbYwvdg=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":10,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":366,"global_ts_msec":1495451113809}
00232{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","size":59,"expected":60,"global_ts_msec":1495451113881}
00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAUgADIR1DKhNyACzLpQ5QA1J78LqfTQ7QyEEAABAAQABAAND2F2aWE="}
00232{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","size":59,"expected":60,"global_ts_msec":1495451113881}
00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":25,"global_ts_msec":1495451113881}
00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAUgADIR1DKhNyACzLpQ5QA1J78LqfTQ7QyEEAABAAQABAAND2F2aWE="}
00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":25,"global_ts_msec":1495451113881}
00232{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","size":52,"expected":60,"global_ts_msec":1495451113931}
00332{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1ggADURSICMrBHtzLpQ5QA156AF2iNRhq2EEAABAAUAAA=="}
00232{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","size":52,"expected":60,"global_ts_msec":1495451113931}
00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":18,"global_ts_msec":1495451113931}
00332{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1ggADURSICMrBHtzLpQ5QA156AF2iNRhq2EEAABAAUAAA=="}
00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":18,"global_ts_msec":1495451113931}
00207{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":13,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1159,"global_ts_msec":1495451113998}
01872{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1193,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs9cgADgR3VKMWiHtzLpQ5QA1zoEKT2TtZcOEEAABAAIABAANA2xiMwRub2RjBG5vYWEDZ292AAABAAHADAABAAEAAAJYAASMWusrwAwALgABAAACWAEhAAEFBAAAAlhZK4uEWSJRBKt+BG5vZGMEbm9hYQNnb3YAhdURPDXBvcbzg1l\/P4qdc3ehRb89ofPJw8vL9RtggwAs8+7Az1qJ5M1Ux+8oZ8zHN5D0+c3BNJjQUPVveXspLDCZdxRFo+1RK\/tIlQre9Z6oXyBunsD3VON8J6JqaO9QLW\/+N+v0+3k4JQ9jEXRD+gylLnNEC4jSZM\/eEVcWh8\/Z\/hQiQb73n\/IE05pfqtTEC1C28x4rjMLnWyPcsUNmAQ1wIIVqzpP6A5VTnvp4RsDzlI9MxhvYxC13eFkguAyj4PpKGJ96o+9WpCrhjrZ5Qe97GjxQ4mnxF+La4DD1K7LlHpU2xfdLMaXTNnb3xrtp8tFG6AyME9mAN3ydsa2necBRAAIAAQAAAlgACAVucy1td8BWwFEAAgABAAACWAAHBG5zLWXAVsBRAAIAAQAAAlgACAVucy1ud8BWwFEALgABAAACWAEhAAIFAwAAAlhZK4uEWSJRBKt+BG5vZGMEbm9hYQNnb3YAPu1CKNIp6mLVE1SewqKYDKAuMQAxscJGLV3f6RN5\/1\/zVgPiH7\/AAxiJPf5SqJZzB9ypQ5Q0SJU+u+qo4UNT2A9ZikHLsvZpu3XY7qllQDLKzFsdAlym\/205od0dRRYpJQQB+XO+nZdpRMc7hCOpc4LOfHHMxA20k1GcxwGN4I6+Yn7DCzd2AzmEcNA6sRAh18oRWpULvUa3Zs5aU9AnCawyL0iB3kXc34Hs5uavwPC1Ojau\/6b8vUkP2tuAEGoEy3ndP2uce\/kL5JrjxLYplDVGCuFeAhL5JD4BC1aJIZENCvxRzhQduD0s4HR+6oKQ1lWxPgH7SZ2ACg0k6rI408GAAAEAAQABUYAABIxaIe3BgAAcAAEAAVGAABAmEAAggACMAAAAAAAAAAI3wWwAAQABAAFRgAAEjKwR7cFsABwAAQABUYAAECYQACCIAIwAAAAAAAAAAjfBkwABAAEAAVGAAAShNyACwZMAHAABAAFRgAAQJhAAIIwAjAAAAAAAAAAAAsGAAC4AAQABUYABHAABBQMAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgAdPG7ehO6IW4WIIulOX8wrz0E30kEaN8pVRkAXeBkIqEzDHfgYVK0sdZ5efJzSOnPqgHdQqhZhaojOXm4uaRNV0BM7TnAaFGReahEW+oclDj1FD6kFM2+O9+xmO3izFYVoFfp1wzvVgLlshXbzWEUiyetInv1BKKFIEeJ5LL23lhMaUXksImKM0RYQcljEMgPUzNr61cp01clYduRCFDBE8koZf3WOqAU+XPiGZ+N7vs+u0ppQnyHl4Ckwf6Bo1ew0W\/NXecH7qQZVe\/ZVZVdU9cjdfMwVrwIodtisUZ3ssnh\/k8UHvbkkIHFNDgp4Q64ETRZdWoT1WgrW5igHg8ArwYAALgABAAFRgAE="}
00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":13,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1159,"global_ts_msec":1495451113998}
00207{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":14,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1152,"global_ts_msec":1495451114040}
01865{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1186,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1kgADURSH+MrBHtzLpQ5QA18VcKSC9N\/PmEEAABAAIABAANC2Zsb29kc2FmZXR5BG5vYWEDZ292AAABAAHADAABAAEAAAEsAASMWnHIwAwALgABAAABLAEcAAEFAwAAASxZK4t9WSJQ\/T5zBG5vYWEDZ292AI8NxE24xoB5Eg9dMdW2i2Wbnp7WAjJSEPfx6q6WNvQlvElWxcN5ImSIEBkCrx36XB+4y7FQRSHAcJfGmrEujeIG4vm2iak4\/iZ8q6dmad9UZqsYw7xMfUiMET9ynUM9tfbf26FoVrC7jqPoXd\/CLZ2MXGmkMAEGsqydhYm\/5Owhr1bdMagm+9i4eFaCOhOwLA5ytPfBpqddYO4P6KxfzWofdME7xL026plG7g0aOG4GcHKq2yCkGN\/td2KW3STw7Yn3EkgDcCQ9GkTH0mNpchsIxkxjSxGtSeHI3BNNToabK8Bt8I+qEmB2t+Dviv1HzjwGjXetcCij9X+FGH0VoGjAVAACAAEAAVGAAAgFbnMtbXfAVMBUAAIAAQABUYAACAVucy1ud8BUwFQAAgABAAFRgAAHBG5zLWXAVMBUAC4AAQABUYABHAACBQIAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgB\/\/xDOV8RlACc0tJNxS+YKsLSQOBQbk6NLsQZG3YDTjO3iKsh7IcLqiw6uOc7SaLs86m+f\/kMHQskW6EQOmEHDMnbqN9IQMGQT4wsBbRrQmwjtM3XaVIfw2QRYEj4dnRSam\/XPSboR6M9\/hOGPVESZ\/uQ6WqFzbJ5fPUcerIlG\/kYoZuwvlZN9eWpmI2uvZVEJoNzzXHVFVxe+gyzQ2fX9CfzbU64wrazKsV4840AxDn9S8jSgjT7wrA1fAbUY1N1Z18MDcPXwCsgNM45SCTA3GR4LZG5q0wfZhRsvLTMW6nxaQfuphvLWLR4kFiw6usfYhcbxye3Gh4WdZwsuqUy1wZIAAQABAAFRgAAEjFoh7cGSABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBagABAAEAAVGAAASMrBHtwWoAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8F+AAEAAQABUYAABKE3IALBfgAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwZIALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBkgAuAAEAAVGAAQ=="}
00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":14,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1152,"global_ts_msec":1495451114040}
00207{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":15,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1159,"global_ts_msec":1495451114042}
01871{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1193,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1ogADURSH6MrBHtzLpQ5QA13wAKT4pfTrqEEAABAAIABAANA3ZsYgRuY2RjBG5vYWEDZ292AAABAAHADAABAAEAAA4QAATNpxlkwAwALgABAAAOEAEhAAEFBAAADhBZKcVTWSCK0x9HBG5jZGMEbm9hYQNnb3YAX+ROMTDmu2LvY14SfjFGvi3WEW6+STJjZDx4ISbi+8Up66dG\/bw1go3rWtgRYv32inrUxVD+E4qN4O65GyWgncqxzNBHyqogKfZU9dx9y+PqIoQ+ar6wCBaZMeRlZ2H\/KAZm9VZJdIYSfT7rg8tylzg1ByKUx\/dM58k4tzq01zWfvvdDqlgyS\/7dfwH3Cx0Q3tKk8RttgwJo0iMxQWM\/AbIcQHtWikYNLoiBlgpKokdUg9fvMXVaU6C7Dli78cCopcGhFjDJKTKGsg8VZwPKF9jhIvdYxA+Q0I24PRjdqFWpLctR\/ZrlwtAdX59WvQRCsyLHS7xFl+DxalLuB\/SgjMBRAAIAAQABUYAABwRucy1lwFbAUQACAAEAAVGAAAgFbnMtbXfAVsBRAAIAAQABUYAACAVucy1ud8BWwFEALgABAAFRgAEhAAIFAwABUYBZKcVTWSCK0x9HBG5jZGMEbm9hYQNnb3YAmWRe9VtNaGu5X49TFlABbU\/pql1LRAtlNRRYPZA76YNivdumGQu4wVgBmCm+hYA4u\/HWo\/sXy+OjhkGg69foZAZZApULWjIwIoUuPmRWXN7SuPsCbcxc2lz03QGkeHWcv53g7lGYu11y+pQHMJSB5g8OgwFH1IpZebWevGbH01CETWP8X15qQ1Si4Mg+CLVxJUTEjQ+X3iu+vEJrye6jYg4+V8n1uXRhP1XaMIy9guTSW+vZMz5uu3LssrCEsl8FV2QPvYCNY6ShsKFc9MUOedVXQ3fLqRmhLx+5ICURO9pKmtWRUtZLxMAKiuJMWwbJBHU0oQ\/4Oz18pihCuPdUXcFsAAEAAQABUYAABIxaIe3BbAAcAAEAAVGAABAmEAAggACMAAAAAAAAAAI3wX8AAQABAAFRgAAEjKwR7cF\/ABwAAQABUYAAECYQACCIAIwAAAAAAAAAAjfBkwABAAEAAVGAAAShNyACwZMAHAABAAFRgAAQJhAAIIwAjAAAAAAAAAAAAsFsAC4AAQABUYABHAABBQMAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgAdPG7ehO6IW4WIIulOX8wrz0E30kEaN8pVRkAXeBkIqEzDHfgYVK0sdZ5efJzSOnPqgHdQqhZhaojOXm4uaRNV0BM7TnAaFGReahEW+oclDj1FD6kFM2+O9+xmO3izFYVoFfp1wzvVgLlshXbzWEUiyetInv1BKKFIEeJ5LL23lhMaUXksImKM0RYQcljEMgPUzNr61cp01clYduRCFDBE8koZf3WOqAU+XPiGZ+N7vs+u0ppQnyHl4Ckwf6Bo1ew0W\/NXecH7qQZVe\/ZVZVdU9cjdfMwVrwIodtisUZ3ssnh\/k8UHvbkkIHFNDgp4Q64ETRZdWoT1WgrW5igHg8ArwWwALgABAAFRgAE="}
00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":15,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1159,"global_ts_msec":1495451114042}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":16,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_msec":1495451114337}
00502{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW14gADURSHqMrBHtzLpQ5QA1cdYMIeseCHyEEAABAA0ABAANCGVkZ2UtbndzA3dvYwRub2FhA2dvdgAAAQABwAwABQABAAABLAAMB2VkZ2UtcDEBbMAZwAwALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgCQTrqAqFPUlwzaSBYq8hc48+OOYcX3TV6bWxXaYm8="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":16,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_msec":1495451114337}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":17,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_msec":1495451114364}
00503{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAogADIR1C2hNyACzLpQ5QA1Q\/EMIbPPgtyEEAABAA0ABAANCGVkZ2UtbndzA3dvYwRub2FhA2dvdgAAAQABwAwABQABAAABLAAMB2VkZ2UtcDEBbMAZwAwALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgCQTrqAqFPUlwzaSBYq8hc48+OOYcX3TV6bWxXaYm8="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":17,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_msec":1495451114364}
00207{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":18,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1156,"global_ts_msec":1495451114389}
01865{"packet_event_id":1,"packet_event_name":"packet","packet_id":18,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1190,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsA0gADIR1CqhNyACzLpQ5QA1Q5YKTHldtTaEEAABAAIABAANA3d3dwtyaXBjdXJyZW50cwRub2FhA2dvdgAAAQABwAwAAQABAAABLAAEjFpxyMAMAC4AAQAAASwBHAABBQQAAAEsWSuLfVkiUP0+cwRub2FhA2dvdgBux3u1kqhoa2542f5VfZyNoS158qaQHxQC5yl\/X1HYHlN9OKFD2TTtS4MZKS2ZLbvQB5eqC\/5Riya4tMHEv+9kjK+XtBF7Rj7yVxMulYYVKJY1yrzk9A\/DMfiIWTmC3qviPxuqYkAT5W+fAOD4Nsy\/5JE6hIu89v+rqG\/Z8kfURtGsfsnMCQfSTMP2AXbh6JHaVQaDQaVNy0gDeBqDP1Owy3kJn4t100KGsy2p4xGQ0JUhkDuTy2t3fY6FBUSyoy0avo4Kb7JFJHys5VrqR44WISsO3GrLnTJtfVwBE9Pr\/BpNps2Jko7Ht0KLwUiDWgVCGdLvJTwQLCElPL9pPjkswFgAAgABAAFRgAAHBG5zLWXAWMBYAAIAAQABUYAACAVucy1ud8BYwFgAAgABAAFRgAAIBW5zLW13wFjAWAAuAAEAAVGAARwAAgUCAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAf\/8QzlfEZQAnNLSTcUvmCrC0kDgUG5OjS7EGRt2A04zt4irIeyHC6osOrjnO0mi7POpvn\/5DB0LJFuhEDphBwzJ26jfSEDBkE+MLAW0a0JsI7TN12lSH8NkEWBI+HZ0Umpv1z0m6EejPf4Thj1REmf7kOlqhc2yeXz1HHqyJRv5GKGbsL5WTfXlqZiNrr2VRCaDc81x1RVcXvoMs0Nn1\/Qn821OuMK2syrFePONAMQ5\/UvI0oI0+8KwNXwG1GNTdWdfDA3D18ArIDTOOUgkwNxkeC2RuatMH2YUbLy0zFup8WkH7qYby1i0eJBYsOrrH2IXG8cntxoeFnWcLLqlMtcFuAAEAAQABUYAABIxaIe3BbgAcAAEAAVGAABAmEAAggACMAAAAAAAAAAI3wZUAAQABAAFRgAAEjKwR7cGVABwAAQABUYAAECYQACCIAIwAAAAAAAAAAjfBgQABAAEAAVGAAAShNyACwYEAHAABAAFRgAAQJhAAIIwAjAAAAAAAAAAAAsFuAC4AAQABUYABHAABBQMAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgAdPG7ehO6IW4WIIulOX8wrz0E30kEaN8pVRkAXeBkIqEzDHfgYVK0sdZ5efJzSOnPqgHdQqhZhaojOXm4uaRNV0BM7TnAaFGReahEW+oclDj1FD6kFM2+O9+xmO3izFYVoFfp1wzvVgLlshXbzWEUiyetInv1BKKFIEeJ5LL23lhMaUXksImKM0RYQcljEMgPUzNr61cp01clYduRCFDBE8koZf3WOqAU+XPiGZ+N7vs+u0ppQnyHl4Ckwf6Bo1ew0W\/NXecH7qQZVe\/ZVZVdU9cjdfMwVrwIodtisUZ3ssnh\/k8UHvbkkIHFNDgp4Q64ETRZdWoT1WgrW5igHg8ArwW4ALgABAAFRgAE="}
00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":18,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1156,"global_ts_msec":1495451114389}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":19,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_msec":1495451114409}
00502{"packet_event_id":1,"packet_event_name":"packet","packet_id":19,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsA4gADIR1CmhNyACzLpQ5QA1XMQMIcjtVOuEEAABAA0ABAANCGVkZ2UtbndzA3dvYwRub2FhA2dvdgAAAQABwAwABQABAAABLAAMB2VkZ2UtcDEBbMAZwAwALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgCQTrqAqFPUlwzaSBYq8hc48+OOYcX3TV6bWxXaYm8="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":19,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_msec":1495451114409}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":20,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":467,"global_ts_msec":1495451114477}
00936{"packet_event_id":1,"packet_event_name":"packet","packet_id":20,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":501,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2EgADURSHeMrBHtzLpQ5QA1hSENY4PPmWmEEAABAA8ABAANA3d3dwRnb2VzBG5vYWEDZ292AAABAAHADAAFAAEAAVGAABILZWRnZS1uZXNkaXMDd29jwBXADAAuAAEAAVGAARwABQUEAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAmB+rNTTf9y2fL9huXtwXacy3dpdAU\/FF66y0T2Abh4gJ4oqoROLCskJvvn3j9VXRYvVuHgr\/e97Co5990baGGvZb+DvhgSBtQA0XDhAbhT4IGku7L7hKoOqCPzJ2xMN4lERF15hNGRqg\/cT5v5CgilDGweZpWDYW20FvCYF4m8AGKWztxWEdpdH2c13sLamLNmDpbsiDeUYVinK+o0nUucS9JVb7qjOM60ITS257sC9GnrEJqXc7E0PqTUPhbrT8oM6CmNCpuj24P56BqqMr1XKbdWFuIo37YO1g0eKMEI09l2QWTwRGahH71x3X3yh\/Irc0cgLSM9Wcphsq4AONbsAvAAUAAQAAASwADAdlZGdlLXAxAWzAX8AvAC4AAQAAASwBIAAFBQQAAAEsWSuLyFkiUUi\/jgN3b2MEbm9hYQNnb3YAHVR1NQXRWlbpbPXbpQ4K7jGWLXOoK18x\/MZgCtt9"}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":20,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":467,"global_ts_msec":1495451114477}
00232{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","size":52,"expected":60,"global_ts_msec":1495451114592}
00332{"packet_event_id":1,"packet_event_name":"packet","packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2IgADURSHaMrBHtzLpQ5QA1ue4F2rYkIYyEEAABAAUAAA=="}
00232{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","size":52,"expected":60,"global_ts_msec":1495451114592}
00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":18,"global_ts_msec":1495451114592}
00332{"packet_event_id":1,"packet_event_name":"packet","packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2IgADURSHaMrBHtzLpQ5QA1ue4F2rYkIYyEEAABAAUAAA=="}
00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":18,"global_ts_msec":1495451114592}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":22,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":350,"global_ts_msec":1495451120530}
00775{"packet_event_id":1,"packet_event_name":"packet","packet_id":22,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":384,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcvvQgADsRTzWcmpGtzLpQ5QA1p0MHJt5xE1qEAAABAAgAAAABA3VubwAAMAABwAwAMAABAAAcIACIAQADCAMBAAG4yfLJ+odI0NYhmvuEYusTX3PMFSgpFuzmz0UAbcsB7BQkNbURzRziXs3Eo+Y4VAvQbBXZ7ZrIhm7e5Kv05B9ITQPXR8mAKN+eP4XS24qX5yxLTJr1BHYcwjbMHD11lKYei8h3x0IL84h+CJR9MkSjpkX65W1xs0ZDKrBsVj+sP8AMADAAAQAAHCABCAEBAwgDAQAB7AsXAeKN3QmGY7+Xpe0mfMtRzSIrdueZqhbVPuuuqzzkGlfKN+qx6PtpXxVkUMnMYiEn3FO6H3aNHnpkDL273LzrNhBMH62l5Tf14gZ7\/YEClmhlbBKDGSaiQipf0qYB+3KlSnlFkNTZQTPpSS2skfRrrwaSrIFrBnPy65VNup0b0nKjYyVw623MNxZMGgFjsX8veogoAKeS"}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":22,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":350,"global_ts_msec":1495451120530}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":23,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":725,"global_ts_msec":1495451125221}
01282{"packet_event_id":1,"packet_event_name":"packet","packet_id":23,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":759,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":759,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcooIgADMRE+aBBg0DzLpQ5QA1SmkInV2uJjOEEAABAAMABAANA3d3dgRuaXN0A2dvdgAAAQABwAwAAQABAAAHCAAEGDiyjMAMAC4AAQAABwgAnAABBwMAAAcIWSp+wlkhOKFNKgRuaXN0A2dvdgBIYUso1Tbe3YPWKI6pKsnK39L0ZR+Wo84lp69g80vFD15mFzrNg7EcUCLsnkMlQJbHqK3QN0QeDzdgWJzEtkF4C3gfcuiYqpNzLzSbOaI8qMLYR3iAIZ82fx0LiQg0fj\/UhXahd9c0eXrYwc69KuT3ZZpBmxsvQGSbA79dTk2IcMAMAC4AAQAABwgAnAABBwMAAAcIWSp+wlkhOKFp9QRuaXN0A2dvdgB2VIO3XeASYXoMskLY5BdTHuMWk0C0lo9NqfSeSNpiocAUe4wjG0pSKGWTvO9v14o3ES1dQF\/lRDDzLvndMmBTSk8OUc6DZkYg\/xkANFcnfu1rJX71cI8qZoMAtFPuJG+OdrjwY3UO+gUW81AuHH3Rvj37sLrgU6NYwdvHL8cSF8D0AAIAAQAABwgABgNnZWHA9MD0AAIAAQAABwgABgNiZWHA9MD0AC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpNKgRuaXN0A2dvdgB\/AugCl6Rz+sTdMBLd\/b9WzbTmwtSJRElGSiFaNkIXGL85DwZ8CN5XIraessCeREIcUwZxVSCZqTN+jQfSqvs0RCCsELGmZy1\/6te8q\/BHGZ6r5Yfp\/FixyK0YEzCx9kE6yxKwCHgAiZ9RYjXpdk7jwKD9iHCh9psgrmi4EqWisMHAAC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpp9QRuaXN0A2dvdgClTY7jIx2EAO1rRXMS+rZG5e8+PelDpKXOMRzGWIjrQbBJVXqIaZDLeBgBTWgx3tBkiLlUy1bOdR3MF5sPTTggHRJuEc8rRcMhHY6s0g2zr9CNylE8o5Mcs+HT"}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":23,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":725,"global_ts_msec":1495451125221}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":24,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":219,"global_ts_msec":1495451143643}
00602{"packet_event_id":1,"packet_event_name":"packet","packet_id":24,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":253,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFKAXcix5gAPYRtKqAcIEPzLpQ5QA1PwIGo6sTVh2EEAABAAEABgAPBmdpdmluZwlwcmluY2V0b24DZWR1AAABAAEGZ2l2aW5nCVByaW5jZXRvbgNFRFUAAAEAAQAAqMAABEtlhE3ALQACAAEAAqMAAA0FYWRuczEEdWNzY8AdwC0AAgABAAKjAAAYBWF1dGgyA2Rucwhjb2dlbnRjbwNjb20AwC0AAgABAAKjAAALCGRpa2FoYmxlwC3ALQACAAEAAqMAAAgFYXV0aDHAdcAtAAIAAQACowAACAVhZG5zMsBcwC0AAgABAAKjAAAGAw=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":24,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":219,"global_ts_msec":1495451143643}
00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":25,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":36,"global_ts_msec":1495451144693}
00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc8l4gADcRrZWY2AelzLpQ5QA1QFwLtGqgHLSEAAABAAIABQAQAnNhBHd3dzQDaXJzA2dvdg=="}
00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":25,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":36,"global_ts_msec":1495451144693}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":26,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":816,"global_ts_msec":1495451150025}
01407{"packet_event_id":1,"packet_event_name":"packet","packet_id":26,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":850,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":850,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcp70gADMRDquBBg0DzLpQ5QA1tIMI+JbQPi6EEAABAAMABQANBG5pc3QEdGltZQNnb3YAAAEAAcAMAAUAAQAABwgAEAR0aW1lA2dsYgRuaXN0wBbADAAuAAEAAAcIAJwABQcDAAAHCFkqyCtZIYRnjJkEdGltZQNnb3YAqr9jxTZXybcXnuCzjwFwvmFI+Ze7+m+rSWmDSn1MGMydCqolZgbVKJgNgG1S4zXIK8pdBL562Arwa55agW7HdTeBY84CmqWupq562AYDen9j\/fcu4j8dUrr0Np5qd65iLfnFlqyyY1lwhO5MLHlBGeFoLloqXXTeoUcgip7f3svADAAuAAEAAAcIAJwABQcDAAAHCFkqyCtZIYRno1UEdGltZQNnb3YA1mVm7+rmIQsKL0j8gZgmJcKynM3ZMQd2XdMAq44akLYox+waENon7a\/NmZaeWbIVHTDHZNuDBA9d3DqfTwZmq6tNJfokzKjG5g+KihH2Xa4Kp9wiLwRswtv6QxM2Qg5XcrAKw8x7jBKYqECsGcjybhwp76K9osOWdUlx9tS+dNnAMAACAAEAAAcIAAcEZ3RtZ8A0wDAAAgABAAAHCAAHBGd0bWLANCBWQ0xEQlZEM045OVFSSElHTFY5UVFBRkUxRFU3UEJOTMA0ADIAAQAAASwAHwEAAAoCf28U+zG4nx40du+nR\/TU4M0oy+4k6+cAASDBsQAuAAEAAAEsAJwAMgcDAAABLFkqrVZZIWt\/TSoEbmlzdANnb3YAin87ubwH5bbudTk+e+xAakiTfHLL5BNm7U1T7Tp5nwZ+YiMNjXALwdG0Rzv41sO6d6JzvqGjEvTLlZHOxMvzh5qOOCQ5pTDJOeqLshIcRoXLTP+W5JHoo22\/LNWmDP4Sejibo\/ExdMmbbKksTx5XkoOuibEJlXT+CgT9AZmeMRTBsQAuAAEAAAEsAJwAMgcDAAABLFkqrVZZIWt\/afUEbmlzdANnb3YACfYO\/o1yNCznWcx+k3iT2eRehKQYOK+FNHFc5RmDgi0nh2MAeCXjMinIJ79YtQqPSh00E\/qkzv0dT8zKvlO44sNJMgS8x9irpUURGpmdOjra2Peut2w6hiAF+w=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":26,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":816,"global_ts_msec":1495451150025}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":27,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":796,"global_ts_msec":1495451210064}
01389{"packet_event_id":1,"packet_event_name":"packet","packet_id":27,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":830,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":830,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcZ2IgADgRNxXOg9J2zLpQ5QA17oYI5FghcmaEEAABAAMABgANBnN1cnZleQhzYWZlbGl0ZQNjb20AAAEAAcAMAAEAAQAAcIAABM6D1BvADAAuAAEAAHCAAKAAAQUDAABwgFknjltZIkdgNvwIc2FmZWxpdGUDY29tAHe+sxe671rWzIUuSmcuIX5JDt2N6FBy\/TemnpDPfETG94sVtxgFhyH+9XDJ8vfBDApGjbQsaNpmhYgJ2jGuM6aa11KsYrpTFxQi3Mq4Mwmb85sg1M7tWwMA\/a9WEJvxthxxgFLD9e7N14XoZuciOXyDRzakdNxJe0xON4TdbMVJwAwALgABAABwgACgAAEFAwAAcIBZJ45bWSJHYFgXCHNhZmVsaXRlA2NvbQDY7GqPPxR3njuOxu6CCj1boxBl0v+KT3lL29Er72LdcsNtFbp2T5f6Lq+bUDJ6aGZ\/GGcJlbZVeSixgLiHv\/3WIrKbFRcxzmntMnI1WXDaq+hOKYUph2hgpvcyTFEbaygdhl5BdaaPauPAfweczJEJCc6TxoWZ0SzqEG1+NouhyMD\/AAIAAQAAcIAABwRuczAzwP\/A\/wACAAEAAHCAAAcEbnMwMcD\/wP8AAgABAABwgAAHBG5zMDLA\/8D\/AAIAAQAAcIAABwRuczA0wP\/A\/wAuAAEAAHCAAKAAAgUCAABwgFknVclZIgjZNvwIc2FmZWxpdGUDY29tAE+K9vCahuql+Dus\/olbzgxR6+xtIAxjgCV7w4P+TDgF96\/wvufu2LlMtgwWwEYPqWlh\/QSV3c3y2mgUeKsDgKDUKBPY4oAN1Ii5SdYXKnxedkDm6CDq2YBIJ\/f3K2Jens9\/DIVOgUFp+Zi9a7TtLhmA1IAcJwnXvflL7avBNhUUwfcALgABAABwgACgAAIFAgAAcIBZJ1XJWSII2VgXCHNhZmVsaXRlA2NvbQDFMtAOhXQ\/tcn8Bg0YsK0LCXQz9eeItGf3CI8d+ppJ3a1qxqTbsYvEPqKVPVXIPiYJ3ICi3zqAg5mc5470ZgSSPw3eDcdgkQ\/2sH6VsrvHw1pWLDtNZPd6cO+KsvNtbbCZ6JY="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":27,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":796,"global_ts_msec":1495451210064}
00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":28,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":37,"global_ts_msec":1495451247437}
00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":28,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":71,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcWZUgADkRzYvQTkcCzLpQ5QA1l\/cF7eAXMAuEEAABAA4ABgABBG1haWwFaG91enoDY29tAAA="}
00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":28,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":37,"global_ts_msec":1495451247437}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":29,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":111,"global_ts_msec":1495451247676}
00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":29,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":145,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcSyQgADkRLD3MDfsCzLpQ5QA10qYGN8NYfIeEEAABAAUABgABBWhvdXp6A2NvbQAAEAABwAwAEAABAAk6gABFRGdvb2dsZS1zaXRlLXZlcmlmaWNhdGlvbj0zWEpwSUlaRzJZeUVCWnlPYUs1ZWZrWDFnN21qaFV1aVhqT2xKZw=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":29,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":111,"global_ts_msec":1495451247676}
00207{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":30,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1194,"global_ts_msec":1495451309206}
01913{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1228,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs98gADgR3UqMWiHtzLpQ5QA1U+IKco350KyEEAABAAMABAANB2VkZ2UtcDEBbARub2FhA2dvdgAAHAABwAwAHAABAAAAHgAQJhAAIIgAjAAAAAAAAAAAJMAMABwAAQAAAB4AECYQACCAAIwBAAAAAAAAACTADAAuAAEAAAAeAR4AHAUEAAAAHlkr8xJZIriS1gsBbARub2FhA2dvdgCV6O\/WR3JCSK+C7cZBu3S3X5K0UHxpncAfxFmSgHubPtuQ+ppFRTp+1fHbrUOyCpixD7BN4GSPyT84LF8EMzJbQxH0r2LLAvgtvgpUbYL7Z7w18yYTnE6XGfHtthXb1ZOye1L2hiRfpzbmmXCHOKb6LEYuPXKYSPhX2n+ImdcFypwUqYfMSD9FcjNa3Jo3Oqro2WuMMbD2gPnRfJ8TdXYRG4VNmibFauhfDGpn9UeUfORtwE7m2jOvlQ6Qvy9OpZkqoNE2Vdtt7jPJm2tzt5OKxSjI1XLv3boeUU7hE7UYEXONrZssQLYvDrWx9GDK\/I6MmaWyMYZAJODqzmpC6mevwHoAAgABAAFRgAAHBG5zLWXAfMB6AAIAAQABUYAACAVucy1td8B8wHoAAgABAAFRgAAIBW5zLW53wHzAegAuAAEAAVGAAR4AAgUDAAFRgFkr8xJZIriS1gsBbARub2FhA2dvdgAeLq4NmnVkcNxQ2ECZHAEvCMi5MZYEL8edA7YVxsb2UBGFIEGs\/0MCPjY5njGkf1suVTZtcwyT75u2gFjZgWxP1+c7rm4cmvpvBe+wC0vSebZWwrbWCerbFqwFr8WbzPO2CxG0Zn8pbBKC9uM1kn0tU08OZWkEPnxTJXMcLAZSYKzHnM3Abd9+nCKn5iCnhESUxIPjqzi3TtF47AxxSw8oSy\/22YcIyG5RxzRRDhaTIGZj9gjcsM8kyra2eumMo4lRPXVhwaJ6DQF2GVKV8FslkU9\/qAyzckJZU+4ClRBUn7ZyYZlZnrFBAgj7Zmr2QS9x22hcQerFh+735VmloZaXwZIAAQABAAFRgAAEjFoh7cGSABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBpQABAAEAAVGAAASMrBHtwaUAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8G5AAEAAQABUYAABKE3IALBuQAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwZIALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBkgAuAAEAAVGAAQ=="}
00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":30,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1194,"global_ts_msec":1495451309206}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":31,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":327,"global_ts_msec":1495451309834}
00750{"packet_event_id":1,"packet_event_name":"packet","packet_id":31,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":361,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2UgADURSHOMrBHtzLpQ5QA1ufwM17VSuDGEEAABAAYABAANA21hZwRuY2VwBG5vYWEDZ292AAABAAHADAAFAAEAAAEsAAsDbWFnBGNwcmvAEMAMAC4AAQAAASwBIQAFBQQAAAEsWSuLaVkiUOlQZARuY2VwBG5vYWEDZ292ADcGQyBFP4D+oljdb2+uDa9\/19GSwvR6WriPq+5z0bu\/0ZaU\/D8IQsmXY34oOVHWkzG6MucH8ZmcfTOJDErUlSNSiRzFT51PBmw6nGKnxTSwXkETkX04Oo9QP2yzVDt5BovyB6C9tXHehSkdYBFKv3dkwzGxANJxhe+yFBxgwF9UCs8+cZEJOlz8tn056cIu0n8cLm0Luw3FG\/hQGfvItzUlOxBl1A60sdiGmy6QUdNCXAcNU0yZ9pOPKxcCxUBH4IhMSpEnUlvPR6QJH5nmfUQe2XEJKZYxCw=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":31,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":327,"global_ts_msec":1495451309834}
00207{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":32,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157,"global_ts_msec":1495451309971}
01864{"packet_event_id":1,"packet_event_name":"packet","packet_id":32,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1191,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2YgADURSHKMrBHtzLpQ5QA1igkKTYrrwr6EEAABAAIABAANA3d3dwx0c3VuYW1pcmVhZHkEbm9hYQNnb3YAAAEAAcAMAAEAAQAAASwABIxaccjADAAuAAEAAAEsARwAAQUEAAABLFkri31ZIlD9PnMEbm9hYQNnb3YAYj6eILo+qkq5k18ERYBx0xRM9\/G7L0FZIt4YRMfTu\/USwfAnYN75io2kNkONiogWmMZ4Lag7k3IYxgcesHSZm7PZPDgrUXlAcd3yvVMKVKTxcZWm4erxNJExiN8+R7+gO8BV6r5YHq7uAPRDiCQOsXNlXUlDbrs1lqRHqt+\/of11uAQ6meqXGXmKksSlBj5fbAkW1+8cB\/QSQlJjzyciYH5OpnBXSP0xkvRyxYbMOP3yK39llO\/1t56mjX6N00VukVX1CCuCNDvCVEnhc9yhfw9oDlronPvyL2kVGsfMWn8txFzsS3wqbAr7fJQNwFsN6v7JS37aCBEsfLcqNMdRvcBZAAIAAQABUYAACAVucy1td8BZwFkAAgABAAFRgAAIBW5zLW53wFnAWQACAAEAAVGAAAcEbnMtZcBZwFkALgABAAFRgAEcAAIFAgABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AH\/\/EM5XxGUAJzS0k3FL5gqwtJA4FBuTo0uxBkbdgNOM7eIqyHshwuqLDq45ztJouzzqb5\/+QwdCyRboRA6YQcMyduo30hAwZBPjCwFtGtCbCO0zddpUh\/DZBFgSPh2dFJqb9c9JuhHoz3+E4Y9URJn+5DpaoXNsnl89Rx6siUb+Rihm7C+Vk315amYja69lUQmg3PNcdUVXF76DLNDZ9f0J\/NtTrjCtrMqxXjzjQDEOf1LyNKCNPvCsDV8BtRjU3VnXwwNw9fAKyA0zjlIJMDcZHgtkbmrTB9mFGy8tMxbqfFpB+6mG8tYtHiQWLDq6x9iFxvHJ7caHhZ1nCy6pTLXBlwABAAEAAVGAAASMWiHtwZcAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8FvAAEAAQABUYAABIysEe3BbwAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wYMAAQABAAFRgAAEoTcgAsGDABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBlwAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GXAC4AAQABUYAB"}
00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":32,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157,"global_ts_msec":1495451309971}
00207{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":33,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1194,"global_ts_msec":1495451310199}
01915{"packet_event_id":1,"packet_event_name":"packet","packet_id":33,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1228,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+EgADgR3UiMWiHtzLpQ5QA1YrcKcmZcnv2EEAABAAMABAANB2Ryb3VnaHQDZ292AAAcAAHADAAcAAEAAA4QABAmEAAggEAAAgAAAAAAAAFxwAwAHAABAAAOEAAQJhAAIIBAAAIAAAAAAAABcsAMAC4AAQAADhABHwAcBQIAAA4QWSuLOFkiULjwAAdkcm91Z2h0A2dvdgCiFhT73R8JkfGDTfZ4di36jz5eyOGbPz32qAMnwn4nlyVmuvzkf4NiJ96OxTP54IIqeClIfVaS9wEAfT+47pslkKZCPVwuhmOe6fDooq+GLDJv0+Ghc9188DOEwVA6ulHxE25woNOlZB13Uz3i90Fc0vOaXvfF9ZGxFm4J9mw3dWtYg4\/ds36+RRrCA9x3ERJDt7HPku5qZtP0xKuN8yDtutEHNQ+PFq\/yqbVvE6s5DpPsYgJR0mKl+kuenRHwsn7+W8RejJkXBdU0ylZRMFbsC3fBOassmaNP6p110AEWGpszbswU0n7MR6eCsSeyRW3u+kxNbB3DHriPINnb\/25ywHMAAgABAAAOEAANBW5zLW53BG5vYWHAe8BzAAIAAQAADhAACAVucy1td8GSwHMAAgABAAAOEAAHBG5zLWXBksBzAC4AAQAADhABHwACBQIAAA4QWSuLOFkiULjwAAdkcm91Z2h0A2dvdgAXXbMkYPS9QUln5hjQ9vMJUQmj7EOZmvYJzaa79X6dsVN8FpugM8E25umwpE\/dq29ve8D++P2tnJQfbDgKbTCzWcNRmJZVue8tdC5OTorh1HBmQkpoumFnTbmtekcohQkMcnb3AmWMR742fJ5XNYHgW7Ap4AaJ+wubZ2DGMzIxl72\/ofg+1dcqnAgbyQV8y0ogjIlloPBWpcRwxyL+zdk7S+iyN6s+YgfobuDo5dbvDWNky63CGBbyLqEaC7wzznplPJLXci32DUon7xJA0oUr7x\/h5U6kgccx3MbgKjnlj1l0PwM\/R2IbRlpN9BAQ34xrrixU4+6ApBRbB3spHijNwbkAAQABAAFRgAAEjFoh7cG5ABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBpQABAAEAAVGAAASMrBHtwaUAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8GMAAEAAQABUYAABKE3IALBjAAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwbkALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBuQAuAAEAAVGAAQ=="}
00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":33,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1194,"global_ts_msec":1495451310199}
00207{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":34,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1158,"global_ts_msec":1495451311326}
01873{"packet_event_id":1,"packet_event_name":"packet","packet_id":34,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1192,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+IgADgR3UeMWiHtzLpQ5QA1+8YKTsy4mcCEEAABAAIABAANA3d3dwd0c3VuYW1pA2dvdgAAAQABwAwAAQABAAAOEAAEjFplPMAMAC4AAQAADhABHwABBQMAAA4QWSnFrFkgiyw3Ggd0c3VuYW1pA2dvdgAJEO7XiuA+vhpIYobOdRe1yI2VB\/j2mzi\/2yP1Lp9H4M5qjusV7CkPVxOQC0AaCcVxqT4M6bztlrT7qUL0A1w3xQdNOpdYK4DVjBCuxhfx\/pX\/Rq0kECnDSkfE1jj7zqbQ61fish6MQQophJFU+Am6c5wLoF1vAyR8qdln5pLZ1FEOPVwHhvgDFyv98HmMD00pw\/wVmA65j4meeVRLeQ3a837VsRiT4jJKffufwtmx5Eqpxa2\/kJw53hWYnnMS38GIEaZRlEQM2vGca6sB3+N+kJQ1oGEgcMiONiOotB9a5cfHgsVEbIgj1jFGWNkedySgudQrRBslLuL9OimDWkL2wE8AAgABAAFRgAAMBG5zLWUEbm9hYcBXwE8AAgABAAFRgAAIBW5zLW53wW3ATwACAAEAAVGAAAgFbnMtbXfBbcBPAC4AAQABUYABHwACBQIAAVGAWSnFrFkgiyw3Ggd0c3VuYW1pA2dvdgAtNAttZ2tlqpXEcOn7mcA\/Z0HMna2P7rrtJXnupFJ5uos8L3b6TswIuV1nZPJ\/S0K4ZvjUZJukTJ5dsR\/z2bbQiS1uixECpVlyZZOXhp3A0rmQKUIYpz+yrwlZ4Dcq1wOupPxo1PMQl4AwQrMNxeyrQ0QU9G49JKGe20YA1Lhz1N+J4QbO5Tu3vWoPjnfsCEURngIIHow6qjNrrZEhlA929gSEpDzFDBqOvEXIedVxUEt\/nMPYmTYEM5I+66eeFT9HrjHCjzLWlP00hbu089PduHD\/KIRGO7Fs2DNO2Yt\/9FqjLrVhvcG5ptrnTz9lTYR\/uQVtLKTsydCWVZF9YLTOwWgAAQABAAFRgAAEjFoh7cFoABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBlAABAAEAAVGAAASMrBHtwZQAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8GAAAEAAQABUYAABKE3IALBgAAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwWgALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBaAAuAAEAAVGAAQ=="}
00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":34,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1158,"global_ts_msec":1495451311326}
00207{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157,"global_ts_msec":1495451311524}
01859{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1191,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2cgADURSHGMrBHtzLpQ5QA1l38KTYdoHVOEEAABAAIABAANA3d3dwZub2hyc2MBbARub2FhA2dvdgAAAQABwAwAAQABAAAAHgAEwC5sA8AMAC4AAQAAAB4BHgABBQUAAAAeWSvzElkiuJLWCwFsBG5vYWEDZ292AEmbFbdVf7FrZdNM0IbcWdEpLfLseHOhwkbd9Xyz04fYyQrhx+Jovb0Em+GuaroqiO5SKtEQJqVCCZB9p842uoKxho+pPpdJyWiQc7GnXhWdDNWtJHOkPmoq3wrf3jfnkFfPCy15tQqxwItlfzeoXa47K\/rbLzji9J6Cj82yysecO7bElXtCuXkKPdBLHf390b9a43nJCO8borqU1G0mIjq1zfMZZF6Kibws4+mFg0EdoxSpF65NctKwuurIJVArvCE11J8PbHegAuvbVEpvXwtS4p8hvMfMnJvNSqKpfuQhDV7nHNaRPD8uISM\/x8CbB8jQLQpUussqmlC6PtCbdXfAVQACAAEAAVGAAAgFbnMtbnfAV8BVAAIAAQABUYAACAVucy1td8BXwFUAAgABAAFRgAAHBG5zLWXAV8BVAC4AAQABUYABHgACBQMAAVGAWSvzElkiuJLWCwFsBG5vYWEDZ292AB4urg2adWRw3FDYQJkcAS8IyLkxlgQvx50DthXGxvZQEYUgQaz\/QwI+NjmeMaR\/Wy5VNm1zDJPvm7aAWNmBbE\/X5zuubhya+m8F77ALS9J5tlbCttYJ6tsWrAWvxZvM87YLEbRmfylsEoL24zWSfS1TTw5laQQ+fFMlcxwsBlJgrMeczcBt336cIqfmIKeERJTEg+OrOLdO0XjsDHFLDyhLL\/bZhwjIblHHNFEOFpMgZmP2CNywzyTKtrZ66YyjiVE9dWHBonoNAXYZUpXwWyWRT3+oDLNyQllT7gKVEFSftnJhmVmesUECCPtmavZBL3HbaFxB6sWH7vflWaWhlpfBlQABAAEAAVGAAASMWiHtwZUAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8GBAAEAAQABUYAABIysEe3BgQAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wW0AAQABAAFRgAAEoTcgAsFtABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBlQAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GVAC4AAQABUYAB"}
00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157,"global_ts_msec":1495451311524}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":36,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":504,"global_ts_msec":1495451320578}
00994{"packet_event_id":1,"packet_event_name":"packet","packet_id":36,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":538,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":538,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcm2UgADwRZEWcmp8szLpQ5QA1q4QHwM\/ij\/aEAAABAAkAAAABBWNpc2NvAAAwAAHADAAwAAEAABwgAIgBAAMIAwEAAdRGl1LNWnzy7pAEJi3Qfp0TyGaJmTkZh6eXbbqBdkY9a1AoaD29yVHLBBpWMSQjH95pwspn6IcXgzevKG6XFhwPNM+E0S7Ju2k\/7H2VuFBNC29dnwoJg4icT5epf3G8zmCaNYnLVZLs5atUCkBlhgvwscnvv\/TSmgpTXYQuqFu\/wAwAMAABAAAcIACIAQADCAMBAAGb2PYROIXk7P7qLTWvxVk3g1BsHjHVl72rmOzt5smqLLn23qp74hnC88zJUUWv21Kqy8BhoPdBWvuS3K8EynHYxDv8VO+YXAgqPkxai26z4TwjzZmHJVKWTKIiQzsakq\/w839oY5NLQsHtKpX4hQW\/\/wsieSUyQBsu2l28RS8I1cAMADAAAQAAHCABCAEBAwgDAQABygOnV9ghCwCrh3eIvDoG++8o80Fto28a\/p6JEdC+lLUNcG3Y9tAyIDCo8XUGee3bePYL4ZzXyCqJp7IksLLiu1iB6COA3ZuzD54vWOW2TJDtbTnlLS\/u7yD3YgI8LRcGSwoN2sUUDjhQxtd1fWfVIvI03XN5eQAXgcBIZZGdNKBR\/XOzYiDors4mheJ4ps\/1KYBH9kdGGiRmovRgfQ=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":36,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":504,"global_ts_msec":1495451320578}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":37,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":757,"global_ts_msec":1495451362335}
01333{"packet_event_id":1,"packet_event_name":"packet","packet_id":37,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":791,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":791,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc0esgADMR6diEowQKzLpQ5QA1Y8kIvV9wUR6EEAABAAMABAANBnRpbWUtYgh0aW1lZnJlcQdibGRyZG9jA2dvdgAAAQABwAwAAQABAAAHCAAEhKMEZsAMAC4AAQAABwgAnwABBwQAAAcIWSrzRVkhuCFcsQdibGRyZG9jA2dvdgCz4vohuOo\/ZN1uNZLF+UDD3qHzJ2C3tMHOSiioVq033RO+ipzXapwQ4E4BS5zpIr923AlaL\/9WhCQy\/1Y1em3YZ3AdccyxO0gssoEPbElS149\/ac9HrbYG6d20TbbVB+VxK1L4MHmWOCcJMgpGO42vZ1KmHAZxDSlAli+HvMzpRsAMAC4AAQAABwgAnwABBwQAAAcIWSrzRVkhuCGY5AdibGRyZG9jA2dvdgBW5VUxo2FURuhTFYytwadnYHGDoScx7bGNWmJUvbniq24ec9+NK5A\/tqH7Lb1b3crN9Prt\/g\/MsebeMzTxodqie2+H6hdDZbplhskKnOEu5xRS1cUQfYmye\/wwniirGeCr1GVyInNfmb1RMzIVhXHumDFYR5pqMpRB66Ew29Kp48EGAAIAAQAABwgACwNnZWEEbmlzdMEOwQYAAgABAAAHCAAGA2JlYcGjwQYALgABAAAHCACfAAIHAgAABwhZKrf2WSF4GVyxB2JsZHJkb2MDZ292AIkzKBspRRKHjgld2iUJ6W8EI2\/ErlCgV4JOh1mMYrKJbPVKhaRdiPCnaxtYShzkiY056+AEL\/F04B\/Iv+WE6BOSfqWIKu831nLLehhatNc+0QoMG8piwdYZemWzDmmM\/mnqv45r3JwAgEQFHE9f4xPdbzXzBXCIN46nN8sxYcwUwdoALgABAAAHCACfAAIHAgAABwhZKrf2WSF4GZjkB2JsZHJkb2MDZ292AESJxFFnLylJJ50F\/EEyc6PhRchiACYL\/AlcnWeas5mQ0gG8Z\/ObR2D2qfguVUaT0TQMgn0akP1qC+VS8lFO0ft06e+8c5Y27dzgbK173tMxr5wtnClaCLjSQH8="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":37,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":757,"global_ts_msec":1495451362335}
00232{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","size":58,"expected":60,"global_ts_msec":1495451391978}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc76ogADkRkB1F\/HitzLpQ5QA1x5kF4D53demEAAABAAUABgABE2NlZA=="}
00232{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","size":58,"expected":60,"global_ts_msec":1495451391978}
00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":24,"global_ts_msec":1495451391978}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc76ogADkRkB1F\/HitzLpQ5QA1x5kF4D53demEAAABAAUABgABE2NlZA=="}
00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":24,"global_ts_msec":1495451391978}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":39,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":514,"global_ts_msec":1495451394042}
00999{"packet_event_id":1,"packet_event_name":"packet","packet_id":39,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":548,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":548,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcVF0gADYRwvybxo5RzLpQ5QA1bA4Hyoducg+EEAABAAIABQARA3d3dwV1bmlvbgJpYwJhYwJ1awAAAQABwAwAAQABAAADhAAEm8YDk8AMAC4AAQAAA4QAnAABBQUAAAOEWTixhlkRIPO5jgJpYwJhYwJ1awAj5WoAxYCg\/KfcFTNasuFz9k8DHEEKP+G\/QcO+tlENP2jc3LgZ9uA3IooVGcjqo3IK1WfQBCEvktqfQAxH7Wa9Cf7eUtirbKINvr5+kMLn6FCrM9jd2dQe6Y6pYaAdpbMZ52VbSjqrMzklY\/zIDFORoxkTs1i+ORgrFMtdeV2yqMBSAAIAAQABUYAABgNuczLAUsBSAAIAAQABUYAABgNuczDAUsBSAAIAAQABUYAABgNuczHAUsBSAAIAAQABUYAAEwhhdXRoZG5zMQNjc3gDY2FtwFXAUgAuAAEAAVGAAJwAAgUDAAFRgFk3Fx9ZD4ShuY4CaWMCYWMCdWsAnce7m9M5vKhQqwhA2lgPqBNkvCE04UYgFElS0HI7a2i+uOQGzkCRUhlt88i15\/SW6pLNi7d1z4bwWT4IQO6zK9DN8onRZwE2U9p3OkmdXoT+m92MCVkssnEnbW4QP7TpPEflt6+tmQbWtQIhhbOmeIP69piuNsKdv\/4OLfIF3EjA+gABAAEAAVGAAASbxo5QwQwAAQABAAFRgAAEm8aOUcA="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":39,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":514,"global_ts_msec":1495451394042}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":40,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":639,"global_ts_msec":1495451408058}
01176{"packet_event_id":1,"packet_event_name":"packet","packet_id":40,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":673,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":673,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFYAXcBHwgADoRZJhCxpE3zLpQ5QA1pnIIR2qM4CyEEAABAAIAAwANAjcwATIBNgMyMTYHaW4tYWRkcgRhcnBhAAAMAAHADAAFAAEAAVGAAAgCNzACNjTAD8A1AAwAAQABUYAACQN1cDIDY29tAMA4AAIAAQABUYAAGgptYXR0ZXJob3JuCXRlbGVnbG9iZQNuZXQAwDgAAgABAAFRgAAJBmNhc3RvcsBpwDgAAgABAAFRgAAJBnBvbGx1eMBpwIQAAQABAAACWAAEQsaRY8CEABwAAQAAAlgAECABBaANAP\/\/AAAAAELGkWPAmQABAAEAAAJYAARCxpE3wJkAHAABAAACWAAQIAEFoA0A\/\/8AAAAAQsaRN8BeAAEAAQAAAlgABELGkQzAXgAcAAEAAAJYABAgAQWgDQD\/\/wAAAABCxpEMwIQALgABAAACWAEhAAEIAwAAAlhZKqfXWSGE3G6hCXRlbGVnbG9iZQNuZXQADWaWQ2KrMpM7yQCKVCdUF8CZsd8UuOLGe\/axb+Ay\/NWTVA3Zr0BSUADykeduIEZBBfslszxBCLtWJjw97buDzEvoJ6dPQ\/smffR9A7PBcA8vGMrx\/vYm0nKDfYKiwKXB3cayT61ofU5\/+O4eZ8mK7zyDd4NVmMUuKwz6hilRNOPFveA0ak+EzWMNuCSyDupcNYAy\/eZHdtxUD44NujGkG9U7ybrsgbYRculPaexgOKxu6wIMeuCHPGoausWOdwgGMsZ\/9a+crtZbVDgOKg2GuqdNoxaZcaB8m2G+d85wvTgybkqjMIcDjiFy8SOVvk1UORjiSqP3gTvApy\/X3t7tXsCEAC4AAQAAAlgBIQAcCAMAAAJYWSoEmVkgM1xuoQl0ZWxlZw=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":40,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":639,"global_ts_msec":1495451408058}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":41,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":534,"global_ts_msec":1495451408074}
01035{"packet_event_id":1,"packet_event_name":"packet","packet_id":41,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":568,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":568,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFCAXcCjcgADcRYglCxpFjzLpQ5QA1WQYH3k5\/2RyEEAABAAIAAwAJCm1hdHRlcmhvcm4JdGVsZWdsb2JlA25ldAAAHAABwAwAHAABAAACWAAQIAEFoA0A\/\/8AAAAAQsaRDMAMAC4AAQAAAlgBIQAcCAMAAAJYWSXcEFkcPtxuoQl0ZWxlZ2xvYmUDbmV0ACggce0e+l82m6K57G\/nkzZgF7\/\/\/F9ux6leX5Gn+5inty7\/MjZNahMqNAHQwnC8vBMYfHHAF8hSb7c8eCks0+Dh+nnbeUe4XgsM66nTr32JW46kbrQR89HZRJDZQZWC+piGiT97i3CT+WNQCbre\/CDP9NS8AgJkNfbP354St0OVmQlQhiKyrHqR2Kpg6iWBtjVOGzxTy9IEtmWsVcJvOfaeM\/T5fFq43DPnnWT055vSvfug0FyuSqsrvs\/uahkjmn0wSqWV9DY2l5rG7j2q5sqVxLwtjtu+3l3ZdAyTFxyFLOsRGViZqTvNnralxPJSMhvNxRaX7xgtnifsOR1srwrAZAACAAEAAAJYAA0DbnMyBmFzNjQ1M8BuwGQAAgABAAACWAAGA25zMcGDwGQALgABAAACWAEhAAIIAgAAAlhZKlysWSGE3G6hCXRlbGVnbG9iZQNuZXQAbS4gA1OJVXiOfiH1NhqitGHP\/bRoUOiALgkqpRDu8skb9xITGwMgLUOh4ksNJOEiOZjsYKQKyAOJP7f\/bfAaIkXhYw=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":41,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":534,"global_ts_msec":1495451408074}
00207{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":42,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157,"global_ts_msec":1495451455633}
01869{"packet_event_id":1,"packet_event_name":"packet","packet_id":42,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1191,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW20gADURSGuMrBHtzLpQ5QA1MvoKTXoKXkiEEAABAAIABAANCmNvLW9wcy1ub3MBbARub2FhA2dvdgAAAQABwAwAAQABAAAAHgAEjFpO18AMAC4AAQAAAB4BHgABBQQAAAAeWSvzilkiuQrWCwFsBG5vYWEDZ292AEw02D+blunLpNdEFin1+qF0AsFQBP\/P93\/ArPYSgPaECAOIBBNrIQ+EUDGS\/sThqanuNHzZj1SVWA9CAzO98GFijUnpdSifTO4x9Qo3CG05zf3N\/s5fFZr1besYCBH9wyyidJjde0HfykraB9D+hG63vApNYAPtCvzquBjiCZq6MQB9mYwB30A9ZMk5CnTRaghcrAc+u1y4AVxKQ0y7ITcqyzwRmRPaDFzxHD6jH9BaBXDnRncsq\/RCjaVuVUM5zOySd85R0L1mEfj+F454c85g1Fzcbn5qsZOXLTMLqQ3FRWJkzSALdhO0DVc9mEVu5bmPyDDblEDXH\/N5epppDPHAVQACAAEAAVGAAAgFbnMtbnfAV8BVAAIAAQABUYAABwRucy1lwFfAVQACAAEAAVGAAAgFbnMtbXfAV8BVAC4AAQABUYABHgACBQMAAVGAWSvzilkiuQrWCwFsBG5vYWEDZ292AKWxpXpNJk\/yTBJP4lU5VttQSdOCPsApD58HTwd7AUzusozvULgo9tJJihlFAQhFSC\/z2qSmGIRA+D\/AEYhYbnkCSlby\/TZn6728QBrsfm\/eTvuVlRcio8ZoKvDceEQjlZ0XdE9\/8FAzxpv4JxMfu37r6Pqo\/kHGUh0O9dYKY5KQ4vRASr9A6ColBpM0Fp6jzxLZgQIgxecmhXKunw6oYe4uAJwPmAwuOtGafuBkrw3+iyL1IFpTT+ieoMjqzlQIJ34apHrtLI7Qpy3V3rCfrvrhFsQK3Blu25MTCVuij\/hrkBYBvavbW5oV1htZ0xgzg+x\/o5Nhl8E5Ss8ok5D\/IczBgQABAAEAAVGAAASMWiHtwYEAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8GUAAEAAQABUYAABIysEe3BlAAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wW0AAQABAAFRgAAEoTcgAsFtABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBgQAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GBAC4AAQABUYAB"}
00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":42,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157,"global_ts_msec":1495451455633}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":43,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":234,"global_ts_msec":1495451467899}
00623{"packet_event_id":1,"packet_event_name":"packet","packet_id":43,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":268,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcLicgAPMRVGeA54D7zLpQ5QA1cboMeow9trSEEAABAAIABgAVBmdzbGIwMgNubG0DbmloA2dvdgAAHAABwAwAHAABAAAOEAAQJgfyIAQfFAUAAAAAAAAAA8AMAC4AAQAADhAAnwAcBwQAAA4QWT\/Mx1kYPpsoHANubG0DbmloA2dvdgA8qDsghhg3NnlrIvnzqjoi2t8F9ueZTTrSfT36cTwMHvoAfuu6t8YRYeVd3+cOzU8zRktKFuhy8uB4+IQMr8Ww4Pznbu1iFnscMdfQImu1yTjxzcTFcCU7ST4qi8TAkxt4FjZaNJAfAflP93iMa9IgaD+Y6GcxRg=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":43,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":234,"global_ts_msec":1495451467899}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":44,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":847,"global_ts_msec":1495451472365}
01450{"packet_event_id":1,"packet_event_name":"packet","packet_id":44,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":881,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":881,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcaRtgAPMRqz3AUm\/FzLpQ5QA1j7gJF4rJ+8eEEAABAAEAAwATA3d3dwZ2ZXRtZWQHdWNkYXZpcwNlZHUAAAEAAcAMAAEAAQAAcIAABKntbQvAEAACAAEAAHCAAAoHZG5zLXR3b8AXwBAAAgABAABwgAAKB2Rucy1vbmXAF8AQAAIAAQAAcIAADAlkbnMtdGhyZWXAF8BaAAEAAQAAOEAABIB4\/AnAWgAcAAEAADhAABAmB\/gQA\/AAAQAAAAAAAAABwHAAAQABAAA4QAAEwFJvxcBwABwAAQAAOEAAECYH+BAD8AADAAAAAAAAAAPARAABAAEAADhAAASAePwKwEQAHAABAAA4QAAQJgf4EAPwAAIAAAAAAAAAAsBaAC4AAQAAOEAAnwABCAMAADhAWsOuUljib5UKvAd1Y2RhdmlzA2VkdQBgF1svDW8JHo\/wOWjspf2N0RNsbS6uvhUBxwA1KawlxeLdYB8S\/ocCl3N3ydK+qLDhjdhLtD+y1QSyja9HnvA54C1qS+Lx80TVJqHkovkt5MfwSVzvMBB5t04PnvWANS1PFZYcsrJm5+kOLUE3vmD+lmjD0I6VOosJcibl9MbFksBaAC4AAQAAOEAAnwABCAMAADhAWsOuUljib5Wtvgd1Y2RhdmlzA2VkdQCYpaPXPGLYHCsxPzngvxXQKvBhCD0A6imizrPpMhGtXepeyR9Bf1Hq+y94HWm5M11uIqfwyAqaIyqKs8Qi6HbUYBY06DPk9fSI4Jwmw8Ie7Sv5COEyuPyA0LUsNeOGgVsrsuoTICsUxBAEI0LIU+Gy7f\/+GxOZF6USDZ71RzrXhcBaAC4AAQAAOEAAnwAcCAMAADhAWsOToVjiVjwKvAd1Y2RhdmlzA2VkdQCAqNZBwMbzrMNkWZgH5Y0jgozm70jz7wlfuu\/EL\/mHQiFwdlsNK2doaPPqBOsfGm9gLXtCx5VeApk7UI9i\/jxHFrXqCpXnFbTD8mocsaTvCXobB8UPlnpxRae3uC1K3rMjuf5tobIXmI1J0b0pui+eV4qbOnmtYgtJ5dMhNi7KZcBaAC4AAQAAOEAAnwAcCAMAADhAWsOToVjiVjytvgd1Y2RhdmlzA2VkdQAgvphHwDdhho6Wd\/l05X2KAiP95GF5Y1\/Jt5Q="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":44,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":847,"global_ts_msec":1495451472365}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":45,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":847,"global_ts_msec":1495451472447}
01450{"packet_event_id":1,"packet_event_name":"packet","packet_id":45,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":881,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":881,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcPAtgAPURieKAePwKzLpQ5QA1NjQJFwxygzCEEAABAAEAAwATA3d3dwZ2ZXRtZWQHdWNkYXZpcwNlZHUAAAEAAcAMAAEAAQAAcIAABKntbQvAEAACAAEAAHCAAAoHZG5zLW9uZcAXwBAAAgABAABwgAAMCWRucy10aHJlZcAXwBAAAgABAABwgAAKB2Rucy10d2\/AF8BEAAEAAQAAOEAABIB4\/AnARAAcAAEAADhAABAmB\/gQA\/AAAQAAAAAAAAABwFoAAQABAAA4QAAEwFJvxcBaABwAAQAAOEAAECYH+BAD8AADAAAAAAAAAAPAcgABAAEAADhAAASAePwKwHIAHAABAAA4QAAQJgf4EAPwAAIAAAAAAAAAAsBEAC4AAQAAOEAAnwABCAMAADhAWsOuUljib5UKvAd1Y2RhdmlzA2VkdQBgF1svDW8JHo\/wOWjspf2N0RNsbS6uvhUBxwA1KawlxeLdYB8S\/ocCl3N3ydK+qLDhjdhLtD+y1QSyja9HnvA54C1qS+Lx80TVJqHkovkt5MfwSVzvMBB5t04PnvWANS1PFZYcsrJm5+kOLUE3vmD+lmjD0I6VOosJcibl9MbFksBEAC4AAQAAOEAAnwABCAMAADhAWsOuUljib5Wtvgd1Y2RhdmlzA2VkdQCYpaPXPGLYHCsxPzngvxXQKvBhCD0A6imizrPpMhGtXepeyR9Bf1Hq+y94HWm5M11uIqfwyAqaIyqKs8Qi6HbUYBY06DPk9fSI4Jwmw8Ie7Sv5COEyuPyA0LUsNeOGgVsrsuoTICsUxBAEI0LIU+Gy7f\/+GxOZF6USDZ71RzrXhcBEAC4AAQAAOEAAnwAcCAMAADhAWsOToVjiVjwKvAd1Y2RhdmlzA2VkdQCAqNZBwMbzrMNkWZgH5Y0jgozm70jz7wlfuu\/EL\/mHQiFwdlsNK2doaPPqBOsfGm9gLXtCx5VeApk7UI9i\/jxHFrXqCpXnFbTD8mocsaTvCXobB8UPlnpxRae3uC1K3rMjuf5tobIXmI1J0b0pui+eV4qbOnmtYgtJ5dMhNi7KZcBEAC4AAQAAOEAAnwAcCAMAADhAWsOToVjiVjytvgd1Y2RhdmlzA2VkdQAgvphHwDdhho6Wd\/l05X2KAiP95GF5Y1\/Jt5Q="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":45,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":847,"global_ts_msec":1495451472447}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":46,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":264,"global_ts_msec":1495451502567}
00669{"packet_event_id":1,"packet_event_name":"packet","packet_id":46,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":298,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":298,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcNasgADkRNoKili+uzLpQ5QA13pAG0FwHT9+EAAABAAYABgABCm15cmlhZC14Y3IDeGNyB2NvbWNhc3QDbmV0AAAwAAHADAAwAAEAAAA8AIgBAAMFAwEAAbCEE7E\/tK2nbtUQfpCepzR9frAaFkveZPoT70D7sMwOQ\/+xk54PDTVfx31QpdhWXZxF\/qABasrJ\/6LYfaZOmcQd4SE2DinBGMT4mCTb3tu0MWKWTlWYTQ08jmf+Gj4hy3cOj1CHK0wnSFV850\/91\/y71SWIEMLStLnWPdodVRCzwAwAMAABAAAAPAEIAQEDBQMBAAHEJufWP+5+U3MEy5wDHiagptJ60KZhTslmbiAZzWh\/R9+Ert+MpcHrkSaQsQ=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":46,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":264,"global_ts_msec":1495451502567}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":47,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":824,"global_ts_msec":1495451558382}
01417{"packet_event_id":1,"packet_event_name":"packet","packet_id":47,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":858,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcgwIgAO4RHAeGQ2QkzLpQ5QA1kV0JAMGOMPmEIAABAAgAAAABA2xiZANlcGEDZ292AAAwAAHADAAwAAEAAVGAAQgBAAMKAwEAAeFeeMF81JKKXyZ7m1fNWItdfwnHSJNneiWKkU4z2Dds6bAcMAU825F5fa9NfMMZJ1ofvKubnNMwvEGV7LA8h9brhYvQ10pMxj96kJZe+D2O7Ie\/U1L+VkQZ1frUDUuaBBXlpisapE85PJvpkCTjRzTK5qfC1E6SFDqWtZU3beWTOHPdeWuk+L65g0ywzAgTHi3bTkvxCU0YMUSrmM\/ucRJhZSp2Bnnu9e5m0wWVcQN8RCwwKM4581XZ86AZEsMcNMn4lgfGbO+ePZEUKN4jO3xsvTDL8VCk4S6VztoVAr8CEESKK9QNE1uUtDhbA9peZVictCS6cvQdOaTSDVAe2XvADAAwAAEAAVGAAQgBAAMKAwEAAd4Ik\/y5u\/4IGOhG4VVn7buHGb4ZWWngeCtt0OswAlaKe7FLhQgiGIJppBUZzlluNA5O2z8uFn\/6vWcjc1APkIM8gTsexgXG323L+zrIDzJcesj+XxBGl3maMZApgnsAZwFPAXNwNwEd01ugaQCevUjlvvpmQcMCgMv\/o5tuAiZQn6osfIl+95UJAH0ZoIKJkmeWYoGfMFLJeDZVa92beqMioYSqa5qhiSFtNLMmVkEyO4srbnaIMRv2nTboTEx5uIQZAKEhoQiXCLMvnBvEdR4Bmlz2s25A5KJRfNyhRIPY5lTpaPW6s2MAdi6wQOi\/tq2vQucnMXojmyYDizNjnxHADAAwAAEAAVGAAQgBAQMKAwEAAcIMnmfbk6YNzYUpG7ynL2OsKhTqhlCotZUrmruLmEWBoYibBwJ4CPXSrMDYIOj2\/UHdAWHfr3HEPagX8To21t8Hq8NRY8e+GloeYTuhJFOva2ivoXj\/E4V0VfeJJVuHTY0LKwyYoTcgGJU9hLfK7JOaOq3a80oNHJ9v5iaJ8Vvi5adW1QquXLQWZtNjVOho8xmeZ\/bqiUmkgaDPOoSlyAdf9GkOJkfVzTpRgahyLRTLJYP1dcShPIBW\/gBn0naElasEgYAZ62erTyMj+Dj+McLObt+enoOo"}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":47,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":824,"global_ts_msec":1495451558382}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":48,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":248,"global_ts_msec":1495451574398}
00642{"packet_event_id":1,"packet_event_name":"packet","packet_id":48,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":282,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcvxEgADcRsUa4rRdszLpQ5QA1oygGwFz7eMKEEAABAAQAAAABDWp1ZGljaWFsd2F0Y2gDb3JnAAAwAAHADAAwAAEAAA4QAQgBAAMHAwEAAdl6vxiL++F\/pjIKqj9e7RaBV5rwA3o9DNcv0h4HQ93WZJ+2YrrhIVTBghHPFs+8FEN7Xdx2djyC1pjSprgXQ2HeWbJZy1rO2CCoH12hxAbUEQnPy1BYYsMpATL7FFzDIup6CYAV7Is7xTwPl\/Wm5B0cxltQlAHAlLMQiylRrZup5SRgZQGoi1q7dsIP6kgvfOSmZGIwr5OxtBC\/RzC+7OcNnmbexBAx\/ujQjwn1ITH0JeAIU+9jiKC+"}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":48,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":248,"global_ts_msec":1495451574398}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":49,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":112,"global_ts_msec":1495451582606}
00459{"packet_event_id":1,"packet_event_name":"packet","packet_id":49,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":146,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXceY4gADMRzHRRW60TzLpQ5QA1plQGOJZ\/AaiEEAABAAIABAAJCGdyZG5zLWRlBWRlbmljAmRlAAABAAHADAABAAEAAA4QAARRW6FQwAwALgABAAAOEADcAAEIAwAADhBZNR2QWSKokGYrBWRlbmljAmRlAJfVO1vdsL8bdrClwW8="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":49,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":112,"global_ts_msec":1495451582606}
00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":50,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":97,"global_ts_msec":1495451603049}
00439{"packet_event_id":1,"packet_event_name":"packet","packet_id":50,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":131,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc\/D8gADMRuiiBBg0DzLpQ5QA1arUGKRUJU+aEEAABAAEAAgANAzEwMgE0AzE2MwMxMzIHSU4tQUREUgRBUlBBAAAMAAHADAAMAAEAAAcIAB0GdGltZS1iCHRpbWVmcmVxB2JsZHJkb2MDZ292AMASAAI="}
00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":50,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":97,"global_ts_msec":1495451603049}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":51,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":280,"global_ts_msec":1495451611805}
00684{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":314,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcDxkgADkRXROili+vzLpQ5QA1TDYG4IL0xMOEAAABAAYABgABDmxpbmVhci10dmUtcGlsA3RvcAdjb21jYXN0A25ldAAAMAABwAwAMAABAAAAPACIAQADBQMBAAG7xRiYkSu1FrneRCH6ntrsauJWLw6fk1RtMzYYwMb16Knn1SeDLbMj6jRuPHc\/N9CDpNHKBwY7D8GGYJHtQOlY1BRgtvcl2XG\/z4KT5bOP8sBaXSr1Q60QyLTjEldwC8Hcrwfq0nlgSqdeedPWUZEiInPjf0m6Q0yG3lTY3p3jMcAMADAAAQAAADwBCAEBAwUDAQABl4a8UCzCZt5CAPJ1+RL9MCCZmtygIfM+1EkpxZWzKFW6hTlX1fvx29DxB35W993mMAjv0961og8="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":51,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":280,"global_ts_msec":1495451611805}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":52,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728,"global_ts_msec":1495451613183}
01288{"packet_event_id":1,"packet_event_name":"packet","packet_id":52,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":762,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"eLr5aHlnxDRrta3ICABFAAXccLkgAEAR7frMulDlQpiWJQA17AcIoOzEWyCBoAABAAMABAANBnRpbWUtYQRuaXN0A2dvdgAAAQABwAwAAQABAAALHAAEgQYPHMAMAC4AAQAACxwAnAABBwMAAAcIWSp7HVkhN25NKgRuaXN0A2dvdgCGDxP8mtTYURB\/z7B7zxG9M2cDPFjwCkCpyC8hiadTCV1wXBnQsMkH14gORQid9hZZkwqvAJKxlHHGFpFXs3GK70k31UcnglQglR+Jb8PvkvYMpqGZLiMdOZ+8aMQzLgN424FbMJ7np\/GSsY0NKbDsZWUKs5FEyvfl5LyBAXKP1cAMAC4AAQAACxwAnAABBwMAAAcIWSp7HVkhN25p9QRuaXN0A2dvdgCYOPJp1LyXHjTZERVC1mhE\/fFAgBPnHg5CzHCfHFW\/kHrSlPUKJrKTtWO2J6nhnsslWGL7StwY\/Ds0w3d1K1BK2EXHmf7JoxCpUcbjrJzE2AWNOuFyYMsitmrbg7hKpTz5YORW9N+9SgnPiRBdVePJPZ0ZX+5rKPwGXiVkzOvJt8ATAAIAAQAAAIYABgNnZWHAE8ATAAIAAQAAAIYABgNiZWHAE8ATAC4AAQAAAIYAnAACBwIAAAcIWSpvIFkhMlpNKgRuaXN0A2dvdgB\/AugCl6Rz+sTdMBLd\/b9WzbTmwtSJRElGSiFaNkIXGL85DwZ8CN5XIraessCeREIcUwZxVSCZqTN+jQfSqvs0RCCsELGmZy1\/6te8q\/BHGZ6r5Yfp\/FixyK0YEzCx9kE6yxKwCHgAiZ9RYjXpdk7jwKD9iHCh9psgrmi4EqWisMATAC4AAQAAAIYAnAACBwIAAAcIWSpvIFkhMlpp9QRuaXN0A2dvdgClTY7jIx2EAO1rRXMS+rZG5e8+PelDpKXOMRzGWIjrQbBJVXqIaZDLeBgBTWgx3tBkiLlUy1bOdR3MF5sPTTggHRJuEc8rRcMhHY6s0g2zr9CNylE8o5Mcs+HT"}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":52,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728,"global_ts_msec":1495451613183}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":53,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":474,"global_ts_msec":1495451617290}
00945{"packet_event_id":1,"packet_event_name":"packet","packet_id":53,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":508,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcdRkgAPQRTW+A50ABzLpQ5QA17tYHop3j4riEEAABAAIABQANBnN0YXRpYwZwdWJtZWQDZ292AAABAAHADAAFAAEAAVGAAB0JcHVibWVkZ292A3dpcARuY2JpA25sbQNuaWjAGsAMAC4AAQABUYABHgAFBwMAAVGAWr+PY1jk82PoEAZwdWJtZWQDZ292AJu6kQSEhR8egq7iff9kNvnUi3EB8Cqxahn7\/xnKCblnIeeP205Pcfvq58wdpFd4t2tLrbNoUdrfjjrIvtJTNm8AczdH8VxTTwKlZ544pPbKqSowUHJH8kt1BYbS08C6W\/koWBsjtLuk2wwJn3Xv1EHHGFTmeMXVa9Ykgp+szm4UYdPEnokSrW0ySALEqeqR1T8NYKCXtsBVthVcDs6IE2iJWsUHfJN\/ND5yD6NryHs5EYO0a5uiDSFdbl2a1e3U2IiqRcHf12Yi7nNig+en76ODdO7CGdj4XsXz8AYWndn30mHl316TfYk9Tr8TfkagYqHqYLV3kzp8Pim2wy5nSI7AOQACAAEAABwgAAkGZ3NsYjAxwELAOQACAAEAABwgAAkGZ3NsYjAywELAOQACAAEAABwgAAkGZ3NsYjAzwELAOQArAAEAAVGAABiP2QcBjJqKhZbbxHR4uEOouQ=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":53,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":474,"global_ts_msec":1495451617290}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":54,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":704,"global_ts_msec":1495451617292}
01262{"packet_event_id":1,"packet_event_name":"packet","packet_id":54,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":738,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":738,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXccB0gAPMREnGA54D7zLpQ5QA1qyQOUPvPZ1uEEAABAAIABgATCWRuczEtbmNiaQRuY2JpA25sbQNuaWgDZ292AAABAAHADAABAAEAAVGAAASCDh0fwAwALgABAAFRgAEkAAEHBQABUYBaAL7qWRNw6s2+BG5jYmkDbmxtA25paANnb3YAqynlZlaIB4Smw1gmrgrhShXsg+fKpc9IVq+H0d8Wqe8ehWyuxMN5VtfcEaLC+EeL8bzU4KuotzpGoDCkxCZdXFHPVKuaX1nzyQKnX1ljBf8NzdObkudu7m5LKsZKBwHSNYuTy0jN791rNwOkeHjeiejuoDZvEfDwRbyO1nFBJ6h8isnkI\/0kQNd0201HZH6RGOQ2KqsqoOWUQCZawvaoql571eZD0z3ieQ\/7FwpiQ9vz\/VUXzC+SYsOOT1yPoZ8c6dYCXQY8gwTNOCDqJaGJMkzo17QL1DHP4vbFEiU+nL7o8yPZTSu\/e0+\/Z3T7PU000lQYL9r0d4LlePbetu84y8BaAAIAAQAADhAAAsAMwFoAAgABAAAOEAAGA25zM8BjwFoAAgABAAAOEAAGA25zMsBjwFoAAgABAAAOEAAFAm5zwGPAWgACAAEAAA4QAAwJZG5zMi1uY2JpwFrAWgAuAAEAAA4QASQAAgcEAAAOEFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgA+EebMkCne2CNH9\/msBB1ttxS45FhdXCD5iR18dVqPuT200zDdV4BFS01NU4MYeoc3XDyOxIWfU7WKy5Zs94YsWp3mz1cDLKuZG3MK\/hBxOol\/fcuIoTQU9\/sEzYKep6XHZu6d5e\/CGkcUh2Vks9\/pyJ\/t2s2KBguZm2e\/qZ1Ezxt4cEtu9kc0sswh6yWPsWme\/zxCgcrwhF4ZRmacvc+rMVf\/a\/AghKUmUTfCHDsCeW2IcVFuIY0PYQvO0ixv6F67"}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":54,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":704,"global_ts_msec":1495451617292}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":55,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":319,"global_ts_msec":1495451618089}
00738{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":353,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcvUsgADcR9T6JyAQfzLpQ5QA1fIMHB7MjfFCEEAABAAIABQAPBGRuczEDc3NhA2dvdgAAAQABwAwAAQABAAAAPAAEicgrCMAMAC4AAQAAADwAmwABBwMAAAA8WUE2n1kZn1cHPQNzc2EDZ292AC5156k1jArAQVGBahVpB6i1h\/fLJ3i\/HJY8GxrDrwsXIly+1WH6d7kRKc6lk\/uZf0+AmaTOUahspZVRqb7TH6GrbnsyXZmTfc3Kzu2iCB1GZM+ThGuuBfTJP\/RUgJK9tEeQ4pfMuSB5LQOaizURDpM8RAEaHBNs8UiaB2wYxjm8wEwAAgABAACMoAAHBGRuczbATMBMAAIAAQAAjKAAAsAMwEwAAgABAACMoAAHBGRuczLATMBMAAIAAQAAjKAABwRkbnM1wEzATAAuAAEAAIygAJsAAgcCAACMoFlBLTxZGZ8="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":55,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":319,"global_ts_msec":1495451618089}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":56,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":327,"global_ts_msec":1495451619519}
00750{"packet_event_id":1,"packet_event_name":"packet","packet_id":56,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":361,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsBcgADIR1CChNyACzLpQ5QA1FUYM12ePIm2EEAABAAYABAANA21hZwRuY2VwBG5vYWEDZ292AAABAAHADAAFAAEAAAEsAAsDbWFnBGNwcmvAEMAMAC4AAQAAASwBIQAFBQQAAAEsWSuLaVkiUOlQZARuY2VwBG5vYWEDZ292ADcGQyBFP4D+oljdb2+uDa9\/19GSwvR6WriPq+5z0bu\/0ZaU\/D8IQsmXY34oOVHWkzG6MucH8ZmcfTOJDErUlSNSiRzFT51PBmw6nGKnxTSwXkETkX04Oo9QP2yzVDt5BovyB6C9tXHehSkdYBFKv3dkwzGxANJxhe+yFBxgwF9UCs8+cZEJOlz8tn056cIu0n8cLm0Luw3FG\/hQGfvItzUlOxBl1A60sdiGmy6QUdNCXAcNU0yZ9pOPKxcCxUBH4IhMSpEnUlvPR6QJH5nmfUQe2XEJKZYxCw=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":56,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":327,"global_ts_msec":1495451619519}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":57,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":467,"global_ts_msec":1495451619545}
00938{"packet_event_id":1,"packet_event_name":"packet","packet_id":57,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":501,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+sgADgR3T6MWiHtzLpQ5QA1+sANYy2s8YiEEAABAA8ABAANA3d3dwNuaGMEbm9hYQNnb3YAAAEAAcAMAAUAAQAAASwADwhlZGdlLW53cwN3b2PAFMAMAC4AAQAAASwBIAAFBQQAAAEsWSuLeVkiUPkyEANuaGMEbm9hYQNnb3YAmdicnE8euFUxTHUXfeUJmy6UvdRd01G3Waurvp4SxZ2PJZgNPzjjITBMLV6ecU4\/JueThrSlKZCbDqf7PO1nwK30oVaMXimjEp\/WM+cq2lYinJ+rRAUpOFrU1\/PMoKmi\/NA9YhzR1i84ntUn6pU7gPRsC1l0stlJvmpn5vPK2SEpb2eW0Gowmg8iUnJq32XYuUvIED4TSMnVkgyeOVQyRuntLmYEqOLIN1Y4bfKDTdnt4ooZOC4nZltsnzRyIjkMnu6GUtEuSBRaXw7\/LMILqzp94rUYZ+A0FpoK\/AokSahDQC+1b+t0iMHL6XYsjM4sNHxXO6pg\/DJfgn7ZWUE0hMAuAAUAAQAAASwADAdlZGdlLXAxAWzAX8AuAC4AAQAAASwBIAAFBQQAAAEsWSuLyFkiUUi\/jgN3b2MEbm9hYQNnb3YAkE66gKhT1JcM2kgWKvIXOPPjjmHF901em1sV2mJv"}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":57,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":467,"global_ts_msec":1495451619545}
00232{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","size":44,"expected":60,"global_ts_msec":1495451620149}
00320{"packet_event_id":1,"packet_event_name":"packet","packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+4gADgR3TuMWiHtzLpQ5QA16sALmpGgy8o="}
00232{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","size":44,"expected":60,"global_ts_msec":1495451620149}
00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":10,"global_ts_msec":1495451620149}
00320{"packet_event_id":1,"packet_event_name":"packet","packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+4gADgR3TuMWiHtzLpQ5QA16sALmpGgy8o="}
00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":10,"global_ts_msec":1495451620149}
00232{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","size":43,"expected":60,"global_ts_msec":1495451620868}
00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":43,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="}
00232{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","size":43,"expected":60,"global_ts_msec":1495451620868}
00204{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":9,"global_ts_msec":1495451620868}
00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":43,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="}
00204{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":9,"global_ts_msec":1495451620868}
00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","packets-captured":60,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":135,"global_ts_msec":1495451632004}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":602,"global_ts_msec":1495451632004}
01119{"packet_event_id":1,"packet_event_name":"packet","packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":636,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":636,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsh4gADYR8CWCDh0fzLpQ5QA1H4MIImMAvk+EEAABAAIABgAJBG5jYmkDbmxtA25paANnb3YAAAEAAcAMAAEAAQABUYAABIIOHW7ADAAuAAEAAVGAASQAAQcEAAFRgFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgAkf1HSoxN8AcwUdKY7WYciGx3geHak0EvSutU7odDo4dq+NlD8O\/xERFOOtnm1OnbmotJrAyzkKRKq2LhHEAKnpnQ\/7o4BV5VPHkuyi+TApDKVmXneUpTyPtHjKhT2CXt\/fyExp+B7ruJjC+Pcr5ZslqwQv1r1rPCkU5Mhz4yMR3BggA0Hh5V6YsPB3ZKTiKS\/eiA5iAmjeNxUPq28qT0hVjLTG5jO15eNmG2vPLSE3IUKr1s52HiMixNOjA9zTiA\/KJ+hR8CkVUQekEXmvwf9VBsUpBGDeS2mGNHxD+rzAlEWmLXNCGAh5Oui3uYYiuNNDR79YStEu6BCY8ZmkvsqwFAAAgABAAAOEAAMCWRuczEtbmNiacBQwFAAAgABAAAOEAAGA25zM8BZwFAAAgABAAAOEAAMCWRuczItbmNiacBQwFAAAgABAAAOEAAFAm5zwFnAUAACAAEAAA4QAAYDbnMywFnAUAAuAAEAAA4QASQAAgcEAAAOEFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgA+EebMkCne2CNH9\/msBB1ttxS45FhdXCD5iR18dVqPuT200zDdV4BFS01NU4MYeoc3XDyOxIWfU7WKy5Zs94YsWp3mz1cDLKuZG3MK\/hBxOol\/fcuIoTQU9\/sE"}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":602,"global_ts_msec":1495451632004}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":61,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":231,"global_ts_msec":1495451636457}
00621{"packet_event_id":1,"packet_event_name":"packet","packet_id":61,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":265,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcg4sgAOcRN5mDTlH+zLpQ5QA179EGr6+UudOFkwABAAAADAABCk5PU1MyUFJPNTICYWQDZGxhA21pbAAAAQABwBoABgABAAACJAAtCGVhZ2xlaWIxwBcLcmFuZHkuc21pdGjAGneyKSsAACowAAAEOAAJOoAAAAOEwBoALgABAAACJACbAAYIAgAAA4RZL+jmWSKr1jYkA2RsYQNtaWwAQ+NjrNptV+b2\/CTqZKH2biSP27tkOWTGq2KCUhlOH9E41MLSOk2lCYL6smDX5fmm1zJuobp2dyrUo+9Imrd8bXDxUMgbvMl\/t\/ob2CKRj1UwIaYHEuWwqw=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":61,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":231,"global_ts_msec":1495451636457}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":62,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":241,"global_ts_msec":1495451636679}
00632{"packet_event_id":1,"packet_event_name":"packet","packet_id":62,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":275,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcRyUgAOcRc\/+DTlH+zLpQ5QA1lCQGuTGo9n2FkwABAAAADAABCk5PU1MyUFJPNTIEdXNlNgJhZANkbGEDbWlsAAABAAHAHwAGAAEAAAGdAC0IZWFnbGVpYjHAHAtyYW5keS5zbWl0aMAfd7IpKwAAKjAAAAQ4AAk6gAAAA4TAHwAuAAEAAAGdAJsABggCAAADhFkv6OZZIqvWNiQDZGxhA21pbABD42Os2m1X5vb8JOpkofZuJI\/bu2Q5ZMarYoJSGU4f0TjUwtI6TaUJgvqyYNfl+abXMm6hunZ3KtSj70iat3xtcPFQyBu8yX+3+hvYIpGPVTAhpgcS5bCrcsRzkWs="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":62,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":241,"global_ts_msec":1495451636679}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":63,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_msec":1495451636862}
00632{"packet_event_id":1,"packet_event_name":"packet","packet_id":63,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":274,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc1mwgAOcR5LeDTlH+zLpQ5QA1mK0GuOHsaJmFkwABAAAADAABCk5PU1MyUFJPNTIDZXRuA2RsYQNtaWwAAAEAAcAbAAYAAQAAAo4AMAhlYWdsZWliMQJhZMAbC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAo4AmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":63,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_msec":1495451636862}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":64,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":486,"global_ts_msec":1495451661043}
00961{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":520,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":520,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAV8MiEgADMR67bAa2aOzLpQ5QA1kJIHTuawQK+EEAABAAIABQAPBXByZXNzBmJhbXBmYQhiZXJrZWxleQNlZHUAAAEAAcAMAAEAAQAAKjAABEWjkf3ADAAuAAEAACowAKcAAQoEAAAqMFkmu3pZIXKW\/GIGYmFtcGZhCGJlcmtlbGV5A2VkdQDYr4iiKwGHUj8t5HsllLRdCw51+RuHgmXTVi3BKZp2SlHKwPPE5NDgykdlf2nh09MKoRsS4ZQ6K+HtO0Fgl3XDsVj0e38hlFZSyxT3UsVtxM+no9NBzelbSMqdsdKPMBXZBU6WN68SPUB0Mpo5EB0ERXosqZrbp40B7OEuBwhJTsBZAAIAAQAAKjAACQZhb2RuczLAYMBZAAIAAQAAKjAACAVhZG5zMsBgwFkAAgABAAAqMAAJBmFvZG5zMcBgwFkAAgABAAAqMAAIBWFkbnMxwGDAWQAuAAEAACowAKcAAgoDAAAqMFkn98ZZIq5X\/GIGYmFtcGZhCGJlcmtlbGV5A2VkdQAn0OdhYPVBP+po1b2zTtthnlvR+AwkjgERoFRV1d81BBycm1q7rnJTejDubWCC+fexo8tBaiAWuF7QlClYFOJSAmzwtfgGPOICDtid\/wne+kDmwXvgLbwXYX5lBPAt0LIXRb3dGGBe+RGHeQ=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":64,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":486,"global_ts_msec":1495451661043}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":65,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":238,"global_ts_msec":1495451685924}
00627{"packet_event_id":1,"packet_event_name":"packet","packet_id":65,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":272,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcdQIgAOcRRiKDTlH+zLpQ5QA12ScGtpz7Az2FkwABAAAADAABDG5jYjFzZHYwMDkwMQJhZANkbGEDbWlsAAABAAHAHAAGAAEAAAHJAC0IZWFnbGVpYjHAGQtyYW5keS5zbWl0aMAcd7IpKwAAKjAAAAQ4AAk6gAAAA4TAHAAuAAEAAAHJAJsABggCAAADhFkv6OZZIqvWNiQDZGxhA21pbABD42Os2m1X5vb8JOpkofZuJI\/bu2Q5ZMarYoJSGU4f0TjUwtI6TaUJgvqyYNfl+abXMm6hunZ3KtSj70iat3xtcPFQyBu8yX+3+hvYIpGPVTAhpgcS5bCrcsRzkWs="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":65,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":238,"global_ts_msec":1495451685924}
00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":66,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":95,"global_ts_msec":1495451704377}
00436{"packet_event_id":1,"packet_event_name":"packet","packet_id":66,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":129,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcLFogADcR72\/BRGNjzLpQ5QA16EkGJwo+kYmEEAABAAUAAAABAmJnAAAwAAHADAAwAAEAAA4QAIgBAAMFAwEAAatvnBmra+7zeBm9l13suknlkqymM+dxrFdopER\/atXEXpeKon1lB9rWXtPTizfX"}
00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":66,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":95,"global_ts_msec":1495451704377}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":67,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":261,"global_ts_msec":1495451720070}
00659{"packet_event_id":1,"packet_event_name":"packet","packet_id":67,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":295,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcf7QgAOQRIpPOJiMDzLpQ5QA1bBYGzcCiF4OFkwABAAAADAABBmlzYXRhcARkYWFzA2RsYQNtaWwAAAEAAcATAAYAAQAAADAAMAhlYWdsZWliMQJhZMAYC3JhbmR5LnNtaXRowBgBMZuVAAAAtAAAABIACTqAAAADhMATAC4AAQAAADAAoAAGCAMAAAC0WS8rbVkh7l0xhgRkYWFzA2RsYQNtaWwAX2YDHFGs++P6KY5jyOnyDe0uBmvRjeLNiVar29Ll1723S4vXnuSWhUWFZRQdEVXqxkbd6V+XrLkpWPckh1R4zgV9PWSNZ8HZUjMZhQWPWXpppn2CEeN7b88KhZ27nzVXi+\/73NKvN1wXzYqVmw0ROQ=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":67,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":261,"global_ts_msec":1495451720070}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":68,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":855,"global_ts_msec":1495451745785}
01461{"packet_event_id":1,"packet_event_name":"packet","packet_id":68,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":889,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":889,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcuAIgADYRFDWAx\/RyzLpQ5QA1xd4JH1hTgneEEAABAAIABgALCGNvbnRlbnQ0CG5vdm9wb3JuA2NvbQAAAQABwAwAAQABAAAOEAAExgc9H8AMAC4AAQAADhABIAABBwMAAA4QcNvYgFkGc0W0+Ahub3ZvcG9ybgNjb20AlewZozFU2n96aVRqxQUtXjawCyGgM6B0TzRF56i4jQojMtEEU5RHV2P7Vi\/giydID14A4YyUQ85+uCYlFI0DOCtWk0z5XmpprtC9X+\/T1\/r4JD0uPBpyimV4NZ7fwQxxt5\/3s2rlf4r73xWZZ+3IUuJ2vwbncpUyzu1TuFq+36Vdmu0LH4Wzte\/E0y2pkf37K2RBRQ7Nn\/d+Xj6t5ggL4KWxhT3Q0vSCylzZfyLrz2NK8Qb9WKZPaGXKWrHYVjLVERNJemNdvrQWUyPUJZC8YuSGBgJRiBu7nGJd9NUwi+LJQ8nOWu\/g3XZWYEgJTSqnXRaYhwfpdJtUS4EbhA6YOcBVAAIAAQAADhAADANuczMFZnd3Z2\/AXsBVAAIAAQAADhAABgNuczLBc8BVAAIAAQAADhAABgNuczXBc8BVAAIAAQAADhAABgNuczHBc8BVAAIAAQAADhAABgNuczTBc8BVAC4AAQAADhABIAACBwIAAA4QcNvYgFkGc0W0+Ahub3ZvcG9ybgNjb20AcFsxOk+TskskfmYioP9UewSZSL9WmuTUot1PfZFKaiFZLalRXKlbejn1Bpls9bVGMNJ8VYVUfoGcuesziAD8mlHukbkBjCvqsQLQJlUn18HhsM8Un6BUiQsAyEQsQp5HXtsXSzUuW2h7pa5HvFt51KDRqdLdfTwvCR7QFOYApeIeE7jGd14b6fcFUUntTWakr8Diay1Cx6MEqchNtPP8y5WWowh4rqtf9abZ6MihUGhOYq4GAOz7667QkstI2cH0PhPu2Q\/5ONAvjTiLfKSfgeeGC8VSswFyq2aFb6HIlVmYOK1XmDe3BmP7FLuXhq9PlJ6aBBY41kBThidqiIzU58GrAAEAAQAADhAABGjskh7BhwABAAEAAA4QAATAYM65wW8AAQABAAAOEAAEJTBzbsG9AAEAAQAADhAABC6l7FHBmQABAAEAAA4QAASAx\/RywasALgABAAAOEAEdAAEHAw=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":68,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":855,"global_ts_msec":1495451745785}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":69,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728,"global_ts_msec":1495451748818}
01288{"packet_event_id":1,"packet_event_name":"packet","packet_id":69,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":762,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcFmEgADMRoAeBBg0DzLpQ5QA14pUIoA41h4GEEAABAAMABAANBnRpbWUtYQRuaXN0A2dvdgAAAQABwAwAAQABAAAHCAAEgQYPHMAMAC4AAQAABwgAnAABBwMAAAcIWSp7HVkhN25NKgRuaXN0A2dvdgCGDxP8mtTYURB\/z7B7zxG9M2cDPFjwCkCpyC8hiadTCV1wXBnQsMkH14gORQid9hZZkwqvAJKxlHHGFpFXs3GK70k31UcnglQglR+Jb8PvkvYMpqGZLiMdOZ+8aMQzLgN424FbMJ7np\/GSsY0NKbDsZWUKs5FEyvfl5LyBAXKP1cAMAC4AAQAABwgAnAABBwMAAAcIWSp7HVkhN25p9QRuaXN0A2dvdgCYOPJp1LyXHjTZERVC1mhE\/fFAgBPnHg5CzHCfHFW\/kHrSlPUKJrKTtWO2J6nhnsslWGL7StwY\/Ds0w3d1K1BK2EXHmf7JoxCpUcbjrJzE2AWNOuFyYMsitmrbg7hKpTz5YORW9N+9SgnPiRBdVePJPZ0ZX+5rKPwGXiVkzOvJt8D3AAIAAQAABwgABgNnZWHA98D3AAIAAQAABwgABgNiZWHA98D3AC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpNKgRuaXN0A2dvdgB\/AugCl6Rz+sTdMBLd\/b9WzbTmwtSJRElGSiFaNkIXGL85DwZ8CN5XIraessCeREIcUwZxVSCZqTN+jQfSqvs0RCCsELGmZy1\/6te8q\/BHGZ6r5Yfp\/FixyK0YEzCx9kE6yxKwCHgAiZ9RYjXpdk7jwKD9iHCh9psgrmi4EqWisMHDAC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpp9QRuaXN0A2dvdgClTY7jIx2EAO1rRXMS+rZG5e8+PelDpKXOMRzGWIjrQbBJVXqIaZDLeBgBTWgx3tBkiLlUy1bOdR3MF5sPTTggHRJuEc8rRcMhHY6s0g2zr9CNylE8o5Mcs+HT"}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":69,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728,"global_ts_msec":1495451748818}
00207{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":70,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467,"global_ts_msec":1495451756278}
02295{"packet_event_id":1,"packet_event_name":"packet","packet_id":70,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1501,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcGOsgADcRhwqY2AekzLpQ5QA1zeYLg6WA7YmEAAABAAIABQAPA25zMwNpcnMDZ292AAABAAHADAABAAEAABwgAASY2AuEwAwALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAUaOVDQJwftL9gtrUM8RfLB6qSOBXZLTc9Hok\/6MIUcY0p+ZXalWKsGuV0qSYiHp0ZrSW1UB4GFMJyv7xm1d\/Po\/u1S5R08MeFVA+R2ZtvHBErM7kw\/4vE2A51h\/i02hoLPEPwvEXL7BXREwrjYl2TQspuWnPYjiGXk63g8xr6TFgux7jb2BRXQ4LBHynjXnnvpt3XYYGbcmWAyGPAsOf9hQuEFUTW8B15ZH+YidKzPQ1rU9pRShm7Pd3FpYAiKLk4i351zYZI20c8JNuwICCSg9UMWYXsfMXQ+CnSvsgbvApAMm6rh0DMcwkAJPfalPrGBEcb5Z1jx4wdGgAiCBer8AQAAIAAQAAHCAABgNuczHAEMAQAAIAAQAAHCAABgNuczLAEMAQAAIAAQAAHCAAAsAMwBAAAgABAAAcIAAGA25zNMAQwBAALgABAAAcIAEbAAIIAgAAHCBZK47XWSJGR6xiA2lycwNnb3YAe+rn2tmycvJNbOGLWjldMLdA22UT7xzZh6HJYvuJrE5+qGxJ\/K9yON+rGW5STnO8kj2d7HsVVtkx7ts0\/\/XDYlHvMvWnWK\/Dq3C0qhX4Y4OXOL2k9lkOXDls5DytCZ+qVKg+alb58DzoDOU5yVHtP9rMKfk9VxtfA9LIEQBilUu0fUAjg6x8b2zwKV\/jt6dY6YdR2oAGxQWcfwUhdEB3XcH5NlvhjHUGSlAUPWnm6zjJAgd2MgFTKihm5f+gD+mtCN9sSjuoCyjb\/J+INEr+l8If9XkT6uujAFdNt62xgrprlhR\/4ZT3wgiZkdJcmZ4Hrkq2N2BnT7dMThz1hN6ZBcFgAAEAAQAAHCAABJjYB6TBYAAuAAEAABwgARsAAQgDAAAcIFkrjtdZIkZHrGIDaXJzA2dvdgCNfUC+vOaSAIQikt\/wOmN6FcRNH787rVK7vx8EOTihWPPbRHscOApvDuppsQAybpUJQDSnhmKXzmW0RGA6n2G0ciYqXXOsL0P3\/\/ygg+7XWZuYzKb304Zfx6QfhPLSsEP8shH+rTSNdno\/S62Ol7IpIPQ0RCioobQ2UR\/UDEXTGGbKuR4mDZJLFYeh5tIFpoqvTkHShLjF6v2OlcN8aKTXl7dgMdindVnqMLXbceQ\/g0+K8BgVnEE\/6MZYL80Ns\/V8grnGdCpO48BX8ffkLGatTdnf+50+sN\/QX2lbVRYMuygjrQrIMeAro+VDEin8TTXEdrj+U639Pp8xolDwNQMSwXIAAQABAAAcIAAEmNgHpcFyAC4AAQAAHCABGwABCAMAABwgWSuO11kiRkesYgNpcnMDZ292AAiDKcsFAKyZAPT6\/BqMm4YGNjnILP\/RiBRbrxE19HyRiZVJxwCUqilv0dC8z9SJfb+rPNQabkmaQAfOPcKhH1sxV5brmQeQEeenqlUiW5YLjefk+NMQgd+NRuOdvGYchkWl5fnmMau\/HlA+HBNsAZN1e+HH49Qw2zLGAFvFYJOqPF\/HCttPr0DY7fU3q\/deTFsRESwvpQebvinvb3rUKnldKnGamoYPobR4sa3Hc7XJ1UAcE0x56k\/d9TLBNjQCHoPmejklH71ALytcz1kqNyblcIX4lJZisb91+kN14GrJEgCW46spplu2sT6hC4lmdNpv9JaIXIh6VBVmBv4anY3BkgABAAEAABwgAASY2AuFwZIALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAJ3yCZvDhJMpICeF2AdNj6dX83t1aIlZReudVBhsa5qliqrUuu1fMBb1RYQ38UscZhlrQBQAAAAAAAGEBAAAAAAAAQwAAAAAAAADE0AAAxA=="}
00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":70,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467,"global_ts_msec":1495451756278}
00207{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":71,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467,"global_ts_msec":1495451756278}
02292{"packet_event_id":1,"packet_event_name":"packet","packet_id":71,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1501,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcGO8gADcRhwaY2AekzLpQ5QA1NzILg45YlzKEAAABAAIABQAPA25zMgNpcnMDZ292AAABAAHADAABAAEAABwgAASY2AelwAwALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YACIMpywUArJkA9Pr8GoybhgY2Ocgs\/9GIFFuvETX0fJGJlUnHAJSqKW\/R0LzP1Il9v6s81BpuSZpAB849wqEfWzFXluuZB5AR56eqVSJblguN5+T40xCB341G4528ZhyGRaXl+eYxq78eUD4cE2wBk3V74cfj1DDbMsYAW8Vgk6o8X8cK20+vQNjt9Ter915MWxERLC+lB5u+Ke9vetQqeV0qcZqahg+htHixrcdztcnVQBwTTHnqT931MsE2NAIeg+Z6OSUfvUAvK1zPWSo3JuVwhfiUlmKxv3X6Q3XgaskSAJbjqymmW7axPqELiWZ02m\/0lohciHpUFWYG\/hqdjcAQAAIAAQAAHCAABgNuczHAEMAQAAIAAQAAHCAAAsAMwBAAAgABAAAcIAAGA25zM8AQwBAAAgABAAAcIAAGA25zNMAQwBAALgABAAAcIAEbAAIIAgAAHCBZK47XWSJGR6xiA2lycwNnb3YAe+rn2tmycvJNbOGLWjldMLdA22UT7xzZh6HJYvuJrE5+qGxJ\/K9yON+rGW5STnO8kj2d7HsVVtkx7ts0\/\/XDYlHvMvWnWK\/Dq3C0qhX4Y4OXOL2k9lkOXDls5DytCZ+qVKg+alb58DzoDOU5yVHtP9rMKfk9VxtfA9LIEQBilUu0fUAjg6x8b2zwKV\/jt6dY6YdR2oAGxQWcfwUhdEB3XcH5NlvhjHUGSlAUPWnm6zjJAgd2MgFTKihm5f+gD+mtCN9sSjuoCyjb\/J+INEr+l8If9XkT6uujAFdNt62xgrprlhR\/4ZT3wgiZkdJcmZ4Hrkq2N2BnT7dMThz1hN6ZBcFgAAEAAQAAHCAABJjYB6TBYAAuAAEAABwgARsAAQgDAAAcIFkrjtdZIkZHrGIDaXJzA2dvdgCNfUC+vOaSAIQikt\/wOmN6FcRNH787rVK7vx8EOTihWPPbRHscOApvDuppsQAybpUJQDSnhmKXzmW0RGA6n2G0ciYqXXOsL0P3\/\/ygg+7XWZuYzKb304Zfx6QfhPLSsEP8shH+rTSNdno\/S62Ol7IpIPQ0RCioobQ2UR\/UDEXTGGbKuR4mDZJLFYeh5tIFpoqvTkHShLjF6v2OlcN8aKTXl7dgMdindVnqMLXbceQ\/g0+K8BgVnEE\/6MZYL80Ns\/V8grnGdCpO48BX8ffkLGatTdnf+50+sN\/QX2lbVRYMuygjrQrIMeAro+VDEin8TTXEdrj+U639Pp8xolDwNQMSwYAAAQABAAAcIAAEmNgLhMGAAC4AAQAAHCABGwABCAMAABwgWSuO11kiRkesYgNpcnMDZ292AFGjlQ0CcH7S\/YLa1DPEXyweqkjgV2S03PR6JP+jCFHGNKfmV2pVirBrldKkmIh6dGa0ltVAeBhTCcr+8ZtXfz6P7tUuUdPDHhVQPkdmbbxwRKzO5MP+LxNgOdYf4tNoaCzxD8LxFy+wV0RMK42Jdk0LKblpz2I4hl5Ot4PMa+kxYLse429gUV0OCwR8p415576bd12GBm3JlgMhjwLDn\/YULhBVE1vAdeWR\/mInSsz0Na1PaUUoZuz3dxaWAIii5OIt+dc2GSNtHPCTbsCAgkoPVDFmF7HzF0Pgp0r7IG7wKQDJuq4dAzHMJACT32pT6xgRHG+WdY8eMHRoAIggXq\/BkgABAAEAABwgAASY2AuFwZIALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAJ3yCZvDhJMpICeF2AdNj6dX83t1aIlZReudVBhsa5qliqrUuu1fMBb1RYQ38UscZhlrQBQAAAAAAAGEBAAAAAAAAQwAAAAAAAADE0AAAxA=="}
00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":71,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467,"global_ts_msec":1495451756278}
00207{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":72,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467,"global_ts_msec":1495451756278}
02298{"packet_event_id":1,"packet_event_name":"packet","packet_id":72,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1501,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcGPEgADcRhwSY2AekzLpQ5QA1Q8QLg5NBAMmEAAABAAIABQAPA25zMwNpcnMDZ292AAAcAAHADAAcAAEAABwgABAmEAAwIAAAUwAAAAAAAACQwAwALgABAAAcIAEbABwIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAggGB5zn+E1Pg+FLMqTHnbMA\/oOer5LeX4aIHpNS4o6eo3\/mQLBqkFditZ2io9gnZB4qh2JsMATiESYiHWEYj0bEtKixiKHmqgPaqgsClUlMc36a53fLyVtyHOsfb4Bn06ipKA\/mFDV0+OoNw8Y3Ho1jSbY7bHubvRM+pfr9JzoRxfb3DWL73ZWluCLfXSQajOLrJJnVQ+P2lNfaTK3czYjjMf3wRU9NKWnRGD4+bDy+2RctwKE\/IMs\/GjQVGFjztYPa6p\/mlAS1K5K4FizcZBjmrNEKa71WUgVe3uiPYOufTuXw7A\/z431698ylT38+Lw74o4px+sIHQ1lAUZBM4AMAQAAIAAQAAHCAABgNuczHAEMAQAAIAAQAAHCAABgNuczLAEMAQAAIAAQAAHCAAAsAMwBAAAgABAAAcIAAGA25zNMAQwBAALgABAAAcIAEbAAIIAgAAHCBZK47XWSJGR6xiA2lycwNnb3YAe+rn2tmycvJNbOGLWjldMLdA22UT7xzZh6HJYvuJrE5+qGxJ\/K9yON+rGW5STnO8kj2d7HsVVtkx7ts0\/\/XDYlHvMvWnWK\/Dq3C0qhX4Y4OXOL2k9lkOXDls5DytCZ+qVKg+alb58DzoDOU5yVHtP9rMKfk9VxtfA9LIEQBilUu0fUAjg6x8b2zwKV\/jt6dY6YdR2oAGxQWcfwUhdEB3XcH5NlvhjHUGSlAUPWnm6zjJAgd2MgFTKihm5f+gD+mtCN9sSjuoCyjb\/J+INEr+l8If9XkT6uujAFdNt62xgrprlhR\/4ZT3wgiZkdJcmZ4Hrkq2N2BnT7dMThz1hN6ZBcFsAAEAAQAAHCAABJjYB6TBbAAuAAEAABwgARsAAQgDAAAcIFkrjtdZIkZHrGIDaXJzA2dvdgCNfUC+vOaSAIQikt\/wOmN6FcRNH787rVK7vx8EOTihWPPbRHscOApvDuppsQAybpUJQDSnhmKXzmW0RGA6n2G0ciYqXXOsL0P3\/\/ygg+7XWZuYzKb304Zfx6QfhPLSsEP8shH+rTSNdno\/S62Ol7IpIPQ0RCioobQ2UR\/UDEXTGGbKuR4mDZJLFYeh5tIFpoqvTkHShLjF6v2OlcN8aKTXl7dgMdindVnqMLXbceQ\/g0+K8BgVnEE\/6MZYL80Ns\/V8grnGdCpO48BX8ffkLGatTdnf+50+sN\/QX2lbVRYMuygjrQrIMeAro+VDEin8TTXEdrj+U639Pp8xolDwNQMSwX4AAQABAAAcIAAEmNgHpcF+AC4AAQAAHCABGwABCAMAABwgWSuO11kiRkesYgNpcnMDZ292AAiDKcsFAKyZAPT6\/BqMm4YGNjnILP\/RiBRbrxE19HyRiZVJxwCUqilv0dC8z9SJfb+rPNQabkmaQAfOPcKhH1sxV5brmQeQEeenqlUiW5YLjefk+NMQgd+NRuOdvGYchkWl5fnmMau\/HlA+HBNsAZN1e+HH49Qw2zLGAFvFYJOqPF\/HCttPr0DY7fU3q\/deTFsRESwvpQebvinvb3rUKnldKnGamoYPobR4sa3Hc7XJ1UAcE0x56k\/d9TLBNjQCHoPmejklH71ALytcz1kqNyblcIX4lJZisb91+kN14GrJEgCW46spplu2sT6hC4lmdNpv9JaIXIh6VBVmBv4anY3ADAABAAEAABwgAASY2AuEwAwALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAUaOVDQJwftL9gtrUM8RfLB6qSOBXZLTc9Hok\/6MIUcY0p+ZXalXQBQAAAAAAAGEBAAAAAAAAQwAAAAAAAADE0AAAxA=="}
00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":72,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467,"global_ts_msec":1495451756278}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":73,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728,"global_ts_msec":1495451760381}
01286{"packet_event_id":1,"packet_event_name":"packet","packet_id":73,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":762,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcGAEgADMRnmeBBg0DzLpQ5QA1ohMIoLZgAPuEEAABAAMABAANBnRpbWUtYgRuaXN0A2dvdgAAAQABwAwAAQABAAAHCAAEgQYPHcAMAC4AAQAABwgAnAABBwMAAAcIWSqP21khSTdNKgRuaXN0A2dvdgB6DVGNpuOznKvdrQN8bwUpu4PENDRSb+5+syaMGo6RaYqni8IQRlgrlLmn0P9fWLeESttBnO35aSL8o+kaUL7kh56Tzeztgfxvi73UEVovSqcWPBrNHp06FMiCkzzWxYm3rwMsy7tgq5QiEQG82TMM5cM\/UdLrrVKTvePPvapChMAMAC4AAQAABwgAnAABBwMAAAcIWSqP21khSTdp9QRuaXN0A2dvdgAH3ZlJ1Plagxurcne6cVxPIYLgmEuZl+Z8WXRbQC0s7YxnKt0M7zxnZKNLd21OfZCww+HGwHXqGzXhrH5S539DqqjEfHlik\/EheQJBrs2wgJD6BuPbFqZ+\/m62e5E1TenoG46sJm2SbQR4t88KGGo41imZHHAUOlsfMJEWeIhOwsD3AAIAAQAABwgABgNnZWHA98D3AAIAAQAABwgABgNiZWHA98D3AC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpNKgRuaXN0A2dvdgB\/AugCl6Rz+sTdMBLd\/b9WzbTmwtSJRElGSiFaNkIXGL85DwZ8CN5XIraessCeREIcUwZxVSCZqTN+jQfSqvs0RCCsELGmZy1\/6te8q\/BHGZ6r5Yfp\/FixyK0YEzCx9kE6yxKwCHgAiZ9RYjXpdk7jwKD9iHCh9psgrmi4EqWisMHDAC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpp9QRuaXN0A2dvdgClTY7jIx2EAO1rRXMS+rZG5e8+PelDpKXOMRzGWIjrQbBJVXqIaZDLeBgBTWgx3tBkiLlUy1bOdR3MF5sPTTggHRJuEc8rRcMhHY6s0g2zr9CNylE8o5Mcs+HT"}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":73,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728,"global_ts_msec":1495451760381}
00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":74,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":38,"global_ts_msec":1495451763731}
00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":74,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"eLr5aHlnxDRrta3ICABFAAXcogYgAEARoZXMulDlS2GodAA12qEF7q5VMVqBoAABAA8ABAABA3d3dwNzc2QEbm9hYQNnb3YA"}
00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":74,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":38,"global_ts_msec":1495451763731}
00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":75,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":74,"global_ts_msec":1495451779464}
00406{"packet_event_id":1,"packet_event_name":"packet","packet_id":75,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":108,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcjkogADURn38YivwdzLpQ5QA1IBMGEoHof96EEwABAAAACAABB2R5bmFtaWMJbGliZXJ0eXByA25ldAAAHAABwBQABgABAAAOEAAkBWRucy0xwBQFYWRtaW7A"}
00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":75,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":74,"global_ts_msec":1495451779464}
00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":76,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":74,"global_ts_msec":1495451779745}
00406{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":108,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcjksgADURn34YivwdzLpQ5QA1chAGEkLdh+yEEwABAAAACAABB2R5bmFtaWMJbGliZXJ0eXByA25ldAAAAQABwBQABgABAAAOEAAkBWRucy0xwBQFYWRtaW7A"}
00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":76,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":74,"global_ts_msec":1495451779745}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":77,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":252,"global_ts_msec":1495451779762}
00649{"packet_event_id":1,"packet_event_name":"packet","packet_id":77,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":286,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcB3MgADsR6J3HK4U1zLpQ5QA1x0sGxG739qGEEAABAAIABgANA3d3dwVpY2FubgNvcmcAAAEAAcAMAAUAAQAADhAACgN3d3cDdmlwwBDADAAuAAEAAA4QAKAABQcDAAAOEFkvMblZE0c+sGYFaWNhbm4Db3JnAFcOXWiLmAn+7RhE3TKRAZ5C+YCLPXSCXHhs6mLxoYLFSB9OmyFE9HQ90+HWIdUDemeRreC546O8dauCK16auNeVpMGVWBmAVkdmYo\/jYS\/f0rb0ZmripWbPcu3lWPDh7GnpYHF2BQ+z6kikiq9qTkmjhshwCrs5yNXSFD+OutJN\/jecwC8AAgABAAAOEAALBGd0bTEDbA=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":77,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":252,"global_ts_msec":1495451779762}
00207{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":78,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1129,"global_ts_msec":1495451795488}
01816{"packet_event_id":1,"packet_event_name":"packet","packet_id":78,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1163,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcnoIgADsRANkX04VDzLpQ5QA1ZoEP+cmJ9tyEAAABACEAAAAdBF9ub3MEX3RjcAdub3MtYXZnAmN6AAAhAAHADAAhAAEAAAcIAB0AZAAKAbsKZmUtc2VsZjAwNwdub3MtYXZnAmN6AMAMACEAAQAABwgAHQBkAAoBuwpmZS1zZWxmMDAyB25vcy1hdmcCY3oAwAwAIQABAAAHCAAcAGQACgBQCWZlLXByZzAwNAdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoBuwlmZS1wcmcwMDgHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAFAKZmUtc2VsZjAwNwdub3MtYXZnAmN6AMAMACEAAQAABwgAHQBkAAoAUApmZS1zZWxmMDAyB25vcy1hdmcCY3oAwAwAIQABAAAHCAAdAGQACgG7CmZlLXNlbGYwMDYHbm9zLWF2ZwJjegDADAAhAAEAAAcIABwAZAAKAbsJZmUtcHJnMDAzB25vcy1hdmcCY3oAwAwAIQABAAAHCAAcAGQACgBQCWZlLXByZzAwNgdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoAUAlmZS1wcmcwMDEHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAFAKZmUtc2VsZjAwMwdub3MtYXZnAmN6AMAMACEAAQAABwgAHQBkAAoAUApmZS1zZWxmMDA4B25vcy1hdmcCY3oAwAwAIQABAAAHCAAcAGQACgG7CWZlLXByZzAwNwdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoAUAlmZS1wcmcwMDIHbm9zLWF2ZwJjegDADAAhAAEAAAcIABwAZAAKAFAJZmUtcHJnMDAzB25vcy1hdmcCY3oAwAwAIQABAAAHCAAdAGQACgG7CmZlLXNlbGYwMDgHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAbsKZmUtc2VsZjAwNAdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoBuwlmZS1wcmcwMDUHbm9zLWF2ZwJjegDADAAhAAEAAAcIABwAZAAKAFAJZmUtcHJnMDA3B25vcy1hdmcCY3oAwAwAIQABAAAHCAAdAGQACgG7CmZlLXNlbGYwMDEHbm9zLWF2ZwJjegDADAAhAAEAAAcIABwAZAAKAFAJZmUtcHJnMDA1B25vcy1hdmcCY3oAwAwAIQABAAAHCAAcAGQACgBQCWZlLXByZzAwOAdub3MtYXZnAmN6AMAMACEAAQAABwgAHQBkAAoBuwpmZS1zZWxmMDAzB25vcy1hdmcCY3oAwAwAIQABAAAHCAAdAGQACgBQCmZlLXNlbGYwMDYHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAbsKZmUtc2VsZjAwNQdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoBuwlmZS1wcmcwMDQHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAFAKZmUtc2VsZjAwNAc="}
00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":78,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1129,"global_ts_msec":1495451795488}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":79,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":675,"global_ts_msec":1495451801867}
01217{"packet_event_id":1,"packet_event_name":"packet","packet_id":79,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":709,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":709,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcVUIgADoR311APsiTzLpQ5QA1HC4OMzJ8VlCEEAABAAIABgATA25zMgNucmMDZ292AAAcAAHADAAcAAEAAA4QABAgAUnw0GQABhAAAAAAAAGHwAwALgABAAAOEAEbABwHAwAADhBZlIDRWR3Z0YaKA25yYwNnb3YAPWJVgdJKgVrTRsYmmdfgVzqqFqEjtUkbPsBTAyhBqcDqUhyiJ9lBKi0APTMHaoRlm9hKhCaxBf4OosrfcZZZslLTdHCsdWT3HBqF8quhdYgBFhCMYj2GltCBFdXUFuG\/ZMZe\/CYWmCUJwAYCF1Nrid6tA42V3+7Xl7GskBZncS2WWlSxB29bNO5qp\/hzNCvZSu+2CoR2pxntdEHpFyHTMEFW1GIMYaBIBeKmZ9Doz3BzKpSAQQ+2gzTU0pwjmlklQze5+O\/T87VbIrIG0NI6rOWvlrdMZVPfgmbDRUgBonXYW7ys3J4xP6AACqxAfp0yxUWCfy9QuEQQgB+HEB0bVMBXAAIAAQAADhAAAsAMwFcAAgABAAAOEAAGA25zM8BXwFcAAgABAAAOEAAVB2Ruc3NlYzcHZGF0YW10bgNjb20AwFcAAgABAAAOEAALCGRuc3NlYzExwZTAVwACAAEAAA4QAAYDbnMxwFfAVwAuAAEAAA4QARsAAgcCAAAOEFmUgNFZHdnRhooDbnJjA2dvdgCZi7bFn+nZ2P6WVw6o+kkwQuaKLgQuorJ5umHdHNd9400r4gzeBn33Ed0Zu7gD64lr2vhaLbxzLduR1aVAh1X4VlSh2jIQFWHIeoJ8Onasxl0l5tBD7VY1PneeZ1c40Al01eURgN\/WP7woAAMGLHDFWcaVfxALKzEXvlThyjffaO1k\/60LDVhVBDOZ6qeLxCdDVAfYZWLOALT5G71UUp\/mfWeY+zuZZrL9Mg=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":79,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":675,"global_ts_msec":1495451801867}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":80,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":276,"global_ts_msec":1495451802317}
00680{"packet_event_id":1,"packet_event_name":"packet","packet_id":80,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":310,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":310,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc7j0gADgRdoqiljgTzLpQ5QA13WQG3OQmOZmEAAABAAYABgABDXN0YXRpYy1hc3NldHMDdG9wB2NvbWNhc3QDbmV0AAAwAAHADAAwAAEAAAA8AIgBAAMFAwEAAdNI7Jg7FgzKcoFbbTVFnNS103uNlzSi57w6MSU8g4N7BY45c8wRU0sUX4wCfS5mnvFDJOVeri9\/brOPAihImJbUq1qtU1hWYhriE+Q5okjx68WWhd44ZtMny6bsYRvUiusoqWjg23bXi9ii\/7fg+pccZPnCpi15g6KH4Pi07RLdwAwAMAABAAAAPAEIAQEDBQMBAAHH50NT4xwBENYYIASJ2mD3BG9QGEiNhcrE595erpAhJx7YsU81LP9gTvm6xTLb7N7F1r2ajg=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":80,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":276,"global_ts_msec":1495451802317}
00207{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":81,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1178,"global_ts_msec":1495451817304}
01892{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1212,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsBogADIR1B2hNyACzLpQ5QA1FhYKYhxxeiOEEAABAAIABAAND2F2aWF0aW9ud2VhdGhlcgNnb3YAAAEAAcAMAAEAAQAAAHgABIxaZc\/ADAAuAAEAAAB4AScAAQUCAAAAeFkriyJZIlCiJtkPYXZpYXRpb253ZWF0aGVyA2dvdgBcAnaQGheMvunF5C4cR5MJ72dSM8drk3RcE\/+nxnzfOogtDZmIWC2uUpk1r8xGZG2a2jRIA\/aj7zKkRbvNWBJ7qmI7yE\/unpmntn5Dyz3Um2RQBCjsXFWyfJgY5adyFQrx82AJTn0XIJJWlgv2g8gLH5cB5vq1Yx2QwIizFaT84HOR9Ro7mx0vPzffSQYtz10RZTKVLepM1R9WCwQoAlCmj1FX3PJSAVW1ysoAcCz8VNw8RQVeI7UOQsrNyeoeQU4fT9ZJVxaQxHfWRAhaVBdW1NMrgGV8IGluYRAdA\/hJk+MHJtjXbnaSeicSZRZLPiWIrQ+9vEs51K9tviWP1U47wFMAAgABAAAAeAAMBG5zLWUEbm9hYcBjwFMAAgABAAAAeAAIBW5zLW13wXnAUwACAAEAAAB4AAgFbnMtbnfBecBTAC4AAQAAAHgBJwACBQIAAAB4WSuLIlkiUKIm2Q9hdmlhdGlvbndlYXRoZXIDZ292ACem07do6v1NXUbeeSFCIj1ItSvoyoZ\/MkEVoL5rYeAY9tnwbNm\/RpXbQs3WZA84dHc8qApmpHZjNOzbQez3KZG7OK1f97Akn7bH1Ky7MKcrTPKH1PCPR0y4c94s6MFoH7fD6SfpHkqVyFkaspk\/OJpadSYLEQw32h1fGec9Via\/3fvcfA9UaUVW48GZIkYFNWZU\/dMHVDul0koiW1RkbrGjSj9jrN8M5OzzGNtQWIjEdvi5TKW5kPQt9XYqkeohSO6NHXOBkElsykELYz0FoRto8wvtZYGKZxoLfRlDES0YDpe+inWG1xWUXgvmym\/DRCrMlOOt9xEshGof6J1Kr9DBdAABAAEAAVGAAASMWiHtwXQAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8GMAAEAAQABUYAABIysEe3BjAAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3waAAAQABAAFRgAAEoTcgAsGgABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBdAAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8F0AC4AAQABUYAB"}
00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":81,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1178,"global_ts_msec":1495451817304}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":82,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_msec":1495451840165}
00632{"packet_event_id":1,"packet_event_name":"packet","packet_id":82,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":274,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcQSkgAOcRefuDTlH+zLpQ5QA1iN8GuEyAW62FkwABAAAADAABCkhJMDFXRUYwMDEDZXRuA2RsYQNtaWwAAAEAAcAbAAYAAQAAAycAMAhlYWdsZWliMQJhZMAbC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAycAmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":82,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_msec":1495451840165}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":83,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":290,"global_ts_msec":1495451840209}
00697{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":324,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcQccgAOcReV2DTlH+zLpQ5QA1iBUG6lPedjOFkwABAAAADAABCkhJMDFXRUYwMDEEbm9zYwNkbGEDbWlsAAABAAHAFwAGAAEAAABZADAIZWFnbGVpYjECYWTAHAtyYW5keS5zbWl0aMAcAAAHZgAAALQAAAASAAk6gAAAA4TAFwAuAAEAAABZAKAABggDAAAAtFkv4yBZIqYQMlUEbm9zYwNkbGEDbWlsAHAi\/\/IpY3Psvud3bXls8gvS7SxTXcJbJ2fO4LqoVAeoWw33Sok4nKe8G5wSzgrj+gHIwqz4AXRl3ZauyfrHZKtplIVp\/qYFFwFvnbKy4VuVxCDuV39nS0bYD6vwMZut5duIQsRD92AJMBuJaLwaFueObOvDDzhSu2qWb8T7Pru6wBcALgABAAAA"}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":83,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":290,"global_ts_msec":1495451840209}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":84,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":249,"global_ts_msec":1495451840333}
00645{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":283,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcQ9AgAOcRd1SDTlH+zLpQ5QA1+V4GwcnHlaqFkwABAAAADAABCkhJMDFXRUYwMDEDb29iA2RsYQNtaWwAAAEAAcAbAAYAAQAAAZUAMAhlYWdsZWliMQJhZMAbC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAZUAmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORa\/AgRGTYgjUNSA=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":84,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":249,"global_ts_msec":1495451840333}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":85,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":675,"global_ts_msec":1495451860723}
01217{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":709,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":709,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXctFYgADoRIiVBMSXFzLpQ5QA1N2wOM3VnSZ6EEAABAAIABgATA25zMQNucmMDZ292AAAcAAHADAAcAAEAAA4QABAgAQRwAAEAeiAAAAAAAACXwAwALgABAAAOEAEbABwHAwAADhBZlIDRWR3Z0YaKA25yYwNnb3YALVciLeV6\/9PVH3ix0oDMwPVXP+IuKi7iilwN8AXuICaEixRjMcL3k6CimR5Qqz2Ycw6GKR7q0Ru6zaeR+QYAjDqrD+MMW8dbCcINrpqJWjnqBRalN\/yYo\/yvsBa2wZPK3alx2x5VnRHoD2Js8UfeJJoW0zLMCnQkcnHnI8zIxKzPAlhcVwmcU+2j33B8sM29LmFlzJzazhfNwdxdRvaTNbUEhTzhlpB7woguGh3UcEHOLFrxazn6WmkxImFq2NBaB\/T0eDIozLqDuE+altkXto3Lyhd11i49paFgy0Mhg2C0ZQoPj1+cSeqFyHfhmq920VlYzrf1hk07KsH5DFRWS8BXAAIAAQAADhAAFghkbnNzZWMxMQdkYXRhbXRuA2NvbQDAVwACAAEAAA4QAAYDbnMzwFfAVwACAAEAAA4QAALADMBXAAIAAQAADhAACgdkbnNzZWM3wXXAVwACAAEAAA4QAAYDbnMywFfAVwAuAAEAAA4QARsAAgcCAAAOEFmUgNFZHdnRhooDbnJjA2dvdgCZi7bFn+nZ2P6WVw6o+kkwQuaKLgQuorJ5umHdHNd9400r4gzeBn33Ed0Zu7gD64lr2vhaLbxzLduR1aVAh1X4VlSh2jIQFWHIeoJ8Onasxl0l5tBD7VY1PneeZ1c40Al01eURgN\/WP7woAAMGLHDFWcaVfxALKzEXvlThyjffaO1k\/60LDVhVBDOZ6qeLxCdDVAfYZWLOALT5G71UUp\/mfWeY+zuZZrL9Mg=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":85,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":675,"global_ts_msec":1495451860723}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":86,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":270,"global_ts_msec":1495451867062}
00675{"packet_event_id":1,"packet_event_name":"packet","packet_id":86,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":304,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcqqsgAOcREHmDTlH+zLpQ5QA1TnkG1twua62FkwABAAAADAABClJDMDFXRUYwMDEEbmVtbwNkbGEDbWlsAAABAAHAFwAGAAEAAAA8ADAIZWFnbGVpYjECYWTAHAtyYW5keS5zbWl0aMAcd9p7lQAAKjAAAAQ4ABJ1AAAAA4TAFwAuAAEAAAA8AKAABggDAAAAPFkvM2hZIfZYHRkEbmVtbwNkbGEDbWlsAB1eP48NXB48YC39LxAk\/Khj2mVEQ6aS5HOSznEHbJsfSIIptRD6BtLuXwGHekuWL8Z8c4kWh5ITHm730bhtaFCQHR4MBMAUg\/QYfZB\/3QkezK+jd+kE5nVF\/tAkTs15nBpCsT3XFv1DW\/UqWuIhDZwgTv+++Q=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":86,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":270,"global_ts_msec":1495451867062}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":87,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":169,"global_ts_msec":1495451874121}
00537{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":203,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcE+8gADUR5p1N8Pn0zLpQ5QA1XvoGcR\/WhA+EEAABAAIABQAHA25zMQNjc2MCbHQAAAEAAcAMAAEAAQABUYAABE3w+fTADAAuAAEAAVGAARoAAQcDAAFRgFkvGkZZB4jkr\/cDY3NjAmx0ALbKVVGDcRZDqk1lyGdWsP5IQ26mLHrrMMz2pPyson+cx8+CsnAw8\/PhfvXbGxejQaIrCYXN3lCaimZi4Ns9eAyNg0i42MNM14BM77qxS7I="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":87,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":169,"global_ts_msec":1495451874121}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":88,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":231,"global_ts_msec":1495451891093}
00621{"packet_event_id":1,"packet_event_name":"packet","packet_id":88,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":265,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcxOggAOQR3V7OJiMDzLpQ5QA1oocGr2AqSlqFkwABAAAADAABClBIMDFXRUYwMDECYWQDZGxhA21pbAAAAQABwBoABgABAAACAgAtCGVhZ2xlaWIxwBcLcmFuZHkuc21pdGjAGneyKSsAACowAAAEOAAJOoAAAAOEwBoALgABAAACAgCbAAYIAgAAA4RZL+jmWSKr1jYkA2RsYQNtaWwAQ+NjrNptV+b2\/CTqZKH2biSP27tkOWTGq2KCUhlOH9E41MLSOk2lCYL6smDX5fmm1zJuobp2dyrUo+9Imrd8bXDxUMgbvMl\/t\/ob2CKRj1UwIaYHEuWwqw=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":88,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":231,"global_ts_msec":1495451891093}
00207{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":89,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1155,"global_ts_msec":1495451910684}
01871{"packet_event_id":1,"packet_event_name":"packet","packet_id":89,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1189,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW3YgADURSGKMrBHtzLpQ5QA1nlwKS15OQ2CEEAABAAIABAANDmNhbWVvY2hlbWljYWxzBG5vYWEDZ292AAABAAHADAABAAEAAVGAAAShN0EOwAwALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AIaf94KEuv9ZJnwf0eecIweTnGhU9b8l62tJ68k6dYKJPMmWgU+FCdyf\/QzA4d7evU\/WdY7C1qnmSAKUF\/jv82PtKEXWR9WzExnNSIkYyQ5Ek5HmxOvXRyAbUWYpnmzE31nJFS1DIaj6bHFKKyXa7kbE2lCLrY7Yw5mk7cXQ4OLgm8h\/Rf8PZUuRTxVYvWYo4+TVze1zHc8FD\/ypXkA55QgQpzIh2fdyiGaKmMRm4vEgVKR9qcV84hn2T6W953fnxyCiEAhN7\/HrL8+6Sed3bKvypaRqQ6VyWlurn4p4PS768LrGaurHjeTDHLHyOhT+cpJoI83IpDVd3ZFZXfga1z\/AVwACAAEAAVGAAAgFbnMtbnfAV8BXAAIAAQABUYAACAVucy1td8BXwFcAAgABAAFRgAAHBG5zLWXAV8BXAC4AAQABUYABHAACBQIAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgB\/\/xDOV8RlACc0tJNxS+YKsLSQOBQbk6NLsQZG3YDTjO3iKsh7IcLqiw6uOc7SaLs86m+f\/kMHQskW6EQOmEHDMnbqN9IQMGQT4wsBbRrQmwjtM3XaVIfw2QRYEj4dnRSam\/XPSboR6M9\/hOGPVESZ\/uQ6WqFzbJ5fPUcerIlG\/kYoZuwvlZN9eWpmI2uvZVEJoNzzXHVFVxe+gyzQ2fX9CfzbU64wrazKsV4840AxDn9S8jSgjT7wrA1fAbUY1N1Z18MDcPXwCsgNM45SCTA3GR4LZG5q0wfZhRsvLTMW6nxaQfuphvLWLR4kFiw6usfYhcbxye3Gh4WdZwsuqUy1wZUAAQABAAFRgAAEjFoh7cGVABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBgQABAAEAAVGAAASMrBHtwYEAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8FtAAEAAQABUYAABKE3IALBbQAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwZUALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBlQAuAAEAAVGAAQ=="}
00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":89,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1155,"global_ts_msec":1495451910684}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":90,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":271,"global_ts_msec":1495451913554}
00672{"packet_event_id":1,"packet_event_name":"packet","packet_id":90,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":305,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcoZEgAOcRGZODTlH+zLpQ5QA1hecG1xOqS+SFkwABAAAADAABC0NNSDBTLTUwNjI0BGRhYXMDZGxhA21pbAAAAQABwBgABgABAAAAPwAwCGVhZ2xlaWIxAmFkwB0LcmFuZHkuc21pdGjAHQExm5UAAAC0AAAAEgAJOoAAAAOEwBgALgABAAAAPwCgAAYIAwAAALRZLyttWSHuXTGGBGRhYXMDZGxhA21pbABfZgMcUaz74\/opjmPI6fIN7S4Ga9GN4s2JVqvb0uXXvbdLi9ee5JaFRYVlFB0RVerGRt3pX5esuSlY9ySHVHjOBX09ZI1nwdlSMxmFBY9ZemmmfYIR43tvzwqFnbufNVeL7\/vc0q83XBfNipWbDRE5bz+qVR8="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":90,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":271,"global_ts_msec":1495451913554}
00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":91,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":76,"global_ts_msec":1495451914068}
00410{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcXUggADgRPcyY2AuFzLpQ5QA1eM4GFPW9NOaEAwABAAAACAABC3NpcGludGVybmFsA2lycwNnb3YAAAEAASBlZmxia2RtZjJtY241ZWg0ZjB1OW9lZHN2bWFxODA="}
00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":91,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":76,"global_ts_msec":1495451914068}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":92,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":452,"global_ts_msec":1495451914094}
00917{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":486,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFKAXcMaIgADQR\/37IE0oVzLpQ5QA1cggHjFp0zlSEEAABAAMABQAKA25zMgZwb3AtcHIDcm5wAmJyAAAcAAHADAAcAAEAAAEsABAoAQCCAAAABgAAAAAAAAAgwAwALgABAAABLAChABwFBAAAASxYVstzWC8+c5NwBnBvcC1wcgNybnACYnIA1\/aeIOiXLVAUlf7X0fXFedFXWKq9aABVNOZ7r5rykMv0fMN9YxDR4Cfp\/zKvuFMArhl0vnp4MXdTgWKEiqk59GY+\/xomF5ijzP3\/hVLiW7e0IYJ1yWiBQh1jhcv34Y3bAKrfDk1MJeqnDbo4Bp88Wdfr5Y21wV56qV8eT6SlXOXADAAuAAEAAAEsAKEAHAUEAAABLFhWy3NYLz5zpzoGcG9wLXByA3JucAJicgCVDEMFJZu9EAXpnfRWZ2RVItWA0n+KJu9IaIVJmIMhajSIQT3VrNMeLfYGRUUl45s\/7N7SoIMSnISlGlhJNpFBgZCcSGA0oztlFfMwzcS\/I5CcKCU3SWRb5uEagRV84Bme6gzJXmBlBbKvNmLJm1Vjve6LCM8hoD8VZqG7vv8jFcEKAAIAAQAAASwABQJuc8EKwQoAAgABAAABLAACwAzBCgAC"}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":92,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":452,"global_ts_msec":1495451914094}
00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_msec":1495451915752}
00632{"packet_event_id":1,"packet_event_name":"packet","packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":274,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcZssgAOcRVFmDTlH+zLpQ5QA1TRMGuBtHRUGFkwABAAAADAABCkhRMDFXRUYwMDEDRElSAkFEA0RMQQNNSUwAAAEAAcAeAAYAAQAAA2gALQhlYWdsZWliMcAbC3JhbmR5LnNtaXRowB53sikrAAAqMAAABDgACTqAAAADhMAeAC4AAQAAA2gAmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="}
00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_msec":1495451915752}
00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","packets-captured":93,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":204,"global_ts_msec":1495451915752}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 93/0

18
test/results/capwap.pcap.out
View File

@@ -7,18 +7,18 @@
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1422328963915,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1422328963915,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFAABFAAEAAP8R8PTAqAoK\/\/\/\/\/8BrADUAMQAA9LUBAAABAAAAAAAAF0NJU0NPLUNBUFdBUC1DT05UUk9MTEVSAAABAAE="}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328963915,"flow_last_seen":1422328963915,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1422328963915,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"cisco-capwap-controller","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1422328966914,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1422328966914,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFAABFAAIAAP8R8PPAqAoK\/\/\/\/\/8BrADUAMQAA9LUBAAABAAAAAAAAF0NJU0NPLUNBUFdBUC1DT05UUk9MTEVSAAABAAE="}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351,"global_ts_msec":1422328970067}
00756{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":365,"pkt_type":351,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":365,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAV+qqgMAAAwgAAK0db0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAUR2lnYWJpdEV0aGVybmV0MAAEAAgAAAADAAsABQE="}
00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351,"global_ts_msec":1422328970067}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351,"global_ts_msec":1422328971066}
00756{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":365,"pkt_type":351,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":365,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAV+qqgMAAAwgAAK0db0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAUR2lnYWJpdEV0aGVybmV0MAAEAAgAAAADAAsABQE="}
00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351,"global_ts_msec":1422328971066}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":6,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351,"global_ts_msec":1422328972066}
00756{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":365,"pkt_type":351,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":365,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAV+qqgMAAAwgAAK0db0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAUR2lnYWJpdEV0aGVybmV0MAAEAAgAAAADAAsABQE="}
00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":6,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351,"global_ts_msec":1422328972066}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":10,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_msec":1422328982066}
00789{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0iX0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAYyyAAZABCkjQAAAAA8KAAAMsg="}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":10,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_msec":1422328982066}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":11,"source":"capwap.pcap","alias":"nDPId-test","layer_type":383,"global_ts_msec":1422328989070}
00801{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":397,"pkt_type":383,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":397,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAX+qqgMAAAwgAAK0cl0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAPAAggAAAAABAABjLIABkAEKSNAAAAADwoAAAyyA=="}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":11,"source":"capwap.pcap","alias":"nDPId-test","layer_type":383,"global_ts_msec":1422328989070}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","layer_type":383,"global_ts_msec":1422328993294}
00801{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":397,"pkt_type":383,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":397,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAX+qqgMAAAwgAAK0cl0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAPAAggAAAAABAABjLIABkAEKSNAAAAADwoAAAyyA=="}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","layer_type":383,"global_ts_msec":1422328993294}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005766,"flow_last_seen":1422329005766,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329005766,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1422329005766,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1422329005766,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAARAAP8Rr9\/AqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g6AAAAAEAAGYAABQAAQAAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005766,"flow_last_seen":1422329005766,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329005766,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
@@ -33,14 +33,14 @@
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329017533,"flow_last_seen":1422329017533,"flow_idle_time":180000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1422329017533,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1422329018033,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1422329018033,"pkt":"JOmzR64guDhh8wWsCABFwADDAAJAAEARpATAqAoKwKgKCTBcFH8ArwAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFL9Qy3RsAQJYlAAEcq6fyE50AAEkACwAFKFJLQAQC3ePdGwBAliUAARyrp\/ITnQAAHQALAAUtdhsgDQK\/xN0bAECWJQABHKun8hOdAAAOAAsABS9iq+AIAt7o3RsAQJYlAAEcq6fyE50AAAwACwAFL7WkAA0C3+g="}
00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1422329018533,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_msec":1422329018533,"pkt":"JOmzR64guDhh8wWsCABFwAEaAANAAEARo6zAqAoKwKgKCTBcFH8BBgAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFN3Va3RsAQJYlAAEcq6fyE50AACMACwAFMGt3IAoC5+ndGwBAliUAARyrp\/ITnQAAEwALAAUwdLNADQLo6d0bAECWJQABZICZPC30AAADAAsABTJ3KPD9AqWm3RsAQJYlAAH4Ht\/dIQ8AAB8ACwAFNejwUJoCvcLdGwBAliUAAfge390hDwAAEgALAAU2FOxglQK9wt0bAECWJQAB+B7f3SEPAAAcAAsABTZHxnCRAr\/A3RsAQJYlAAH4Ht\/dIQ8AAAcACwAFN246sJsCvr4="}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":192,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_msec":1422329034072}
00790{"packet_event_id":1,"packet_event_name":"packet","packet_id":192,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"thread_ts_msec":1422329034032,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="}
00183{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":192,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_msec":1422329034072}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":293,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_msec":1422329091711}
00790{"packet_event_id":1,"packet_event_name":"packet","packet_id":293,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"thread_ts_msec":1422329090053,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="}
00183{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":293,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_msec":1422329091711}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":351,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":180000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1422329129029,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1422329136181,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1422329136181,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAGlAAP8Rr3rAqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g\/wAAABMAAGYAABQAAQEAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_msec":1422329141909}
00790{"packet_event_id":1,"packet_event_name":"packet","packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"thread_ts_msec":1422329141029,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="}
00183{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_msec":1422329141909}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":379,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1422328963915,"flow_last_seen":1422328966914,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1422329141029,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1422329005766,"flow_last_seen":1422329136181,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":492,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":217,"flow_first_seen":1422329005767,"flow_last_seen":1422329174862,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":1457,"flow_tot_l4_payload_len":54560,"flow_avg_l4_payload_len":251,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}

4
test/results/dlt_ppp.pcap.out
View File

@@ -1,6 +1,6 @@
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dlt_ppp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00170{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":9,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","protocol":33,"global_ts_msec":1031}
01927{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1230,"pkt_type":33,"pkt_l3_offset":2,"pkt_l4_offset":0,"pkt_len":1230,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"ACFFAgTMQT1AAD8RDTPBpwD8wadkZKwzAbsEuAAAz\/8AAB0MtxIpOpsU8gzQWdyoBJhpwdcARJZ0OsZN0bl8VJfvOykoeuttM0eMWHJwpGpOPAqWh0GUfp9IIe82zPEOJxxbudM5\/pOWImGkMJYnZKC4oc+Wie817ZluT3qGlbT6FmvR7wgU3ZlqiJlO4+0DRHL4d\/DzL3RfCdhaKCfxoviWr9OOaF9xayHBTgloTkVIbSLderihnwr+mk7qqrStghVdXJFtnOWHTzAMdmPpzaY99oTPzZwWklZzjG9W5shdxiA8ok\/3pt2WMY3QJIDzbHzKP+7ZsLr5YGFFIYxx1JspmQXO5+U3jVl43o7+huGmMmGYHNdWbRYYgFoAkcV642cnCac+cZPVd9ar\/XFRGfd\/WaFVK+zvTNX+exQ7Y3ZIotGRLaPFvGpj3H1W9HNWBEKODu7hETU2OX\/NaZuNjAbfxxKVTC9o6LUxoTVjag4leuFawG3pE6XLxFh9fenfXyYspIGy40nX701+znmPySuhrrYghEKqHVTFz\/fjb5y59pxDqwfx2gz+0tLjNRNMLdNY1Ag+BpNZPQBZDxS1Q4nlCfUqLKWSJpEsd+mHyUC3pRaolG8Jpu68ULGXjJ4ZKS7952WY2QtbjEtiMSGVNPERp0foW+HREy8qKb+tFgJ65NsBWY0E9\/jJGGpFUnix\/C7BDjtX\/ZgK9gfyvVQabBdj7mBntuOhNmnilWaVEIOX7CKCv2V+0LQWQOOVtmTWBQy0XrnBP7R005Av3+pdvoITeQ2zEo762fyDmFlboLbmiVV7z4cyXPPQL6MPya78HzZSLTnm3Xxv8O87bNxZE+T0J9baS33P9HRocrLvAjLFAWSMQbXzM6RAx0uu2+2kxSt4LNQRr+Nvhj9iZm0i+9tU23DVWOg6UFW+uqUPF0ds+jp9XdVBP+b6UC3e79iGd\/QTg4M7OYt7pt75ojnbr+ZjxHE8B0GZ1bPhHUhQ\/439iohTEuvizuLosg\/9ETTUUdbasnXh9D\/+SO51ABAnZvM6SDJ1pj177GYIwa\/ZqyWvarQpS41HFFKu4RYpQHjOT56xqgSjrLEWXyerkTEX8shaJqUzTf0hupuyCJ\/APa3545+ZYzvcCDGD7g4mx1kJ6bCPcx5s\/v5xv0RJBodp9K1hK4v\/DTDZxZGtU5gN0XXnA0WlvhheGJ1S\/ZaCizvBvbTeu8i2DUwd4Wme2LeIVwWL1YRsoozl32VaoHYmsfd7GuS4nwcSIq7qOKc\/v0ngj3r3ND1Z2VcoyXNbqPLJo2kpXaoXlSfOfSzoS+BYoeB3qst\/3RnzIpMan+YfjUUqTAsAH+lgJatdqf9zS60Yl5fSUpCDIosbThj4VOLqNKWrLQjA8v+93FIA3\/NFEDMSuNxj605kSA9S9GRrTJHsR5osW14O2xZRF\/BiXyz77L3\/OW35KvEzzuGXD5Apmt9048cnckQ+W8pGZui61Z81+NpEDiVl5\/7woKFPqgJn9vKV42rT4DXlRToJ8qpzLeevd936RndwoN8DMGcbfT7BT7\/CndBaHTk\/Xoi\/g0FlSSofCargF+zZqnP61iuG15DY\/IC7bC0k3NnOEoXpUUSiCOrtQOJtDXQygOL8Gb9V"}
00170{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":9,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","protocol":33,"global_ts_msec":1031}
00458{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":4,"global_ts_msec":1031}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/0
@@ -16,4 +16,4 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 175 chars
~~ json string max len.......: 1932 chars
~~ json string avg len.......: 968 chars
~~ json string avg len.......: 858 chars

14
test/results/dns_fragmented.pcap.out
View File

@@ -5,29 +5,29 @@
00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1558968008021,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1558968008021,"pkt":"AIac51UUAAwpil3XCABFAAXc0P4gAEARCebBGOPurNkoTAA13WgGrrRj1D+EEAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwAMAABAAAAPAEIAQADCgMBAAHQVNwo8VCsO0nmM2u3Mcqv14N851ULDM7hf1Hi2ooDrm7SR4cYS\/ptdvSMUJEyqPCUSF3Clw\/mlYs7YppfPvATwlxTT37RaXRQswUTRh4\/3GtYPxZXJOr+Wr2nwf4Rqm1imNixBim+ZLWFho\/CQdJqyhqg2VT8ongtHWFb9Nojmjr1IXZe0LYFcm0d1eoB5YaBtAcRvhm41KfjcjwpW7jDiMH5W1RgefeOj8kBkIJxjV9i9TB7pjmmAvw91J8s0GTTJqo\/ORsAzT8BHg3y6usJtQVH8ezMMHBFbjtgdGJlMoj4kn1KBk8Jtj9ZxjTIZWIo922PVb8sQqj0JytLOU69wAwALgABAAAAPAIfADAKAgAAADxdChURXOJ+MzN7CHdlYmVybGFiAmRlAB+yP4V\/njTX1ZrAUX52Q4ppNzTYQFwUb\/fZ7UyQYLNxrrstLuUEImGhNwZoGn47E0jCxJscYiApT\/lYiL2L1ySUl4RKqHIjPNuYuibs67t5ZabkYsahlYEA\/lOcM3eIQx9pu5Og7p1d2yBSUETOBiGw2mFf2+ESni6Ue4XPXEEYzAhiMRhuYOJAy8gBqoPjkRBcJfWJSQLCsK1uYySkTZfbAzgJeVM0nXd6azgG0BhRE+LeaO6rN3QVHDtfgnwRdZ0mqwEcP9Ixz7o9MUVSKZ24Kp1QfS5nvEHn5PilNALbZYZOO0cQAeV8BhlxVuALLDecEOLC8sY1mx6ozY5\/aRypyHA9HCrJT0qIHJwgtxE7ldoWyzsz32MKgZvCYMZSPOXK\/W3p61FPtD4iT4Id6xXDvyRuALL3waMUMwy3mSjXDHAdpXWaCOMfYx2IzRk4rN5TDQtUohYwaoSbystwDYKnhZGi9jS0G8FObyWhTrKCl7aTkMBaFEejCh0dfD5WJP+MDS\/TR32BG0S+GtGTl4n1Y8wgyP7nkz3\/REcevkIvpJRUImVc8A\/VPTI+9KvBSkoLPA9Za\/IpqUpgDVsKWU5bp0V0TdEryxvtwOnVXXdH0\/hJMgIgWhmZzY2\/UVoRBVGptWsAIhn5sO+UhcjvZ41p3t\/1mWp23BdUACblNtHcw2MALgABAAAAPAEfADAKAgAAADxdChURXOJ+M5BHCHdlYmVybGFiAmRlAHoYKuiyNMNSWsfXwtRR8n\/pKy73at02yEwt1EoWyfptV8sUoxs="}
00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230,"global_ts_msec":1558968008021}
00631{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":264,"pkt_l4_len":0,"thread_ts_msec":1558968008021,"pkt":"AIac51UUAAwpil3XCABFAAD60P4AuUARLg\/BGOPurNkoTJJWaQ8FS9tIHo+oVjY51cy6+fgiJNB2zCSb2h1J8D40RJyUZYc0lguNGrMzvogBYnbxInuDKD2B8SGaumxsynJulBSZTde74knucmk+7g4DbM0zyfRD0W3RhD3u0NFdji\/0zmiI817VkCE2GpVvuL3F8KDCC+EMYjJlOHqM+STJxPq9ZF8xJcVITkC6EY6CdRmYmQdqvRYWzDXPjGtyu5XT13H1VC8IJisNUehBDr2PeppANUdXFlyqVQ6mARL6UnTBT0xam7DpmuxycO7BOql2rC7KBJb4lykg9AAAKRAAAACAAAAA"}
00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230,"global_ts_msec":1558968008021}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968010233,"flow_last_seen":1558968010233,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1558968010233,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1558968010233,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":120,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":120,"pkt_l4_len":66,"thread_ts_msec":1558968010233,"pkt":"AAwpil3XAIac51UUht1gArj8AEIRayoAFFBAEwwDAAAAAAAAAQogAQRwdlsAAAAAAAAKJQBTtWEANQBC7JLpxAAQAAEAAAAAAAECcGEId2ViZXJsYWICZGUAABwAAQAAKRAAAACAAAAPAAgACwACOAAgAQRwHwsW"}
00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968010233,"flow_last_seen":1558968010233,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1558968010233,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1558968010234,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1510,"pkt_l4_len":1448,"thread_ts_msec":1558968010234,"pkt":"AIac51UUAAwpil3Xht1gB4f9BbAsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMAwAAAAAAAAEKEQAAAShAPAsANbVhBeUUjunEhBAAAQACAAMACQJwYQh3ZWJlcmxhYgJkZQAAHAABwAwAHAABAAAAPAAQIAEEcB8LECQAAAAAAAAAAsAMAC4AAQAAADwBHwAcCgMAAAA8XQZZ\/FzevuyQRwh3ZWJlcmxhYgJkZQC1pnXN9aJB47xcEl0t+RyJPr\/p+1OSRyBEPleyPVcVG13SY1au\/jvJTdnRA4lySA7r3bi4LlJCEattffR4fjevK4f+NrGd0s5mJ+PRg85+C1QnHQmbvL9v+MI2zPL2z8n5PSX3Yf1y4VNvPCJ7YmzWzkyABQys7VcUh58r0Vf2MDfcX+p\/oqdfN5wH3piEMrifXVk3S1jvEgqm3k\/0jIc5bfsXYFPDiziLSsKruSCkr5Ydv6DPypeAQh8lSdezjVxYVAOnbrtC88Q7QQ04+1dWXmZGW9cG+PBKFrFDsPDKsCvsJ0ggc3+bJXpyZZ0SaqfH4Zgi8NjO\/iMCsrSxLkS9wFoAAgABAAAAPAAPA25zMgh3ZWJlcmRuc8BjwFoAAgABAAAAPAAGA25zMcF3wFoALgABAAAAPAEfAAIKAgAAADxdCgDsXOJvNZBHCHdlYmVybGFiAmRlAHSoxNqqAKym4hw9iI9\/cGB9AOyri1gZ9PRCVa3kokohNFwwgJZHh\/GYLEe5aVQ16NDPaZsaEDNFKVzAqyIPhTpD66im4JiAdIma3+zQ6MM9+50XgE4zD34pXPziEN3\/hpyx0OsRaMDdi+fLJ+VSFGsK+dEf7olAlTzREwS8gAhMxbir6bK5GyMP0HpB+N56qoJQqvHlvC11N4HQ1PiAfHGM\/e0cnoTP4HtNoJs4zlO01ipMUjuZ2yl3aHqydGgSm9jswrVneievkN6cP9\/osHneUEe3pq+Na767DBQ6GotyiL0ifYjqRt+tp11FZgz+RwhCI599k5mxFSecocr80szBjgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwXMAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8GOAAEAAQAADhAABMEY4+7BcwABAAEAAA4QAATC9wUOwY4ALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALFKzqMjh9BzTzk7te1fsFGook8hWPtH0Dh2qeLmkPiC00JY45Dj2PARXv44katX35tAeXg4ix8QZs+c1GIcPatTaDXZe6J7CgZjoERP+ecNOmJ3vNLtj8s3UGq5X1b66ao4qdZN6E8DXjYpPWxeaD+6KZd7ytQjBmRNzONHV4CNwY4ALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAEEPt\/jvpNYZTaxUf\/hq3Z6tUps6XBA9Yu325Bwy3LukMjtOntkxZ48rvFNij79Ioq3EbGxCb4PD0EVLtA5lKR6U69jYrdbsh11ahmIq4c0voBJAKVJkpfioqYTXkZCppD5DWEnFc7+3dmCZtR6n7cdLRMGXeU0ee7boqf+ntG0ywXMALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAAdbeEFbg2lg4i3rnV+6yQt2VeYizGmT\/rDt7rXbe9Gvg0bs7cCzKvh3nLNc7lfkw3Toxu3h2m\/NqvAJNkxLRmrtfxw68cyy4lkHhL2NLL3Y19jvp2qm25mZVgwcJylB9Dlvk0ReqgeiL8E1GyKZ+bYJb4PW+X45ewaJrdYFgGv4wXMALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALY71RRfBids18YMqfb3pDV95vjCv9gQTwdXg7KIz9hcjsWC4LdX4rCK4Rics7xQ5QaBNODVJNd5alz0R5hMDerxbEpzVvoggNs6EwCYRezdSpP5C3DJFx6i88C2SQ=="}
00810{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968010233,"flow_last_seen":1558968010234,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1498,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1558968010234,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00209{"error_event_id":12,"error_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"packet_id":6,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":89,"global_ts_msec":1558968010234}
00443{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":123,"pkt_l4_len":0,"thread_ts_msec":1558968010234,"pkt":"AIac51UUAAwpil3Xht1gB4f9AEUsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMAwAAAAAAAAEKEQAFqChAPAtderZqHOphjXllMk8sHswGkSaaDoR\/AL9bqSnISQXKcnns5gAAKRAAAACAAAAPAAgACwACOAAgAQRwHwsW"}
00209{"basic_event_id":12,"basic_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"packet_id":6,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":89,"global_ts_msec":1558968010234}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968018074,"flow_last_seen":1558968018074,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968018074,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1558968018074,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_msec":1558968018074,"pkt":"AAwpil3XAIac51UUht1gCQGuAEMRayoAFFBAEwwGAAAAAAAAAQUgAQRwdlsAAAAAAAAKJQBT94kANQBDODsKMgAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAABAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968018074,"flow_last_seen":1558968018074,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968018074,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1558968018075,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1510,"pkt_l4_len":1448,"thread_ts_msec":1558968018075,"pkt":"AIac51UUAAwpil3Xht1gAmIVBbAsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBgAAAAAAAAEFEQAAASR\/DLMANfeJBdraSAoyhBAAAQACAAMACQNmZzIId2ViZXJsYWICZGUAAAEAAcAMAAEAAQAAADwABML3BArADAAuAAEAAAA8AR8AAQoDAAAAPF0J+51c4m0NkEcId2ViZXJsYWICZGUATmqKLyXYlD7oC1wjnJdPzxr55pJoGn6h+biEYxUlvjgkAKYGVr2OkUzNi9dPZZCT1\/wXWro5BadVhTNlYhGA9J99DHUUB5NEITFfyeoCqRwORKOIN8F3N4260XT5uRwPgDtpnX9J6IRQN3Hg639ASVUfreGkxN2At0j1oxD21UcoFDfwz5Fn7owm5vE3RP6EyTqHCPkRSCJvvZO+Lb6nyRwRS\/BgbrTAjIDB9gxMtXs7GIKlm\/T21iqqa\/CM0K3y9nYSv2Mbgyh+nhDaTp4WmMKZfRzP6DKGL+Myx7893ekGgWnaQNeZGzB3BTQVSEJFLULyYavsqtvSpVIspLF1IcBPAAIAAQAAADwADwNuczIId2ViZXJkbnPAWMBPAAIAAQAAADwABgNuczHBbMBPAC4AAQAAADwBHwACCgIAAAA8XQoA7FzibzWQRwh3ZWJlcmxhYgJkZQB0qMTaqgCspuIcPYiPf3BgfQDsq4tYGfT0QlWt5KJKITRcMICWR4fxmCxHuWlUNejQz2mbGhAzRSlcwKsiD4U6Q+uopuCYgHSJmt\/s0OjDPfudF4BOMw9+KVz84hDd\/4acsdDrEWjA3YvnyyflUhRrCvnRH+6JQJU80RMEvIAITMW4q+myuRsjD9B6QfjeeqqCUKrx5bwtdTeB0NT4gHxxjP3tHJ6Ez+B7TaCbOM5TtNYqTFI7mdspd2h6snRoEpvY7MK1Z3onr5DenD\/f6LB53lBHt6avjWu+uwwUOhqLcoi9In2I6kbfraddRWYM\/kcIQiOffZOZsRUnnKHK\/NLMwYMAHAABAAAOEAAQIAEEcHZbAAAAAAAACiUAU8FoABwAAQAADhAAECABBHAfCxawAAAAAAomAFPBgwABAAEAAA4QAATBGOPuwWgAAQABAAAOEAAEwvcFDsGDAC4AAQAADhAAnwABCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQCxSs6jI4fQc085O7XtX7BRqKJPIVj7R9A4dqni5pD4gtNCWOOQ49jwEV7+OJGrV9+bQHl4OIsfEGbPnNRiHD2rU2g12XuiewoGY6BET\/nnDTpid7zS7Y\/LN1BquV9W+umqOKnWTehPA142KT1sXmg\/uimXe8rUIwZkTczjR1eAjcGDAC4AAQAADhAAnwAcCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQBBD7f476TWGU2sVH\/4at2erVKbOlwQPWLt9uQcMty7pDI7Tp7ZMWePK7xTYo+\/SKKtxGxsQm+Dw9BFS7QOZSkelOvY2K3W7IddWoZiKuHNL6ASQClSZKX4qKmE15GQqaQ+Q1hJxXO\/t3ZgmbUep+3HS0TBl3lNHnu26Kn\/p7RtMsFoAC4AAQAADhAAnwABCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQAHW3hBW4NpYOIt651fuskLdlXmIsxpk\/6w7e6123vRr4NG7O3Asyr4d5yzXO5X5MN06Mbt4dpvzarwCTZMS0Zq7X8cOvHMsuJZB4S9jSy92NfY76dqptuZmVYMHCcpQfQ5b5NEXqoHoi\/BNRsimfm2CW+D1vl+OXsGia3WBYBr+MFoAC4AAQAADhAAnwAcCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQC2O9UUXwYnbNfGDKn296Q1feb4wr\/YEE8HV4OyiM\/YXI7FguC3V+KwiuEYnLO8UOUGgTTg1STXeWpc9EeYTA3q8WxKc1b6IIDbOhMAmEXs3UqT+QtwyRceovPAtklderZqHOphjXllMg=="}
00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968018074,"flow_last_seen":1558968018075,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1499,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1558968018075,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}}
00209{"error_event_id":12,"error_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"packet_id":9,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":78,"global_ts_msec":1558968018075}
00432{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":112,"pkt_l4_len":0,"thread_ts_msec":1558968018075,"pkt":"AIac51UUAAwpil3Xht1gAmIVADosQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBgAAAAAAAAEFEQAFqCR\/DLNPLB7MBpEmmg6EfwC\/W6kpyEkFynJ57OYAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00209{"basic_event_id":12,"basic_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"packet_id":9,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":78,"global_ts_msec":1558968018075}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1558968019069,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1558968019069,"pkt":"AAwpil3XAIac51UUCABFAABXnz0AAGwRsyatwqlowRjj7uhIADUAQ+SwoX0AEAABAAAAAAABA2ZnMgh3ZWJlcmxhYgJkZQAAAQABAAApEAAAAIAAAA8ACAALAAI4ACABBHAfCxY="}
00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1558968019069,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1558968019069,"pkt":"AIac51UUAAwpil3XCABFAAXc4hEgAEARds3BGOPurcKpaAA16EgF2oW\/oX2EEAABAAIAAwAJA2ZnMgh3ZWJlcmxhYgJkZQAAAQABwAwAAQABAAAAPAAEwvcECsAMAC4AAQAAADwBHwABCgMAAAA8XQn7nVzibQ2QRwh3ZWJlcmxhYgJkZQBOaoovJdiUPugLXCOcl0\/PGvnmkmgafqH5uIRjFSW+OCQApgZWvY6RTM2L109lkJPX\/BdaujkFp1WFM2ViEYD0n30MdRQHk0QhMV\/J6gKpHA5Eo4g3wXc3jbrRdPm5HA+AO2mdf0nohFA3ceDrf0BJVR+t4aTE3YC3SPWjEPbVRygUN\/DPkWfujCbm8TdE\/oTJOocI+RFIIm+9k74tvqfJHBFL8GButMCMgMH2DEy1ezsYgqWb9PbWKqpr8IzQrfL2dhK\/YxuDKH6eENpOnhaYwpl9HM\/oMoYv4zLHvz3d6QaBadpA15kbMHcFNBVIQkUtQvJhq+yq29KlUiyksXUhwE8AAgABAAAAPAAPA25zMQh3ZWJlcmRuc8BYwE8AAgABAAAAPAAGA25zMsFswE8ALgABAAAAPAEfAAIKAgAAADxdCgDsXOJvNZBHCHdlYmVybGFiAmRlAHSoxNqqAKym4hw9iI9\/cGB9AOyri1gZ9PRCVa3kokohNFwwgJZHh\/GYLEe5aVQ16NDPaZsaEDNFKVzAqyIPhTpD66im4JiAdIma3+zQ6MM9+50XgE4zD34pXPziEN3\/hpyx0OsRaMDdi+fLJ+VSFGsK+dEf7olAlTzREwS8gAhMxbir6bK5GyMP0HpB+N56qoJQqvHlvC11N4HQ1PiAfHGM\/e0cnoTP4HtNoJs4zlO01ipMUjuZ2yl3aHqydGgSm9jswrVneievkN6cP9\/osHneUEe3pq+Na767DBQ6GotyiL0ifYjqRt+tp11FZgz+RwhCI599k5mxFSecocr80szBaAABAAEAAA4QAATBGOPuwYMAAQABAAAOEAAEwvcFDsFoABwAAQAADhAAECABBHB2WwAAAAAAAAolAFPBgwAcAAEAAA4QABAgAQRwHwsWsAAAAAAKJgBTwWgALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALFKzqMjh9BzTzk7te1fsFGook8hWPtH0Dh2qeLmkPiC00JY45Dj2PARXv44katX35tAeXg4ix8QZs+c1GIcPatTaDXZe6J7CgZjoERP+ecNOmJ3vNLtj8s3UGq5X1b66ao4qdZN6E8DXjYpPWxeaD+6KZd7ytQjBmRNzONHV4CNwWgALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAEEPt\/jvpNYZTaxUf\/hq3Z6tUps6XBA9Yu325Bwy3LukMjtOntkxZ48rvFNij79Ioq3EbGxCb4PD0EVLtA5lKR6U69jYrdbsh11ahmIq4c0voBJAKVJkpfioqYTXkZCppD5DWEnFc7+3dmCZtR6n7cdLRMGXeU0ee7boqf+ntG0ywYMALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAAdbeEFbg2lg4i3rnV+6yQt2VeYizGmT\/rDt7rXbe9Gvg0bs7cCzKvh3nLNc7lfkw3Toxu3h2m\/NqvAJNkxLRmrtfxw68cyy4lkHhL2NLL3Y19jvp2qm25mZVgwcJylB9Dlvk0ReqgeiL8E1GyKZ+bYJb4PW+X45ewaJrdYFgGv4wYMALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALY71RRfBids18YMqfb3pDV95vjCv9gQTwdXg7KIz9hcjsWC4LdX4rCK4Rics7xQ5QaBNODVJNd5alz0R5hMDerxbEpzVvoggNs6EwCYRezdSpP5C3DJFx6i88C2SV16tmoc6mGNeWUyTywezAaRJpoOhH8Av1upKchJBcpyeezmAAApEAAAAIA="}
00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1531,"flow_avg_l4_payload_len":765,"midstream":0,"thread_ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}}
00209{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":12,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":18,"global_ts_msec":1558968019069}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":1558968019069,"pkt":"AIac51UUAAwpil3XCABFAAAm4hEAuUARm8rBGOPurcKpaAAADwAIAAsAAjgAIAEEcB8LFg=="}
00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":12,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":18,"global_ts_msec":1558968019069}
00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021013,"flow_last_seen":1558968021013,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968021013,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1558968021013,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_msec":1558968021013,"pkt":"AAwpil3XAIac51UUht1gBi\/8AEMRayoAFFBADAwAAAAAAAAAAQYgAQRwdlsAAAAAAAAKJQBT1J4ANQBDpiukOAAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAAcAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021013,"flow_last_seen":1558968021013,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968021013,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -38,8 +38,8 @@
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021026,"flow_last_seen":1558968021026,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968021026,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1558968021027,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1558968021027,"pkt":"AIac51UUAAwpil3XCABFAAXciTwgAEARrMjBGOPuSn0viAA158IGrsPBFaiEEAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwALgABAAAAPAIfADAKAgAAADxdChURXOJ+MzN7CHdlYmVybGFiAmRlAB+yP4V\/njTX1ZrAUX52Q4ppNzTYQFwUb\/fZ7UyQYLNxrrstLuUEImGhNwZoGn47E0jCxJscYiApT\/lYiL2L1ySUl4RKqHIjPNuYuibs67t5ZabkYsahlYEA\/lOcM3eIQx9pu5Og7p1d2yBSUETOBiGw2mFf2+ESni6Ue4XPXEEYzAhiMRhuYOJAy8gBqoPjkRBcJfWJSQLCsK1uYySkTZfbAzgJeVM0nXd6azgG0BhRE+LeaO6rN3QVHDtfgnwRdZ0mqwEcP9Ixz7o9MUVSKZ24Kp1QfS5nvEHn5PilNALbZYZOO0cQAeV8BhlxVuALLDecEOLC8sY1mx6ozY5\/aRypyHA9HCrJT0qIHJwgtxE7ldoWyzsz32MKgZvCYMZSPOXK\/W3p61FPtD4iT4Id6xXDvyRuALL3waMUMwy3mSjXDHAdpXWaCOMfYx2IzRk4rN5TDQtUohYwaoSbystwDYKnhZGi9jS0G8FObyWhTrKCl7aTkMBaFEejCh0dfD5WJP+MDS\/TR32BG0S+GtGTl4n1Y8wgyP7nkz3\/REcevkIvpJRUImVc8A\/VPTI+9KvBSkoLPA9Za\/IpqUpgDVsKWU5bp0V0TdEryxvtwOnVXXdH0\/hJMgIgWhmZzY2\/UVoRBVGptWsAIhn5sO+UhcjvZ41p3t\/1mWp23BdUACblNtHcw2MALgABAAAAPAEfADAKAgAAADxdChURXOJ+M5BHCHdlYmVybGFiAmRlAHoYKuiyNMNSWsfXwtRR8n\/pKy73at02yEwt1EoWyfptV8sUoxs="}
00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968021026,"flow_last_seen":1558968021027,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1558968021027,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":17,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230,"global_ts_msec":1558968021027}
00631{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":264,"pkt_l4_len":0,"thread_ts_msec":1558968021027,"pkt":"AIac51UUAAwpil3XCABFAAD6iTwAuUAR0PHBGOPuSn0viJJWaQ8FS9tIHo+oVjY51cy6+fgiJNB2zCSb2h1J8D40RJyUZYc0lguNGrMzvogBYnbxInuDKD2B8SGaumxsynJulBSZTde74knucmk+7g4DbM0zyfRD0W3RhD3u0NFdji\/0zmiI817VkCE2GpVvuL3F8KDCC+EMYjJlOHqM+STJxPq9ZF8xJcVITkC6EY6CdRmYmQdqvRYWzDXPjGtyu5XT13H1VC8IJisNUehBDr2PeppANUdXFlyqVQ6mARL6UnTBT0xam7DpmuxycO7BOql2rC7KBJb4lykg9AAAKRAAAACAAAAA"}
00210{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":17,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230,"global_ts_msec":1558968021027}
00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1558968031134,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_msec":1558968031134,"pkt":"AAwpil3XAIac51UUht1gCRS7AEMRbCoAFFBAEwwFAAAAAAAAAQ4gAQRwdlsAAAAAAAAKJQBTiIAANQBD+GeeBgAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAAcAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -104,15 +104,15 @@
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1560869905222,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_msec":1560869905222,"pkt":"CFsOoYNeAAwpfKTLht1gDZ0NADwRQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBT2bEANQA8zxHCoAEgAAEAAAAAAAEId2ViZXJsYWICZGUAADAAAQAAKRAAAACAAAAMAAoACPFs5uYvfUZc"}
02413{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1560869905232,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1494,"pkt_l4_len":1432,"thread_ts_msec":1560869905232,"pkt":"AAwpfKTLCFsOoYNeht1gC9IyBaAsPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLEQAAAQAABpoANdmxBspAOcKghQAAAQAEAAAAAQh3ZWJlcmxhYgJkZQAAMAABwAwAMAABAAAAPAIIAQEDCgMBAAHd7\/3tIq12CjsLWBAd1T3u8\/far4uZXvf8tV18qZaecv+cWqq5v63pRvKYMfBrDVtiIL4iSgCelIlOORESqB\/n89qn9klBRxVsJMHolsi2eBGR4aML4ghMfeD+DrMDSl5nWB3t\/K5Rz2vtzsqVvYGH0fZYQiit53gj6vP2hRbE0yO3UPkNpBEVogjAsm5eFjsLAaP0ZZzzOMrnzCiJQAYjOTVkDzZiOo2MwGKWKMlIXfR55yCA5TUPPR6V0HRZsrDK2l2G+6gzqDhIjqHbbSh9Mv77SdkkVNOUReABLpmnCFMwIuSy9nDEMQu7e65QyOF+NjUXziwKhrjnnJRY86s9znQCVnoPwAJ0m29NgBgpEN+9E19YVr3gF7esaT1ji4B10iyBf5c\/sJfg5vGTVg55+cxCbhI98aL2tYPM5kVyTpqgOlYRqnsMRfHPsinjRDh8+F+P0S5lhyLhG726D9NA5OQPW4cmRlbMrTiYPjcIRULbwVi5g\/NhRbX0rdr5mxRTcAGTp0WViThvS+0xXBiJtThFC5qIVMhS7ARjFwxTrtZNKOqapuPebbAbjMiTaX3UKD8DpFKbCouo5jaur0Y77zYiW3BcpU0K6hxkxrjqKblLAW1F4\/5zq+COo+NpOhgyLk8iw5Gla3a8V5hp3zZ0rXalprx16P2BcHZbPW3E+8AMADAAAQAAADwBCAEAAwoDAQAB0FTcKPFQrDtJ5jNrtzHKr9eDfOdVCwzO4X9R4tqKA65u0keHGEv6bXb0jFCRMqjwlEhdwpcP5pWLO2KaXz7wE8JcU09+0Wl0ULMFE0YeP9xrWD8WVyTq\/lq9p8H+EaptYpjYsQYpvmS1hYaPwkHSasoaoNlU\/KJ4LR1hW\/TaI5o69SF2XtC2BXJtHdXqAeWGgbQHEb4ZuNSn43I8KVu4w4jB+VtUYHn3jo\/JAZCCcY1fYvUwe6Y5pgL8PdSfLNBk0yaqPzkbAM0\/AR4N8urrCbUFR\/HszDBwRW47YHRiZTKI+JJ9SgZPCbY\/WcY0yGViKPdtj1W\/LEKo9CcrSzlOvcAMAC4AAQAAADwCHwAwCgIAAAA8XSexsF0AI8Ezewh3ZWJlcmxhYgJkZQDDZMohasNCzdZy+qXT+i9EuX\/inlaoHckoPQ6pZUM55HOKiXWwbCF2bgR2vTatltfgdQMYsjHLb9y8\/8K16x1bINo7jHhPhiQ3mZPnhRDbC819\/mg\/DAJlEfo4\/PIHroaOXHkEsxclA3Sfl5XzqMY8dIIjCMSIRohmpz3ajd1g8Q5nPhvruiTi3rbkkaFuvAu6JBazSxvplBTGRsLiwD\/keT1H0ch7BVc1oZ6xmkqy68vIsD63Fj1r1Prt7pmrCHTCuEgsO78D9dCQuWCLkJQxGUVXJj5CI3Hv7xFFgpu2WdK7EiEBH5rHphjb8hJPFep1cggzgdSO7gr4PL16UQJ4paFWEovlSSSKN6CqV0KlzY5UKpoC4bOcRMiiujkcgLRcJzDNjTcP59699eiRBYcnSUNu7NR\/AQOsLe1gcGBMYVI28uXABijFJJPUYQFFRKKQYYy7U8augfodJClNM+5PjDrN7VUaoyW\/CtbFigLZaje\/SbLFkod9oTkuhnetL7fyEnlGfxKmEZ218qPcsKDJRrRyymc+WdZ+tPcZvQXr6AVS7RZSoUTV\/+5dVd2kWuuF2w5rsnAIOU3wwIEPhsTwq9njhb9Bp9jOMH3FFbo4srNvY4pocOs9Lic1Os813bu7VyQz3Nrv\/xfPOPvvG\/\/ufcPEO13FnB7dwg\/ymTeeu8NjAC4AAQAAADwBHwAwCgIAAAA8XSexsF0AI8GQRwh3"}
00819{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1560869900222,"flow_last_seen":1560869905232,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1528,"flow_avg_l4_payload_len":509,"midstream":0,"thread_ts_msec":1560869905232,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00211{"error_event_id":12,"error_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"packet_id":39,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":334,"global_ts_msec":1560869905233}
00776{"packet_event_id":1,"packet_event_name":"packet","packet_id":39,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":368,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":368,"pkt_l4_len":0,"thread_ts_msec":1560869905232,"pkt":"AAwpfKTLCFsOoYNeht1gC9IyATosPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLEQAFmAAABpplYmVybGFiAmRlAKU8TJxFacYrnzjzribJyhzI\/PZTM81o7M0N53bVhGij+9zhJRNeoUG2ZbhJAUMEBAu7geapxJ7U1z+UqhkFSi8Qu6jROnMih5xzmixXOjO2RiHT8eMzQMHqilreexmdz+7rH4jCggpAg2YenRMzpvhrf0+OEWUNhwq6dNYVlNWg1Yf1oxCRsZ6Xiq2pemle4KOkgobWECgdELaMnIZKUJ0WtpAZJuCbAIPvak3YgHcNPR4Sbx1lKRTPW6QxjFsHJ5X\/B6mNMVtqG97wzaO\/ugVwH81Qt2Llpj5Wb873AtMbd7OQYLwhJ7fhxJ9xNJn6SlVRp6C+1P2Wyu\/7U0mgP+sAACkQAAAAgAAAHAAKABjxbObmL31GXCozdz5dCPwRZU4FwINgbJY="}
00211{"basic_event_id":12,"basic_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"packet_id":39,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":334,"global_ts_msec":1560869905233}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869910534,"flow_last_seen":1560869910534,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869910534,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1560869910534,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1560869910534,"pkt":"CFsOoYNeAAwpfKTLCABFAABQVdgAAEARt8DC9wUGwRjj7spPADUAPG1Sic4BIAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAADAAKAAgdxATcWA6WbA=="}
00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869910534,"flow_last_seen":1560869910534,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869910534,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1560869910547,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1560869910547,"pkt":"AAwpfKTLCFsOoYNeCABFAAXc3KUgAEARC2fBGOPuwvcFBgA1yk8Gysn4ic6FAAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwALgABAAAAPAIfADAKAgAAADxdJ7GwXQAjwTN7CHdlYmVybGFiAmRlAMNkyiFqw0LN1nL6pdP6L0S5f+KeVqgdySg9DqllQznkc4qJdbBsIXZuBHa9Nq2W1+B1AxiyMctv3Lz\/wrXrHVsg2juMeE+GJDeZk+eFENsLzX3+aD8MAmUR+jj88geuho5ceQSzFyUDdJ+XlfOoxjx0giMIxIhGiGanPdqN3WDxDmc+G+u6JOLetuSRoW68C7okFrNLG+mUFMZGwuLAP+R5PUfRyHsFVzWhnrGaSrLry8iwPrcWPWvU+u3umasIdMK4SCw7vwP10JC5YIuQlDEZRVcmPkIjce\/vEUWCm7ZZ0rsSIQEfmsemGNvyEk8V6nVyCDOB1I7uCvg8vXpRAniloVYSi+VJJIo3oKpXQqXNjlQqmgLhs5xEyKK6ORyAtFwnMM2NNw\/n3r316JEFhydJQ27s1H8BA6wt7WBwYExhUjby5cAGKMUkk9RhAUVEopBhjLtTxq6B+h0kKU0z7k+MOs3tVRqjJb8K1sWKAtlqN79JssWSh32hOS6Gd60vt\/ISeUZ\/EqYRnbXyo9ywoMlGtHLKZz5Z1n609xm9BevoBVLtFlKhRNX\/7l1V3aRa64XbDmuycAg5TfDAgQ+GxPCr2eOFv0Gn2M4wfcUVujiys29jimhw6z0uJzU6zzXdu7tXJDPc2u\/\/F884++8b\/+59w8Q7XcWcHt3CD\/KZN567w2MALgABAAAAPAEfADAKAgAAADxdJ7GwXQAjwZBHCHdlYmVybGFiAmRlAKU8TJxFacYrnzjzribJyhzI\/PZTM81o7M0N53bVhGij+9zhJRM="}
00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":762,"midstream":0,"thread_ts_msec":1560869910547,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00210{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":42,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":258,"global_ts_msec":1560869910547}
00677{"packet_event_id":1,"packet_event_name":"packet","packet_id":42,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":292,"pkt_l4_len":0,"thread_ts_msec":1560869910547,"pkt":"AAwpfKTLCFsOoYNeCABFAAEW3KUAuUARL3TBGOPuwvcFBl6hQbZluEkBQwQEC7uB5qnEntTXP5SqGQVKLxC7qNE6cyKHnHOaLFc6M7ZGIdPx4zNAweqKWt57GZ3P7usfiMKCCkCDZh6dEzOm+Gt\/T44RZQ2HCrp01hWU1aDVh\/WjEJGxnpeKral6aV7go6SChtYQKB0QtoychkpQnRa2kBkm4JsAg+9qTdiAdw09HhJvHWUpFM9bpDGMWwcnlf8HqY0xW2ob3vDNo7+6BXAfzVC3YuWmPlZvzvcC0xt3s5BgvCEnt+HEn3E0mfpKVVGnoL7U\/ZbK7\/tTSaA\/6wAAKRAAAACAAAAcAAoAGB3EBNxYDpZslD4VVl0I\/BakNFp6chM\/YQ=="}
00210{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":42,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":258,"global_ts_msec":1560869910547}
00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913732,"flow_last_seen":1560869913732,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869913732,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1560869913732,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_msec":1560869913732,"pkt":"CFsOoYNeAAwpfKTLht1gCfvPADQRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABER7IYANQA07tw\/fwEAAAEAAAAAAAEDbnMyCHdlYmVyZG5zAmRlAAAcAAEAACkCAAAAAAAAAA=="}
00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913732,"flow_last_seen":1560869913732,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869913732,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}

240
test/results/dnscrypt-v1-and-resolver-pings.pcap.out
View File

@@ -6,21 +6,21 @@
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946735705348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946735705348,"pkt":"REREREREZmZmZmZmCABFAAXcCgAgAL0Rk+4KAAABlTjkLbKaAbsGBGxVf0QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00223{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946735705348}
00418{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946735705348,"pkt":"REREREREZmZmZmZmCABFAABQCgAAub0RuMEKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00223{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946735705348}
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946735705348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946735705348,"pkt":"REREREREZmZmZmZmCABFAAXcCgEgAL0Rk+0KAAABlTjkLYqnAbsGBJRGf0YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00223{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946735705348}
00418{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946735705348,"pkt":"REREREREZmZmZmZmCABFAABQCgEAub0RuMAKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00223{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946735705348}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":946735705349,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946735705349,"pkt":"REREREREZmZmZmZmCABFAAIcCgJAAL0Rd6wKAAABlTjkLYMdAbsCCDw8f0UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":946735705349,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946735705349,"pkt":"REREREREZmZmZmZmCABFAAXcCgMgAL0Rk+sKAAABlTjkLYmcAbsGBJVVf0IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00223{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946735705349}
00418{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946735705349,"pkt":"REREREREZmZmZmZmCABFAABQCgMAub0RuL4KAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00223{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946735705349}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":946735705349,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946735705349,"pkt":"REREREREZmZmZmZmCABFAAIcCgRAAL0Rd6oKAAABlTjkLeuNAbsCCDw8f0MBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705349,"flow_last_seen":946735705349,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946735705349,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -43,18 +43,18 @@
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":946739299327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAAXcFy0gAL0RDQ4KAAABPtK0R6rkBB0GBCq4ByYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":20,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739299327}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":20,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAABQFy0Aub0RMeEKAAABPtK0RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":20,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739299327}
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":946739299327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAAXcFy4gAL0RDQ0KAAABPtK0R+AzBB0GBPVqByQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":22,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739299327}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":22,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAABQFy4Aub0RMeAKAAABPtK0RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":22,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739299327}
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":946739299327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAAXcFy8gAL0RDQwKAAABPtK0R9AzBB0GBAVtByIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":24,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739299327}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":24,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAABQFy8Aub0RMd8KAAABPtK0RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":24,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739299327}
00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":946739299355,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739299355,"pkt":"ZmZmZmZmRERERERECABFAADWguYAADURTls+0rRHCgAAAQQdxzwAwvgJByeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAD603DX03HFYUGSUUMZQ5AFHqQDCbcRbndp5mF3SVu19eScXuGrpg2nLc5WDzV06y+FJw+Dah4cv34QVXrvZ7Q8nY1y4iPNLnPDmhCiX6M9Qv8kZOhpPDs+tmijF9ICJLydjXLiI80ucXop2NF6KdjRga6m0"}
00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":946739299356,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739299356,"pkt":"ZmZmZmZmRERERERECABFAADWguUAADQRT1w+0rRHCgAAAQQdzZwAwvGtByOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAD603DX03HFYUGSUUMZQ5AFHqQDCbcRbndp5mF3SVu19eScXuGrpg2nLc5WDzV06y+FJw+Dah4cv34QVXrvZ7Q8nY1y4iPNLnPDmhCiX6M9Qv8kZOhpPDs+tmijF9ICJLydjXLiI80ucXop2NF6KdjRga6m0"}
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":53697,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -63,13 +63,13 @@
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":946739304328,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAAIcHPpAAL0RYFwKAAABuYbEN5IlIPsCCECUfx8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":29,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304328}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":29,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAABQHPkAub0RoXAKAAABuYbENwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":29,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304328}
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":946739304328,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAAXcHPsgAL0RfJsKAAABuYbEN4i9IPsGBFEJfxwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":31,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304328}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":31,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAABQHPsAub0RoW4KAAABuYbENwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":31,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304328}
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":946739304328,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAAIcHPxAAL0RYFoKAAABuYbEN+gNIPsCCECUfx0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -79,8 +79,8 @@
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":946739304328,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAAXcHP4gAL0RfJgKAAABuYbEN9dTIPsGBAJxfx4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304328,"flow_last_seen":946739304328,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304328}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304328,"pkt":"REREREREZmZmZmZmCABFAABQHP4Aub0RoWsKAAABuYbENwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304328}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":946739304360,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739304360,"pkt":"ZmZmZmZmRERERERECABFAADWmUJAADQRblq5hsQ3CgAAASD7xQMAwuTIfxuAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":946739304361,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739304361,"pkt":"ZmZmZmZmRERERERECABFAADWmUFAADQRblu5hsQ3CgAAASD7kiUAwhejfx+AAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":946739304362,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739304362,"pkt":"ZmZmZmZmRERERERECABFAADWmURAADQRbli5hsQ3CgAAASD7iL0AwiEOfxyAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
@@ -91,8 +91,8 @@
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":946739304363,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAAXcylIgAL0RKVMKAAABaO66wN6lAbsGBMqkZFUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":42,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304363}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":42,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAABQylIAub0RTiYKAAABaO66wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":42,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304363}
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":946739304363,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAAIcylNAAL0RDRIKAAABaO66wJrnAbsCCOaEZFYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -105,10 +105,10 @@
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":946739304363,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAAXcylQgAL0RKVEKAAABaO66wK3LAbsGBPuAZFMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304363,"flow_last_seen":946739304363,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304363,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":47,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304363}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":47,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAABQylQAub0RTiQKAAABaO66wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":47,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304363}
00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":48,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304363}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":48,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304363,"pkt":"REREREREZmZmZmZmCABFAABQylYAub0RTiIKAAABaO66wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":48,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304363}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":946739304367,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739304367,"pkt":"ZmZmZmZmRERERERECABFAADWmUVAADQRble5hsQ3CgAAASD76A0AwsG8fx2AAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":946739304369,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739304369,"pkt":"ZmZmZmZmRERERERECABFAADWmUZAADQRbla5hsQ3CgAAASD711MAwtJ1fx6AAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":946739304393,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739304393,"pkt":"ZmZmZmZmRERERERECABFAADUETlAADQRUHVo7rrACgAAAQG73qUAwDQQZFWBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAhKdWfhZK3D+gyCT1iixW\/FSRGoXDftkwga2BkZlttUlKSV94EyK2+BzaupeI4vEl+rXXsyVAmoCDcu2+5DAsD7Asxq95SKQwdQwh70VVdkKEIfYOFTawzG9XuIku9iynsCzGr3lIpDAAAAAFfU3cYX1TImA=="}
@@ -123,13 +123,13 @@
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":946739304599,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAAXcZhQgAL0R7isKAAAB0frxGdrjAbsGBM5Z8VQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":59,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304599}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAABQZhQAub0REv8KAAAB0frxGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":59,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304599}
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":946739304599,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAAXcZhUgAL0R7ioKAAAB0frxGZEDAbsGBBg48VYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":61,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304599}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":61,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAABQZhUAub0REv4KAAAB0frxGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":61,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304599}
00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":946739304599,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAAIcZhZAAL0R0ekKAAAB0frxGZQ+AbsCCIXq8VUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -139,8 +139,8 @@
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":946739304599,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAAXcZhggAL0R7icKAAAB0frxGefnAbsGBMFR8VgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304599,"flow_last_seen":946739304599,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304599,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":65,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304599}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":65,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304599,"pkt":"REREREREZmZmZmZmCABFAABQZhgAub0REvsKAAAB0frxGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":65,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304599}
00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":946739304626,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":946739304626,"pkt":"ZmZmZmZmRERERERECABFAADPni1AADcRISDR+vEZCgAAAQG7gBkAu2Pi8VmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="}
00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":946739304626,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":946739304626,"pkt":"ZmZmZmZmRERERERECABFAADPni5AADcRIR\/R+vEZCgAAAQG72uMAuwkd8VSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="}
00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":946739304627,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":946739304627,"pkt":"ZmZmZmZmRERERERECABFAADPnjBAADcRIR3R+vEZCgAAAQG7lD4Au0\/B8VWBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="}
@@ -151,18 +151,18 @@
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":946739304628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAAXcpRogAL0RA94KAAABKU9FDbSVAbsGBIFBBsIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":72,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304628}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":72,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAABQpRkAub0RKLIKAAABKU9FDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":72,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304628}
00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":73,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304628}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":73,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAABQpRoAub0RKLEKAAABKU9FDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":73,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304628}
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":946739304628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAAXcpRsgAL0RA90KAAABKU9FDdrrAbsGBFrpBsQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":946739304628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAAIcpRxAAL0R55sKAAABKU9FDZT4AbsCCDEyBsMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":76,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304628}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAABQpRsAub0RKLAKAAABKU9FDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":76,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304628}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":946739304628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304628,"pkt":"REREREREZmZmZmZmCABFAAIcpR1AAL0R55oKAAABKU9FDdtxAbsCCDEyBsEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304628,"flow_last_seen":946739304628,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304628,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -178,21 +178,21 @@
00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":946739304789,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAAXc6z8gAL0RfgsKAAABMw96+pfTAbsGBFECxkYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":84,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304789}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAABQ6z8Aub0Rot4KAAABMw96+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":84,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304789}
00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":946739304789,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAAXc60AgAL0RfgoKAAABMw96+uk9AbsGBP+VxkgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":86,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304789}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":86,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAABQ60AAub0Rot0KAAABMw96+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":86,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304789}
00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":946739304789,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAAIc60FAAL0RYckKAAABMw96+o88AbsCCHDfxkcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":946739304789,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAAXc60IgAL0RfggKAAABMw96+phfAbsGBFB4xkQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":89,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304789}
00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":89,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAABQ60IAub0RotsKAAABMw96+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":89,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739304789}
00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":946739304789,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739304789,"pkt":"REREREREZmZmZmZmCABFAAIc60NAAL0RYccKAAABMw96+pXaAbsCCHDfxkUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304789,"flow_last_seen":946739304789,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739304789,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -219,18 +219,18 @@
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":946739305155,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAAXcU1YgAL0RcE4KAAABizvIdKpxAbsGBMEKc5QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":106,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305155}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":106,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAABQU1YAub0RlSEKAAABizvIdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":106,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305155}
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":946739305155,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAAXcU1cgAL0RcE0KAAABizvIdJLbAbsGBNikc5ABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":108,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305155}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":108,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAABQU1cAub0RlSAKAAABizvIdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":108,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305155}
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":946739305155,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAAXcU1ggAL0RcEwKAAABizvIdOc6AbsGBIRDc5IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305155,"flow_last_seen":946739305155,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305155,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":110,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305155}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":110,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305155,"pkt":"REREREREZmZmZmZmCABFAABQU1gAub0RlR8KAAABizvIdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":110,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305155}
00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":946739305187,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739305187,"pkt":"ZmZmZmZmRERERERECABFAADSF51AADcRFxKLO8h0CgAAAQG76FQAvuw2c5WBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":946739305189,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739305189,"pkt":"ZmZmZmZmRERERERECABFAADSF55AADcRFxGLO8h0CgAAAQG7xJ8Avg\/uc5OBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":946739305189,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739305189,"pkt":"ZmZmZmZmRERERERECABFAADSF59AADcRFxCLO8h0CgAAAQG7uO0Avhuic5GBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
@@ -244,22 +244,22 @@
00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":946739305192,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAAIcZY1AAL0RdEwKAAABwx5eHIhFIPsCCOQQMswBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":118,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305192}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":118,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAABQZYwAub0RtWAKAAABwx5eHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":118,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305192}
00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":946739305192,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAAIcZY5AAL0RdEsKAAABwx5eHKw9IPsCCOQQMsoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":946739305192,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAAXcZY8gAL0RkIoKAAABwx5eHNIzIPsGBOBTMskBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":121,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305192}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":121,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAABQZY8Aub0RtV0KAAABwx5eHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":121,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305192}
00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":946739305192,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739305192,"pkt":"ZmZmZmZmRERERERECABFAADSF6JAADcRFw2LO8h0CgAAAQG7ktsAvkG1c5CBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":946739305192,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAAXcZZAgAL0RkIkKAAABwx5eHKz6IPsGBAWJMs0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305192,"flow_last_seen":946739305192,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305192,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":124,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305192}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":124,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305192,"pkt":"REREREREZmZmZmZmCABFAABQZZAAub0RtVwKAAABwx5eHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":124,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305192}
00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":946739305194,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739305194,"pkt":"ZmZmZmZmRERERERECABFAADSF6NAADcRFwyLO8h0CgAAAQG75zoAvu1Tc5KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":946739305214,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":946739305214,"pkt":"ZmZmZmZmRERERERECABFAADQ+LRAADgRZ3HDHl4cCgAAASD7iEUAvOWBMsyAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAANu1cuNn82W5kyvuIYj3yDd11LkL534iAFDK9fBQA07jnu8CUEQwYJt1XxEE91D0YyFd2wLooVHv9yyAcc0SAAB5FL6yNLYbucmv1fHy4RsAcOv\/0XhGDt+qQ0bl\/YNRIXkUvrI0thu5ATQ9Gl8jB9hnnVXw"}
00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":946739305214,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":946739305214,"pkt":"ZmZmZmZmRERERERECABFAADQ+LVAADgRZ3DDHl4cCgAAASD7uvkAvLLLMs6AAAABAAEAAAAAATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAANu1cuNn82W5kyvuIYj3yDd11LkL534iAFDK9fBQA07jnu8CUEQwYJt1XxEE91D0YyFd2wLooVHv9yyAcc0SAAB5FL6yNLYbucmv1fHy4RsAcOv\/0XhGDt+qQ0bl\/YNRIXkUvrI0thu5ATQ9Gl8jB9hnnVXw"}
@@ -274,10 +274,10 @@
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":946739305219,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAAXciBsgAL0RNMUKAAABjgTMb4EvAbsGBA3nAg4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":133,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305219}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":133,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAABQiBwAub0RWZcKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":133,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305219}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":134,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305219}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":134,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAABQiBsAub0RWZgKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":134,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305219}
00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":946739305219,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAAIciB1AAL0RGIMKAAABjgTMb6nxAbsCCB1KAg8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -287,8 +287,8 @@
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":946739305219,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAAXciB8gAL0RNMEKAAABjgTMb7cIAbsGBNgLAhABAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305219,"flow_last_seen":946739305219,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305219,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":138,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305219}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":138,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305219,"pkt":"REREREREZmZmZmZmCABFAABQiB8Aub0RWZQKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":138,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305219}
00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":946739305220,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":946739305220,"pkt":"ZmZmZmZmRERERERECABFAADQ+LhAADgRZ23DHl4cCgAAASD70jMAvJuWMsmAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAANu1cuNn82W5kyvuIYj3yDd11LkL534iAFDK9fBQA07jnu8CUEQwYJt1XxEE91D0YyFd2wLooVHv9yyAcc0SAAB5FL6yNLYbucmv1fHy4RsAcOv\/0XhGDt+qQ0bl\/YNRIXkUvrI0thu5ATQ9Gl8jB9hnnVXw"}
00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":946739305220,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":946739305220,"pkt":"ZmZmZmZmRERERERECABFAADQ+LlAADgRZ2zDHl4cCgAAASD7rPoAvMDLMs2AAAABAAEAAAAAATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAANu1cuNn82W5kyvuIYj3yDd11LkL534iAFDK9fBQA07jnu8CUEQwYJt1XxEE91D0YyFd2wLooVHv9yyAcc0SAAB5FL6yNLYbucmv1fHy4RsAcOv\/0XhGDt+qQ0bl\/YNRIXkUvrI0thu5ATQ9Gl8jB9hnnVXw"}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":946739305326,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739305326,"pkt":"ZmZmZmZmRERERERECABFAADWg00AADQR55mOBMxvCgAAAQG7zDwAwg0OAg2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
@@ -300,21 +300,21 @@
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":946739305327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAAXcwI4gAL0RUUsKAAABlXBwCpxJIPsGBPr0a\/0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":146,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305327}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":146,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAABQwI4Aub0Rdh4KAAABlXBwCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":146,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305327}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":946739305327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAAXcwI8gAL0RUUoKAAABlXBwCtrWIPsGBLxpa\/sBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":148,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305327}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":148,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAABQwI8Aub0Rdh0KAAABlXBwCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":148,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305327}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":946739305327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAAXcwJEgAL0RUUgKAAABlXBwCqZKIPsGBPDxa\/8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":946739305327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAAIcwJBAAL0RNQkKAAABlXBwCuB5IPsCCMhQa\/4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305327,"flow_last_seen":946739305327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":151,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305327}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":151,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305327,"pkt":"REREREREZmZmZmZmCABFAABQwJEAub0RdhsKAAABlXBwCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":151,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305327}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305328,"flow_last_seen":946739305328,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":946739305328,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739305328,"pkt":"REREREREZmZmZmZmCABFAAIcwJJAAL0RNQcKAAABlXBwCti6IPsCCMhQa\/wBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305328,"flow_last_seen":946739305328,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739305328,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -324,15 +324,15 @@
00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":946739305348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":946739305348,"pkt":"ZmZmZmZmRERERERECABFAABHTCJAADsRLU2VcHAKCgAAASD7nEkAM5Mra\/2AAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946739305348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739305348,"pkt":"REREREREZmZmZmZmCABFAAIcCf9AAL0Rd68KAAABlTjkLZX0AbsCCDw8f0cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":946739305348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305348,"pkt":"REREREREZmZmZmZmCABFAAXcCgAgAL0Rk+4KAAABlTjkLbKaAbsGBGxVf0QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":159,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305348}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":159,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305348,"pkt":"REREREREZmZmZmZmCABFAABQCgAAub0RuMEKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":159,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305348}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":946739305348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305348,"pkt":"REREREREZmZmZmZmCABFAAXcCgEgAL0Rk+0KAAABlTjkLYqnAbsGBJRGf0YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":161,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305348}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":161,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305348,"pkt":"REREREREZmZmZmZmCABFAABQCgEAub0RuMAKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":161,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305348}
01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":946739305349,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739305349,"pkt":"REREREREZmZmZmZmCABFAAIcCgJAAL0Rd6wKAAABlTjkLYMdAbsCCDw8f0UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":946739305349,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739305349,"pkt":"REREREREZmZmZmZmCABFAAXcCgMgAL0Rk+sKAAABlTjkLYmcAbsGBJVVf0IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":164,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305349}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":164,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739305349,"pkt":"REREREREZmZmZmZmCABFAABQCgMAub0RuL4KAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":164,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739305349}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":946739305349,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":946739305349,"pkt":"ZmZmZmZmRERERERECABFAABHIUUAADsRmCqVcHAKCgAAASD7w3MAM2v+bACAAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
01141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":946739305349,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739305349,"pkt":"REREREREZmZmZmZmCABFAAIcCgRAAL0Rd6oKAAABlTjkLeuNAbsCCDw8f0MBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":946739305350,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":946739305350,"pkt":"ZmZmZmZmRERERERECABFAABHTCRAADsRLUuVcHAKCgAAASD7pkoAM4koa\/+AAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
@@ -345,13 +345,13 @@
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":946739306241,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAAXc+mAgAL0REzsKAAABrGhdUMbhBaMGBCsUtDYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":179,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739306241}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":179,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAABQ+mAAub0ROA4KAAABrGhdUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":179,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739306241}
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":946739306241,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAAXc+mEgAL0REzoKAAABrGhdUKNIBaMGBE6vtDQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":181,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739306241}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":181,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAABQ+mEAub0ROA0KAAABrGhdUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":181,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739306241}
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":946739306241,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAAIc+mJAAL0R9vgKAAABrGhdUJWLBaMCCMyOtDUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -361,8 +361,8 @@
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":946739306241,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAAXc+mQgAL0REzcKAAABrGhdUN5GBaMGBBOttDgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739306241,"flow_last_seen":946739306241,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739306241,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":185,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739306241}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":185,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739306241,"pkt":"REREREREZmZmZmZmCABFAABQ+mQAub0ROAoKAAABrGhdUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":185,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739306241}
00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":946739306433,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":361,"pkt_l4_len":327,"thread_ts_msec":946739306433,"pkt":"ZmZmZmZmRERERERECABFAAFbc7kAADgRQ2SsaF1QCgAAAQWjwWgBRx3ktDmBgAABAAIAAAAAATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABwAwAEAABAAAAAAB9fEROU0MAAgAARetMpee6oZgp6bqFLigcb0SLVmyPyCbHZR6HuGkwY4G1zZ8bDjrU7\/iD1UD40EN1uvlcdqls0BZMl43HwVwZARZAkJHggho4ekmN0Zb884jA2erV10Cju7fjg6Pz8KRbF0CQkeCCGjhfU2UoX1NlKF9UtqjADAAQAAEAAAAAAH18RE5TQwABAACIFa1N+k0s+4iBtwxUZ\/VXDn6QTrqbz7JAjEb6C42munCjxleQqYGFgM5AgV1cY1L\/xiUTddAkkuTfkcOlN9YEFkCQkeCCGjh6SY3RlvzziMDZ6tXXQKO7t+ODo\/PwpFsWQJCR4IIaOF9TZShfU2UoX1S2qA=="}
00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":946739306434,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":361,"pkt_l4_len":327,"thread_ts_msec":946739306434,"pkt":"ZmZmZmZmRERERERECABFAAFbc70AADgRQ2CsaF1QCgAAAQWj6GEBR\/bstDeBgAABAAIAAAAAATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABwAwAEAABAAAAAAB9fEROU0MAAgAARetMpee6oZgp6bqFLigcb0SLVmyPyCbHZR6HuGkwY4G1zZ8bDjrU7\/iD1UD40EN1uvlcdqls0BZMl43HwVwZARZAkJHggho4ekmN0Zb884jA2erV10Cju7fjg6Pz8KRbF0CQkeCCGjhfU2UoX1NlKF9UtqjADAAQAAEAAAAAAH18RE5TQwABAACIFa1N+k0s+4iBtwxUZ\/VXDn6QTrqbz7JAjEb6C42munCjxleQqYGFgM5AgV1cY1L\/xiUTddAkkuTfkcOlN9YEFkCQkeCCGjh6SY3RlvzziMDZ6tXXQKO7t+ODo\/PwpFsWQJCR4IIaOF9TZShfU2UoX1S2qA=="}
00890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":946739306434,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":361,"pkt_l4_len":327,"thread_ts_msec":946739306434,"pkt":"ZmZmZmZmRERERERECABFAAFbc7oAADgRQ2OsaF1QCgAAAQWjxuEBRxhutDaBgAABAAIAAAAAATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABwAwAEAABAAAAAAB9fEROU0MAAgAARetMpee6oZgp6bqFLigcb0SLVmyPyCbHZR6HuGkwY4G1zZ8bDjrU7\/iD1UD40EN1uvlcdqls0BZMl43HwVwZARZAkJHggho4ekmN0Zb884jA2erV10Cju7fjg6Pz8KRbF0CQkeCCGjhfU2UoX1NlKF9UtqjADAAQAAEAAAAAAH18RE5TQwABAACIFa1N+k0s+4iBtwxUZ\/VXDn6QTrqbz7JAjEb6C42munCjxleQqYGFgM5AgV1cY1L\/xiUTddAkkuTfkcOlN9YEFkCQkeCCGjh6SY3RlvzziMDZ6tXXQKO7t+ODo\/PwpFsWQJCR4IIaOF9TZShfU2UoX1S2qA=="}
@@ -390,15 +390,15 @@
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":946739311153,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAAXctEYgAL0RIOAKAAABzbl0dJWGAikGBDIonSYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":197,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739311153}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":197,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAABQtEUAub0RRbQKAAABzbl0dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":197,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739311153}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":198,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739311153}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":198,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAABQtEYAub0RRbMKAAABzbl0dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":198,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739311153}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_last_seen":946739311153,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAAXctEcgAL0RIN8KAAABzbl0dNoOAikGBO2dnSgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311153,"flow_last_seen":946739311153,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311153,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":200,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739311153}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":200,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739311153,"pkt":"REREREREZmZmZmZmCABFAABQtEcAub0RRbIKAAABzbl0dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":200,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739311153}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_last_seen":946739311306,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739311306,"pkt":"ZmZmZmZmRERERERECABFAADShQAAADIRADHNuXR0CgAAAQIpqggAvpKvnSmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAn\/hr1LBKsWo8ISWGing3CJIxyJebVH0i+FiEft0kNqLwa8d8MG0HYasP8XBuGRRYuXbJWON+8OmftD\/GOCqkDQBv6De0v2\/+w89vsWNxuh1o1S9D9qyf\/kIslLiOA5h7AG\/oN7S\/b\/5fU2VhX1NlYV9UtuE="}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":946739311308,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739311308,"pkt":"ZmZmZmZmRERERERECABFAADShP8AADIRADLNuXR0CgAAAQIpl98AvqTWnSuBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAn\/hr1LBKsWo8ISWGing3CJIxyJebVH0i+FiEft0kNqLwa8d8MG0HYasP8XBuGRRYuXbJWON+8OmftD\/GOCqkDQBv6De0v2\/+w89vsWNxuh1o1S9D9qyf\/kIslLiOA5h7AG\/oN7S\/b\/5fU2VhX1NlYV9UtuE="}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":946739311310,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739311310,"pkt":"ZmZmZmZmRERERERECABFAADShQEAADIRADDNuXR0CgAAAQIplc0AvqbsnSeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAn\/hr1LBKsWo8ISWGing3CJIxyJebVH0i+FiEft0kNqLwa8d8MG0HYasP8XBuGRRYuXbJWON+8OmftD\/GOCqkDQBv6De0v2\/+w89vsWNxuh1o1S9D9qyf\/kIslLiOA5h7AG\/oN7S\/b\/5fU2VhX1NlYV9UtuE="}
@@ -414,21 +414,21 @@
00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_last_seen":946739311802,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAAIcgvBAAL0RWGEKAAABNEHrgc6vAbsCCOKYCnEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":210,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739311802}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":210,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAABQgu8Aub0RmXUKAAABNEHrgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":210,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739311802}
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":946739311802,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAAXcgvEgAL0RdKAKAAABNEHrgbpFAbsGBAozCm4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":946739311802,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAAIcgvJAAL0RWF8KAAABNEHrgdqrAbsCCOKYCm8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":213,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739311802}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":213,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAABQgvEAub0RmXMKAAABNEHrgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":213,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739311802}
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_last_seen":946739311802,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAAXcgvMgAL0RdJ4KAAABNEHrgdhxAbsGBOwCCnIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311802,"flow_last_seen":946739311802,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739311802,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":215,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739311802}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":215,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739311802,"pkt":"REREREREZmZmZmZmCABFAABQgvMAub0RmXEKAAABNEHrgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":215,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739311802}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_last_seen":946739312102,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739312102,"pkt":"ZmZmZmZmRERERERECABFAADUhiJAACkR6nc0QeuBCgAAAQG72hoAwNtICnOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_last_seen":946739312103,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739312103,"pkt":"ZmZmZmZmRERERERECABFAADUhiRAACkR6nU0QeuBCgAAAQG7zq8AwOa1CnGBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_last_seen":946739312103,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739312103,"pkt":"ZmZmZmZmRERERERECABFAADUhiNAACgR63Y0QeuBCgAAAQG7tOkAwAB9CnCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
@@ -437,22 +437,22 @@
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_last_seen":946739312105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAAXcRfwgAL0RYAgKAAABMw8+QZecAbsGBGX0xUgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAW9AAwFuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_last_seen":946739312105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739312105,"pkt":"ZmZmZmZmRERERERECABFAADUhiZAACkR6nM0QeuBCgAAAQG72HEAwNzyCnKBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":222,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312105}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":222,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAABQRfwAub0RhNsKAAABMw8+QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":222,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312105}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":946739312105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAAIcRf1AAL0RQ8cKAAABMw8+QbOpAbsCCDQmxUkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAHBAAwBvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":946739312105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAAXcRf4gAL0RYAYKAAABMw8+Qd1wAbsGBCAixUYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAW9AAwFuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":225,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312105}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":225,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAABQRf4Aub0RhNkKAAABMw8+QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":225,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312105}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_last_seen":946739312105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739312105,"pkt":"ZmZmZmZmRERERERECABFAADUhidAACgR63I0QeuBCgAAAQG72qsAwNq7Cm+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":946739312105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAAXcRf8gAL0RYAUKAAABMw8+QYLxAbsGBHqjxUQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAW9AAwFuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":228,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312105}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":228,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAABQRf8Aub0RhNgKAAABMw8+QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":228,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312105}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":946739312105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739312105,"pkt":"REREREREZmZmZmZmCABFAAIcRgBAAL0RQ8QKAAABMw8+QarCAbsCCDQmxUUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAHBAAwBvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312105,"flow_last_seen":946739312105,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312105,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -467,13 +467,13 @@
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_last_seen":946739312132,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAAXcwbUgAL0RbKUKAAABLZm7YJQCEPcGBM6aMPUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":235,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312132}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":235,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAABQwbUAub0RkXgKAAABLZm7YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":235,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312132}
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_last_seen":946739312132,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAAXcwbYgAL0RbKQKAAABLZm7YLOjEPcGBK77MPMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":237,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312132}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":237,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAABQwbYAub0RkXcKAAABLZm7YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":237,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312132}
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":946739312132,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAAIcwbdAAL0RUGMKAAABLZm7YLPvEPcCCKvPMPYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -483,8 +483,8 @@
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":946739312132,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAAXcwbkgAL0RbKEKAAABLZm7YJ4DEPcGBMSXMPcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312132,"flow_last_seen":946739312132,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312132,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":241,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312132}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":241,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312132,"pkt":"REREREREZmZmZmZmCABFAABQwbkAub0RkXQKAAABLZm7YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":241,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312132}
00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_last_seen":946739312132,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":946739312132,"pkt":"ZmZmZmZmRERERERECABFAADZ1M0AADURfjozDz5BCgAAAQG7gvEAxUKLxUSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAG60zsERLlFII2wj6zTIwofCbgq4wxjKMp9YEu9fS884Cf11c1Q4cTQ+J+ZjK7ZH4aaqK8VPbAGFYW80ueYrfwU8FAQJxEup2Hwk1EI2Qz7npiyDDRkpQyGDCxkaPRZtbjwUBAnES6nYAAAAAV9TrQRfVP6E"}
00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_last_seen":946739312133,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":946739312133,"pkt":"ZmZmZmZmRERERERECABFAADZ1MoAADURfj0zDz5BCgAAAQG7s6kAxRHOxUmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAG60zsERLlFII2wj6zTIwofCbgq4wxjKMp9YEu9fS884Cf11c1Q4cTQ+J+ZjK7ZH4aaqK8VPbAGFYW80ueYrfwU8FAQJxEup2Hwk1EI2Qz7npiyDDRkpQyGDCxkaPRZtbjwUBAnES6nYAAAAAV9TrQRfVP6E"}
00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_last_seen":946739312136,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_msec":946739312136,"pkt":"ZmZmZmZmRERERERECABFAADZ1M4AADURfjkzDz5BCgAAAQG77T8Axdg5xUeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAG60zsERLlFII2wj6zTIwofCbgq4wxjKMp9YEu9fS884Cf11c1Q4cTQ+J+ZjK7ZH4aaqK8VPbAGFYW80ueYrfwU8FAQJxEup2Hwk1EI2Qz7npiyDDRkpQyGDCxkaPRZtbjwUBAnES6nYAAAAAV9TrQRfVP6E"}
@@ -501,24 +501,24 @@
00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02425{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_last_seen":946739312286,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAAXcaDMgAL0RTlkKAAABQlUec71AAbsGBPfPLCkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":254,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312286}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":254,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAABQaDMAub0RcywKAAABQlUecwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":254,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312286}
00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01142{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":946739312286,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAAIcaDRAAL0RMhgKAAABQlUec5yjAbsCCCOeLCoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":946739312286,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAAXcaDUgAL0RTlcKAAABQlUec7lIAbsGBPvFLCsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":257,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312286}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":257,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAABQaDUAub0RcyoKAAABQlUecwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":257,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312286}
00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":946739312286,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAAIcaDZAAL0RMhYKAAABQlUec9NgAbsCCCOeLCgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":946739312286,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAAXcaDcgAL0RTlUKAAABQlUec4syAbsGBCngLCcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312286,"flow_last_seen":946739312286,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312286,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":260,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312286}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":260,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312286,"pkt":"REREREREZmZmZmZmCABFAABQaDcAub0RcygKAAABQlUecwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":260,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312286}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":946739312399,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739312399,"pkt":"ZmZmZmZmRERERERECABFAADUFOhAADYRDa1CVR5zCgAAAQG702AAwE8ILCiBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_last_seen":946739312400,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739312400,"pkt":"ZmZmZmZmRERERERECABFAADUFOlAADYRDaxCVR5zCgAAAQG72lgAwEgMLCyBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":946739312401,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739312401,"pkt":"ZmZmZmZmRERERERECABFAADUFOpAADYRDatCVR5zCgAAAQG7vUAAwGUnLCmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
@@ -528,24 +528,24 @@
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":946739312402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAAXc7t4gAL0R6HAKAAABXV\/ipcAiAbsGBEBnx+kBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":266,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312402}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":266,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAABQ7t4Aub0RDUQKAAABXV\/ipQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":266,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312402}
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":946739312402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAAXc7t8gAL0R6G8KAAABXV\/ipeMBAbsGBB2Gx+sBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":946739312402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAAIc7uBAAL0RzC4KAAABXV\/ipaSsAbsCCALbx+oBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":269,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312402}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":269,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAABQ7t8Aub0RDUMKAAABXV\/ipQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":269,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312402}
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":946739312402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAAIc7uFAAL0RzC0KAAABXV\/ipeY4AbsCCALbx+gBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":946739312402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAAXc7uIgAL0R6GwKAAABXV\/ipZ6TAbsGBGH4x+cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312402,"flow_last_seen":946739312402,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739312402,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":272,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312402}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":272,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739312402,"pkt":"REREREREZmZmZmZmCABFAABQ7uIAub0RDUAKAAABXV\/ipQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":272,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739312402}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":946739312405,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739312405,"pkt":"ZmZmZmZmRERERERECABFAADUFOtAADYRDapCVR5zCgAAAQG7nKMAwIXDLCqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_last_seen":946739312406,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739312406,"pkt":"ZmZmZmZmRERERERECABFAADUFOxAADYRDalCVR5zCgAAAQG7uUgAwGkdLCuBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_last_seen":946739312407,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739312407,"pkt":"ZmZmZmZmRERERERECABFAADUFO1AADYRDahCVR5zCgAAAQG7izIAwJc3LCeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
@@ -558,13 +558,13 @@
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":946739317403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAAXcmsIgAL0RopIKAAABM56mYbiZAbsGBBC9B18BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":281,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317403}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":281,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAABQmsIAub0Rx2UKAAABM56mYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":281,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317403}
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":946739317403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAAXcmsMgAL0RopEKAAABM56mYbPyAbsGBBVmB10BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":283,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317403}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":283,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAABQmsMAub0Rx2QKAAABM56mYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":283,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317403}
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":946739317403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAAIcmsRAAL0RhlAKAAABM56mYdyuAbsCCJzVB2ABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -574,8 +574,8 @@
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":946739317403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAAXcmsUgAL0Roo8KAAABM56mYbvBAbsGBA2TB2EBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317403,"flow_last_seen":946739317403,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317403,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":287,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317403}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":287,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317403,"pkt":"REREREREZmZmZmZmCABFAABQmsUAub0Rx2IKAAABM56mYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":287,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317403}
00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":946739317428,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":946739317428,"pkt":"ZmZmZmZmRERERERECABFAADXKhpAADMRgkAznqZhCgAAAQG7kKsAw\/s4B2KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":2,"flow_last_seen":946739317429,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":946739317429,"pkt":"ZmZmZmZmRERERERECABFAADXKh1AADMRgj0znqZhCgAAAQG73K4Aw683B2CBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":2,"flow_last_seen":946739317431,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":946739317431,"pkt":"ZmZmZmZmRERERERECABFAADXKhtAADQRgT8znqZhCgAAAQG7uJkAw9NNB1+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
@@ -587,24 +587,24 @@
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":946739317432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAAXc144gAL0RoeEKAAABsDjtq9cGAbsGBFSSsmQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":295,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317432}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":295,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAABQ144Aub0RxrQKAAABsDjtqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":295,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317432}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":946739317432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAAIc149AAL0RhaAKAAABsDjtq8ijAbsCCGC6smUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":946739317432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAAXc15AgAL0Rod8KAAABsDjtq49EAbsGBJxWsmIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":298,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317432}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":298,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAABQ15AAub0RxrIKAAABsDjtqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":298,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317432}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":946739317432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAAIc15JAAL0RhZ0KAAABsDjtq79wAbsCCGC6smMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_last_seen":946739317432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAAXc15EgAL0Rod4KAAABsDjtq7zFAbsGBG7RsmYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317432,"flow_last_seen":946739317432,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":301,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317432}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":301,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317432,"pkt":"REREREREZmZmZmZmCABFAABQ15EAub0RxrEKAAABsDjtqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":301,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317432}
00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":2,"flow_last_seen":946739317434,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":946739317434,"pkt":"ZmZmZmZmRERERERECABFAADXKh9AADQRgTsznqZhCgAAAQG7u8EAw9AjB2GBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_last_seen":946739317460,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":946739317460,"pkt":"ZmZmZmZmRERERERECABFAADcYmUAADoRvwuwOO2rCgAAAQG7ovUAyPSjsmeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAABl3+ykQSZujAz2k88UgiWZ8EW8WsV\/cZTbX4vJmZY7W5pQMpzujkuwlfjXc+3bckBxwziAxuzLgEVuJhZegpADIiVqOfVhh6bINcwjX2cKXslxwpVLP3wwY1fcQglCKacmJWo59WGHpX1OncV9Tp3FfVPjx"}
00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_last_seen":946739317461,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":946739317461,"pkt":"ZmZmZmZmRERERERECABFAADcYmYAADkRwAqwOO2rCgAAAQG71wYAyMCVsmSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAABl3+ykQSZujAz2k88UgiWZ8EW8WsV\/cZTbX4vJmZY7W5pQMpzujkuwlfjXc+3bckBxwziAxuzLgEVuJhZegpADIiVqOfVhh6bINcwjX2cKXslxwpVLP3wwY1fcQglCKacmJWo59WGHpX1OncV9Tp3FfVPjx"}
@@ -619,18 +619,18 @@
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_last_seen":946739317462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAAIcwF1AAL0Rvf8KAAABstjJ3s99CAUCCD+NfSUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":310,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317462}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":310,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAABQwFwAub0R\/xMKAAABstjJ3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":310,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317462}
00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":946739317462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAAXcwF4gAL0R2j4KAAABstjJ3sv9CAUGBG7NfSIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_last_seen":946739317462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAAXcwF8gAL0R2j0KAAABstjJ3pbCCAUGBKQEfSYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":313,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317462}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":313,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAABQwF4Aub0R\/xEKAAABstjJ3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":313,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317462}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":314,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317462}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":314,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAABQwF8Aub0R\/xAKAAABstjJ3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":314,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317462}
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":58740,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":946739317462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739317462,"pkt":"REREREREZmZmZmZmCABFAAIcwGBAAL0RvfwKAAABstjJ3uV0CAUCCD+NfSMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317462,"flow_last_seen":946739317462,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317462,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":58740,"dst_port":2053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -647,8 +647,8 @@
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_last_seen":946739317496,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAAXcbs0gAL0RChwKAAABLUxxH9fjAbsGBNdkZBYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":325,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317496}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":325,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAABQbs0Aub0RLu8KAAABLUxxHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":325,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317496}
00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_last_seen":946739317496,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAAIcbs5AAL0R7doKAAABLUxxH8mFAbsCCGFBZBcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -661,10 +661,10 @@
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":946739317496,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAAXcbtEgAL0RChgKAAABLUxxH8tlAbsGBOPgZBgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317496,"flow_last_seen":946739317496,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739317496,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":330,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317496}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":330,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAABQbtEAub0RLusKAAABLUxxHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":330,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317496}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":331,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317496}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":331,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739317496,"pkt":"REREREREZmZmZmZmCABFAABQbtAAub0RLuwKAAABLUxxHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":331,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739317496}
00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":2,"flow_last_seen":946739317810,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739317810,"pkt":"ZmZmZmZmRERERERECABFAADSA+ZAAC8R6A0tTHEfCgAAAQG7qwAAvmKSZBWBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAr5zEv1WGx7jem2pK2nflqiaMVF6rzF7WHGlvrWl\/ySW6UfM8aTB84zwXL6LFGFBJtiDl\/1MLBjf7\/4+Tj2baBU4DeMBZ\/3\/bX+\/ckKf+At437jBg5+agLK3mfgxAT218TgN4wFn\/f9sAAAABX1NRj19Uow8="}
00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":2,"flow_last_seen":946739317819,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739317819,"pkt":"ZmZmZmZmRERERERECABFAADSA+dAAC8R6AwtTHEfCgAAAQG7yYUAvkQLZBeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAr5zEv1WGx7jem2pK2nflqiaMVF6rzF7WHGlvrWl\/ySW6UfM8aTB84zwXL6LFGFBJtiDl\/1MLBjf7\/4+Tj2baBU4DeMBZ\/3\/bX+\/ckKf+At437jBg5+agLK3mfgxAT218TgN4wFn\/f9sAAAABX1NRj19Uow8="}
00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_last_seen":946739317819,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739317819,"pkt":"ZmZmZmZmRERERERECABFAADSA+tAAC8R6AgtTHEfCgAAAQG76TsAviRYZBSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAr5zEv1WGx7jem2pK2nflqiaMVF6rzF7WHGlvrWl\/ySW6UfM8aTB84zwXL6LFGFBJtiDl\/1MLBjf7\/4+Tj2baBU4DeMBZ\/3\/bX+\/ckKf+At437jBg5+agLK3mfgxAT218TgN4wFn\/f9sAAAABX1NRj19Uow8="}
@@ -680,18 +680,18 @@
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":946739318038,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAAXc+3QgAL0Rpj8KAAABl1DeT7pxAbsGBJ0gXC0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":341,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318038}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":341,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAABQ+3MAub0RyxMKAAABl1DeTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":341,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318038}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":342,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318038}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":342,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAABQ+3QAub0RyxIKAAABl1DeTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":342,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318038}
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":946739318038,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAAIc+3VAAL0Rif4KAAABl1DeT8tIAbsCCDh2XDABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_last_seen":946739318038,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAAXc+3YgAL0Rpj0KAAABl1DeT+EkAbsGBHZpXDEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":345,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318038}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":345,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAABQ+3YAub0RyxAKAAABl1DeTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":345,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318038}
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_last_seen":946739318038,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739318038,"pkt":"REREREREZmZmZmZmCABFAAIc+3dAAL0RifwKAAABl1DeT5ZvAbsCCDh2XC4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318038,"flow_last_seen":946739318038,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318038,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -706,19 +706,19 @@
00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_last_seen":946739318061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAAIcXcpAAL0RQhYKAAABjgTNL5zKAbsCCB4KqloBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":352,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318061}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":352,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAABQXckAub0RgyoKAAABjgTNLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":352,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318061}
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_last_seen":946739318061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAAXcXcsgAL0RXlUKAAABjgTNL8rfAbsGBBssqlcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":354,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318061}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":354,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAABQXcsAub0RgygKAAABjgTNLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":354,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318061}
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_last_seen":946739318061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAAXcXcwgAL0RXlQKAAABjgTNL9NQAbsGBBK3qlsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":2,"flow_last_seen":946739318061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_msec":946739318061,"pkt":"ZmZmZmZmRERERERECABFAADX+4lAADQRFDCXUN5PCgAAAQG7y0gAw+xKXDCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":357,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318061}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":357,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAABQXcwAub0RgycKAAABjgTNLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":357,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318061}
00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":946739318061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739318061,"pkt":"REREREREZmZmZmZmCABFAAIcXc1AAL0RQhMKAAABjgTNL4w\/AbsCCB4KqlgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318061,"flow_last_seen":946739318061,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -737,18 +737,18 @@
00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":946739318169,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAAXcuocgAL0R36EKAAABwb+7a4H\/AbsGBBdyLyoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":368,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318169}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":368,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAABQuocAub0RBHUKAAABwb+7awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":368,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318169}
00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":946739318169,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAAXcuokgAL0R358KAAABwb+7a9PHAbsGBMWnLywBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_last_seen":946739318169,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAAXcuoggAL0R36AKAAABwb+7a7+QAbsGBNniLygBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":371,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318169}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":371,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAABQuokAub0RBHMKAAABwb+7awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":371,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318169}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":372,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318169}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":372,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAABQuogAub0RBHQKAAABwb+7awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":372,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739318169}
00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":946739318169,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739318169,"pkt":"REREREREZmZmZmZmCABFAAIcuopAAL0Rw14KAAABwb+7a7\/bAbsCCEABLykBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739318169,"flow_last_seen":946739318169,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739318169,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -767,21 +767,21 @@
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":49975,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_last_seen":946739337048,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAAXc+L0gAL0RbrcKAAABMw980MM3EPcGBKwyaUIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":49975,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":385,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337048}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":385,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAABQ+L0Aub0Rk4oKAAABMw980AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":385,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337048}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":38310,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_last_seen":946739337048,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAAXc+L4gAL0RbrYKAAABMw980JWmEPcGBNnFaUABAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":38310,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":55768,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_last_seen":946739337048,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAAIc+L9AAL0RUnUKAAABMw980NnYEPcCCHK1aUMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":55768,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":388,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337048}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":388,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAABQ+L4Aub0Rk4kKAAABMw980AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":388,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337048}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":946739337048,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAAXc+MAgAL0RbrQKAAABMw980JvmEPcGBNOBaUQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":390,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337048}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":390,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAABQ+MAAub0Rk4cKAAABMw980AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":390,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337048}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":53887,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":946739337048,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739337048,"pkt":"REREREREZmZmZmZmCABFAAIc+MFAAL0RUnMKAAABMw980NJ\/EPcCCHK1aUEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337048,"flow_last_seen":946739337048,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337048,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":53887,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -794,21 +794,21 @@
00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_last_seen":946739337078,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAAXc\/ckgAL0RlZoKAAABp3LcfZZsAbsGBGHYm2YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":397,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337078}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":397,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAABQ\/ckAub0Rum0KAAABp3LcfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":397,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337078}
00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":946739337078,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAAIc\/cpAAL0ReVkKAAABp3LcfZuIAbsCCEbGm2cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":946739337078,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAAXc\/csgAL0RlZgKAAABp3LcfbItAbsGBEYVm2gBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":400,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337078}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":400,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAABQ\/csAub0RumsKAAABp3LcfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":400,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337078}
00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":946739337078,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAAXc\/cwgAL0RlZcKAAABp3LcfejFAbsGBA+Bm2QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":402,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337078}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":402,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAABQ\/cwAub0RumoKAAABp3LcfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":402,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337078}
00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":946739337078,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739337078,"pkt":"REREREREZmZmZmZmCABFAAIc\/c1AAL0ReVYKAAABp3LcfbKzAbsCCEbGm2UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00801{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337078,"flow_last_seen":946739337078,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337078,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -827,8 +827,8 @@
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58104,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":946739337184,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAAXcw6sgAL0RoycKAAABBb2qxOL4AdEGBCbssn4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAW3AAwFswAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58104,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":413,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337184}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":413,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAABQw6sAub0Rx\/oKAAABBb2qxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":413,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337184}
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":40748,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_last_seen":946739337184,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAAIcw6xAAL0RhuYKAAABBb2qxJ8sAdECCHNXsoEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAG7AAwBtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":40748,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -838,10 +838,10 @@
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":59749,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_last_seen":946739337184,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAAXcw64gAL0RoyQKAAABBb2qxOllAdEGBCB7soIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAW3AAwFswAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739337184,"flow_last_seen":946739337184,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739337184,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":59749,"dst_port":465,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":417,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337184}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":417,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAABQw60Aub0Rx\/gKAAABBb2qxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":417,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337184}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":418,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337184}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":418,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739337184,"pkt":"REREREREZmZmZmZmCABFAABQw64Aub0Rx\/cKAAABBb2qxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":418,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739337184}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_last_seen":946739337186,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739337186,"pkt":"ZmZmZmZmRERERERECABFAADU4rgAADMRX7Snctx9CgAAAQG7si0AwMTum2iBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAACtvTpPmuzdARCZdHINGnm84Rta+Q9yZkJOIOBZH1xDWjyTETMesMGOqAFTeyjt37OaMFtfnU1CukJNcbLtFisLiXsfUndKvm3+Vr\/KkwQySWxBEvG+JEE+3LVi8Tb5u3eKex9Sd0q+bV9TqoVfU6qFX1T8BQ=="}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":2,"flow_last_seen":946739337188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739337188,"pkt":"ZmZmZmZmRERERERECABFAADU4rkAADMRX7Onctx9CgAAAQG76MUAwI5am2SBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAACtvTpPmuzdARCZdHINGnm84Rta+Q9yZkJOIOBZH1xDWjyTETMesMGOqAFTeyjt37OaMFtfnU1CukJNcbLtFisLiXsfUndKvm3+Vr\/KkwQySWxBEvG+JEE+3LVi8Tb5u3eKex9Sd0q+bV9TqoVfU6qFX1T8BQ=="}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":2,"flow_last_seen":946739337190,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739337190,"pkt":"ZmZmZmZmRERERERECABFAADU4roAADMRX7Knctx9CgAAAQG7srMAwMRrm2WBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAACtvTpPmuzdARCZdHINGnm84Rta+Q9yZkJOIOBZH1xDWjyTETMesMGOqAFTeyjt37OaMFtfnU1CukJNcbLtFisLiXsfUndKvm3+Vr\/KkwQySWxBEvG+JEE+3LVi8Tb5u3eKex9Sd0q+bV9TqoVfU6qFX1T8BQ=="}
@@ -857,21 +857,21 @@
00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":45815,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_last_seen":946739348756,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAAIcwiZAAL0R5K0KAAABuf2aQrL3EPcCCBcWY0sBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":45815,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":428,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739348756}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":428,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAABQwiUAub0RJcIKAAABuf2aQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":428,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739348756}
00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":43540,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_last_seen":946739348756,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAAIcwidAAL0R5KwKAAABuf2aQqoUEPcCCBcWY0kBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":43540,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":48159,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_last_seen":946739348756,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAAXcwiggAL0RAOwKAAABuf2aQrwfEPcGBB7tY0gBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":48159,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":431,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739348756}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":431,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAABQwigAub0RJb8KAAABuf2aQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":431,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739348756}
00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_last_seen":946739348756,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAAXcwikgAL0RAOsKAAABuf2aQpZSEPcGBES4Y0oBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00665{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348756,"flow_last_seen":946739348756,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348756,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":433,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739348756}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":433,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739348756,"pkt":"REREREREZmZmZmZmCABFAABQwikAub0RJb4KAAABuf2aQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":433,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739348756}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":2,"flow_last_seen":946739348800,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":946739348800,"pkt":"ZmZmZmZmRERERERECABFAADTW7dAADkR0Ga5\/ZpCCgAAARD3svcAv+AkY0uBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPzOPvxAqRNc7Q72GZx6clSW\/rILjCJS5AVCUtIfh\/knKqjuiGnU\/ySlMpkdSKAUBEzuxnQcAR\/n3q9w6kY3ZQBbAAtR8Cvhyf4swkJ5CXEM5Flzvf2K4fhPC+UgsGecNlsAC1HwK+HJAAAAAV9TdNFfVMZR"}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":2,"flow_last_seen":946739348800,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":946739348800,"pkt":"ZmZmZmZmRERERERECABFAADTW7hAADkR0GW5\/ZpCCgAAARD3lzUAv\/vqY0eBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPzOPvxAqRNc7Q72GZx6clSW\/rILjCJS5AVCUtIfh\/knKqjuiGnU\/ySlMpkdSKAUBEzuxnQcAR\/n3q9w6kY3ZQBbAAtR8Cvhyf4swkJ5CXEM5Flzvf2K4fhPC+UgsGecNlsAC1HwK+HJAAAAAV9TdNFfVMZR"}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":2,"flow_last_seen":946739348803,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":946739348803,"pkt":"ZmZmZmZmRERERERECABFAADTW7pAADkR0GO5\/ZpCCgAAARD3qhQAv+kJY0mBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPzOPvxAqRNc7Q72GZx6clSW\/rILjCJS5AVCUtIfh\/knKqjuiGnU\/ySlMpkdSKAUBEzuxnQcAR\/n3q9w6kY3ZQBbAAtR8Cvhyf4swkJ5CXEM5Flzvf2K4fhPC+UgsGecNlsAC1HwK+HJAAAAAV9TdNFfVMZR"}
@@ -887,21 +887,21 @@
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_last_seen":946739348805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAAIclaZAAL0RCvoKAAABjgTMb6OnAbsCCB1KEX0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":443,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739348805}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":443,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAABQlaUAub0RTA4KAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":443,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739348805}
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_last_seen":946739348805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAAIcladAAL0RCvkKAAABjgTMb7UbAbsCCB1KEXsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_last_seen":946739348805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAAXclaggAL0RJzgKAAABjgTMb99cAbsGBKBJEX4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":446,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739348805}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":446,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAABQlagAub0RTAsKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":446,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739348805}
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_last_seen":946739348805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAAXclakgAL0RJzcKAAABjgTMb7oFAbsGBMWkEXoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348805,"flow_last_seen":946739348805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739348805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":448,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739348805}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":448,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739348805,"pkt":"REREREREZmZmZmZmCABFAABQlakAub0RTAoKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":448,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739348805}
00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":2,"flow_last_seen":946739348912,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739348912,"pkt":"ZmZmZmZmRERERERECABFAADWoIMAADQRymOOBMxvCgAAAQG7o6cAwiYzEX2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":2,"flow_last_seen":946739348913,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739348913,"pkt":"ZmZmZmZmRERERERECABFAADWoIUAADQRymGOBMxvCgAAAQG751gAwuKCEXyBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":2,"flow_last_seen":946739348915,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739348915,"pkt":"ZmZmZmZmRERERERECABFAADWoIQAADQRymKOBMxvCgAAAQG7tRsAwhTBEXuBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
@@ -917,21 +917,21 @@
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380804,"flow_last_seen":946739380804,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380804,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01145{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":946739380804,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739380804,"pkt":"REREREREZmZmZmZmCABFAAIc\/YdAAH4Rg9QKAAAB1C\/kiMtYAbsCCHuObeIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380804,"flow_last_seen":946739380804,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380804,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":458,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739380804}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":458,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739380804,"pkt":"REREREREZmZmZmZmCABFAABQIEwAuX4RoiMKAAAB1C\/kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":458,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739380804}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01145{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_last_seen":946739380805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739380805,"pkt":"REREREREZmZmZmZmCABFAAIc\/YhAAH4Rg9MKAAAB1C\/kiJ9HAbsCCHuObeABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02428{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_last_seen":946739380805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739380805,"pkt":"REREREREZmZmZmZmCABFAAXc\/YkgAH4RoBIKAAAB1C\/kiNwPAbsGBMhCbeEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":461,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739380805}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":461,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739380805,"pkt":"REREREREZmZmZmZmCABFAABQ\/YkAuX4RxOUKAAAB1C\/kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":461,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739380805}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02428{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_last_seen":946739380805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739380805,"pkt":"REREREREZmZmZmZmCABFAAXc\/YogAH4RoBEKAAAB1C\/kiO3VAbsGBLZ+bd8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380805,"flow_last_seen":946739380805,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380805,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":463,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739380805}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":463,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739380805,"pkt":"REREREREZmZmZmZmCABFAABQ\/YoAuX4RxOQKAAAB1C\/kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":463,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739380805}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":2,"flow_last_seen":946739380832,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739380832,"pkt":"ZmZmZmZmRERERERECABFAADWpUBAADIRKWLUL+SICgAAAQG7leMAwtNqbd6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAAGnqbCRK7WvFnA0fqnvTaP0TkhGLYlM337fP\/M0VQi0o3wTy7gpqyMQZFkjfrWn031Ofm4JJLwM1X8FbNxmrQCWUcFQ8RQkVXWSFLecisgk5xXaKVbLy2ZX6VNRztvrCJZRwVDxFCRVAAAAAV9ToghfVPOI"}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":2,"flow_last_seen":946739380834,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739380834,"pkt":"ZmZmZmZmRERERERECABFAADWpUJAADIRKWDUL+SICgAAAQG7hbQAwuOabd2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAAGnqbCRK7WvFnA0fqnvTaP0TkhGLYlM337fP\/M0VQi0o3wTy7gpqyMQZFkjfrWn031Ofm4JJLwM1X8FbNxmrQCWUcFQ8RQkVXWSFLecisgk5xXaKVbLy2ZX6VNRztvrCJZRwVDxFCRVAAAAAV9ToghfVPOI"}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":2,"flow_last_seen":946739380834,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739380834,"pkt":"ZmZmZmZmRERERERECABFAADWpUFAADMRKGHUL+SICgAAAQG7y1gAwp3xbeKBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAAGnqbCRK7WvFnA0fqnvTaP0TkhGLYlM337fP\/M0VQi0o3wTy7gpqyMQZFkjfrWn031Ofm4JJLwM1X8FbNxmrQCWUcFQ8RQkVXWSFLecisgk5xXaKVbLy2ZX6VNRztvrCJZRwVDxFCRVAAAAAV9ToghfVPOI"}
@@ -950,18 +950,18 @@
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":57090,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_last_seen":946739380984,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739380984,"pkt":"REREREREZmZmZmZmCABFAAXcVMcgAH4RTqIKAAABVQVd5t8CIPsGBKCC4+8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":57090,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":474,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739380984}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":474,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739380984,"pkt":"REREREREZmZmZmZmCABFAABQVMcAuX4Rc3UKAAABVQVd5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":474,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739380984}
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":51826,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":946739380984,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739380984,"pkt":"REREREREZmZmZmZmCABFAAXcVMkgAH4RTqAKAAABVQVd5spyIPsGBLUQ4\/EBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":51826,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":946739380984,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739380984,"pkt":"REREREREZmZmZmZmCABFAAXcVMggAH4RTqEKAAABVQVd5plbIPsGBOYr4+0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380984,"flow_last_seen":946739380984,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739380984,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":477,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739380984}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":477,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739380984,"pkt":"REREREREZmZmZmZmCABFAABQVMgAuX4Rc3QKAAABVQVd5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":477,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739380984}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":478,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739380984}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":478,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739380984,"pkt":"REREREREZmZmZmZmCABFAABQVMkAuX4Rc3MKAAABVQVd5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":478,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739380984}
00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":2,"flow_last_seen":946739381015,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":946739381015,"pkt":"ZmZmZmZmRERERERECABFAADPeUtAADQRWStVBV3mCgAAASD7tjYAu6OI4+6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAQmF4jrNkSB0NiNqctWCLsz9Hoe15aS6mrwyMq15DMDKxowa47TLEyU+dCwefDt3RvbYdetUltVlZd+8gb8kmCcgRT\/L7wkmA5gU0xv13eDWtHcb4jTpxlTH+X73K1n94yBFP8vvCSYAAAAABX1Nm5l9UuGY="}
00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_last_seen":946739381016,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":946739381016,"pkt":"ZmZmZmZmRERERERECABFAADPeUlAADQRWS1VBV3mCgAAASD75kQAu3N24\/KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAQmF4jrNkSB0NiNqctWCLsz9Hoe15aS6mrwyMq15DMDKxowa47TLEyU+dCwefDt3RvbYdetUltVlZd+8gb8kmCcgRT\/L7wkmA5gU0xv13eDWtHcb4jTpxlTH+X73K1n94yBFP8vvCSYAAAAABX1Nm5l9UuGY="}
00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":2,"flow_last_seen":946739381016,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":946739381016,"pkt":"ZmZmZmZmRERERERECABFAADPeUpAADQRWSxVBV3mCgAAASD7xOMAu5TZ4\/CBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAQmF4jrNkSB0NiNqctWCLsz9Hoe15aS6mrwyMq15DMDKxowa47TLEyU+dCwefDt3RvbYdetUltVlZd+8gb8kmCcgRT\/L7wkmA5gU0xv13eDWtHcb4jTpxlTH+X73K1n94yBFP8vvCSYAAAAABX1Nm5l9UuGY="}
@@ -977,21 +977,21 @@
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":51509,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_last_seen":946739391046,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAAXcBYcgAH4R5yEKAAABi2PeSMk1IPsGBMVRmlYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":51509,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":488,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739391046}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":488,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAABQBYYAuX4RC\/YKAAABi2PeSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":488,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739391046}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":45682,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":946739391046,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAAIcBYhAAH4RyuAKAAABi2PeSLJyIPsCCCyCmlcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":45682,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":490,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739391046}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":490,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAABQBYcAuX4RC\/UKAAABi2PeSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":490,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739391046}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":59400,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":946739391046,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAAIcBYlAAH4Ryt8KAAABi2PeSOgIIPsCCCyCmlUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":59400,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":946739391046,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAAXcBYogAH4R5x4KAAABi2PeSMKEIPsGBMwAmlgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739391046,"flow_last_seen":946739391046,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739391046,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":493,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739391046}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":493,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739391046,"pkt":"REREREREZmZmZmZmCABFAABQBYoAuX4RC\/IKAAABi2PeSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":493,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739391046}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":2,"flow_last_seen":946739391306,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739391306,"pkt":"ZmZmZmZmRERERERECABFAADSWtFAACoRyuGLY95ICgAAASD7snIAvm5FmleBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAAR0hTbelwStbUvrsyN4TMcjd6ciaJLWS\/+lAjdb\/qhY\/GqLYEoO6rv\/+JZlrPe5rwefrjN2pIualeqx6XQ1AD9Zj2kPVDPuO2VaFeIl38Qe5+u3sSCCBiqzaCgrP\/G5+1mPaQ9UM+44AAAABX1NQIl9UoaI="}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":2,"flow_last_seen":946739391308,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739391308,"pkt":"ZmZmZmZmRERERERECABFAADSWtNAACoRyt+LY95ICgAAASD7xakAvlsMmlmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAAR0hTbelwStbUvrsyN4TMcjd6ciaJLWS\/+lAjdb\/qhY\/GqLYEoO6rv\/+JZlrPe5rwefrjN2pIualeqx6XQ1AD9Zj2kPVDPuO2VaFeIl38Qe5+u3sSCCBiqzaCgrP\/G5+1mPaQ9UM+44AAAABX1NQIl9UoaI="}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_last_seen":946739391308,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":946739391308,"pkt":"ZmZmZmZmRERERERECABFAADSWtJAACoRyuCLY95ICgAAASD76AgAvjixmlWBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAAR0hTbelwStbUvrsyN4TMcjd6ciaJLWS\/+lAjdb\/qhY\/GqLYEoO6rv\/+JZlrPe5rwefrjN2pIualeqx6XQ1AD9Zj2kPVDPuO2VaFeIl38Qe5+u3sSCCBiqzaCgrP\/G5+1mPaQ9UM+44AAAABX1NQIl9UoaI="}
@@ -1001,13 +1001,13 @@
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_last_seen":946739396047,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAAXclEMgAH4RxtIKAAABkFtq46CUAbsGBGABZlsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":499,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396047}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":499,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAABQlEMAuX4R66UKAAABkFtq4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":499,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396047}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_last_seen":946739396047,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAAXclEQgAH4RxtEKAAABkFtq47xtAbsGBEQqZlkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":501,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396047}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":501,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAABQlEQAuX4R66QKAAABkFtq4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":501,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396047}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":946739396047,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAAIclEVAAH4RqpAKAAABkFtq49QhAbsCCL4UZloBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -1017,8 +1017,8 @@
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_last_seen":946739396047,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAAXclEcgAH4Rxs4KAAABkFtq49O8AbsGBCzXZl0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396047,"flow_last_seen":946739396047,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396047,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":505,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396047}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":505,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739396047,"pkt":"REREREREZmZmZmZmCABFAABQlEcAuX4R66EKAAABkFtq4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":505,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396047}
00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":2,"flow_last_seen":946739396069,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_msec":946739396069,"pkt":"ZmZmZmZmRERERERECABFAADTkQZAADcR9hiQW2rjCgAAAQG7oJQAvzbjZluBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAALkTa3PmYOnbKVsenPA+dUbqb7bPdeethm+r51VaewMcP0sfe1RtTAHcc8Uvs8bFQylZgA4Na3Yk4xgl2KWmKw4bPctGhBgarq2J2ya3ifLfvYsxbqqez8iaBEin48TCXxs9y0aEGBquAAAAAV9TgfdfVNN3"}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33293,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_last_seen":946739396070,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAAIcSFhAAH4R+qEKAAABLuPIN4INIPsCCLnwFdMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -1029,18 +1029,18 @@
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33246,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_last_seen":946739396070,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAAXcSFogAH4RFuAKAAABLuPIN4HeIPsGBEfaFc4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33246,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":510,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396070}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":510,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAABQSFkAuX4RO7QKAAABLuPINwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":510,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396070}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":511,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396070}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":511,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAABQSFoAuX4RO7MKAAABLuPINwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":511,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396070}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":50277,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_last_seen":946739396070,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAAIcSFtAAH4R+p4KAAABLuPIN8RlIPsCCLnwFdEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":50277,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":44161,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":946739396070,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAAXcSFwgAH4RFt4KAAABLuPIN6yBIPsGBB0zFdIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":44161,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":514,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396070}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":514,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAABQSFwAuX4RO7EKAAABLuPINwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":514,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396070}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":49177,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_last_seen":946739396070,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739396070,"pkt":"REREREREZmZmZmZmCABFAAIcSF1AAH4R+pwKAAABLuPIN8AZIPsCCLnwFc8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396070,"flow_last_seen":946739396070,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396070,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":49177,"dst_port":8443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -1060,8 +1060,8 @@
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_last_seen":946739396111,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAAXcKekgAH4Rh58KAAABa6o5IteRAbsGBOOGsy4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":528,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396111}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":528,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAABQKekAuX4RrHIKAAABa6o5IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":528,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396111}
00602{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_last_seen":946739396111,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAAIcKepAAH4Ra14KAAABa6o5Io3vAbsCCGeisy8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
@@ -1074,10 +1074,10 @@
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":946739396111,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAAXcKe0gAH4Rh5sKAAABa6o5IqSdAbsGBBZ5szABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739396111,"flow_last_seen":946739396111,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739396111,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":533,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396111}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":533,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAABQKewAuX4RrG8KAAABa6o5IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":533,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396111}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":534,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396111}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":534,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739396111,"pkt":"REREREREZmZmZmZmCABFAABQKe0AuX4RrG4KAAABa6o5IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":534,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739396111}
00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":2,"flow_last_seen":946739396113,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_msec":946739396113,"pkt":"ZmZmZmZmRERERERECABFAADWzDBAADcRvw8u48g3CgAAASD7wBkAwtmiFc+AAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":2,"flow_last_seen":946739396210,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":946739396210,"pkt":"ZmZmZmZmRERERERECABFAADcvzUAADQRYVNrqjkiCgAAAQG71GcAyMwVszGBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAAI\/a1gzqXBRkeMMNLdByUsrCAeXq9pAoSIZvWZO078wHKN5t9zokYno4cH1X8DUwDBTmKYZNXI496f2ZPTyfGw7EiDsrhQ4a28OXE48fibQ4VcAHxN0Yn+p8BQ7Bz9i\/KcWIOyuFDhrbX1Oowl9TqMJfVPpC"}
00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":2,"flow_last_seen":946739396214,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":946739396214,"pkt":"ZmZmZmZmRERERERECABFAADcvzYAADQRYVJrqjkiCgAAAQG715EAyMjusy6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAAI\/a1gzqXBRkeMMNLdByUsrCAeXq9pAoSIZvWZO078wHKN5t9zokYno4cH1X8DUwDBTmKYZNXI496f2ZPTyfGw7EiDsrhQ4a28OXE48fibQ4VcAHxN0Yn+p8BQ7Bz9i\/KcWIOyuFDhrbX1Oowl9TqMJfVPpC"}
@@ -1097,18 +1097,18 @@
00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02428{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":946739400460,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAAXcPTYgAH4R32gKAAABucF\/9NaIAbsGBKQ8\/IwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":546,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739400460}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":546,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAABQPTYAuX4RBDwKAAABucF\/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":546,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739400460}
00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02428{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":946739400460,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAAXcPTggAH4R32YKAAABucF\/9LTqAbsGBMXY\/I4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02428{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":946739400460,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAAXcPTcgAH4R32cKAAABucF\/9LtjAbsGBL9j\/IoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00805{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400460,"flow_last_seen":946739400460,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400460,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":549,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739400460}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":549,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAABQPTcAuX4RBDsKAAABucF\/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":549,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739400460}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":550,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739400460}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":550,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739400460,"pkt":"REREREREZmZmZmZmCABFAABQPTgAuX4RBDoKAAABucF\/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":550,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739400460}
00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":2,"flow_last_seen":946739400518,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":946739400518,"pkt":"ZmZmZmZmRERERERECABFAADQoahAADYRqAK5wX\/0CgAAAQG73pwAvLKe\/I+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANT+QyCeqOpvY3ek9vOTVGrWy3oc27D9SS491oCJRe7RQWKb3q0aPb33Ziq0RP9PPCzRMBy1lW3l6rz74jWgmwszJtIbCS+4i64Fme9c0vB4hxz+sKp41i8d9KRbhVFMbjMm0hsJL7iLAAAAAV9TV8BfVKlA"}
00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":2,"flow_last_seen":946739400519,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":946739400519,"pkt":"ZmZmZmZmRERERERECABFAADQoapAADYRqAC5wX\/0CgAAAQG759oAvKli\/I2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANT+QyCeqOpvY3ek9vOTVGrWy3oc27D9SS491oCJRe7RQWKb3q0aPb33Ziq0RP9PPCzRMBy1lW3l6rz74jWgmwszJtIbCS+4i64Fme9c0vB4hxz+sKp41i8d9KRbhVFMbjMm0hsJL7iLAAAAAV9TV8BfVKlA"}
00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":2,"flow_last_seen":946739400519,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":946739400519,"pkt":"ZmZmZmZmRERERERECABFAADQoalAADYRqAG5wX\/0CgAAAQG7w44AvM2w\/IuBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANT+QyCeqOpvY3ek9vOTVGrWy3oc27D9SS491oCJRe7RQWKb3q0aPb33Ziq0RP9PPCzRMBy1lW3l6rz74jWgmwszJtIbCS+4i64Fme9c0vB4hxz+sKp41i8d9KRbhVFMbjMm0hsJL7iLAAAAAV9TV8BfVKlA"}
@@ -1126,18 +1126,18 @@
00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_last_seen":946739400522,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAAIcaQtAAH4RLt4KAAABTUJU6cJEAbsCCGUBspwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00798{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":560,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739400522}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":560,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAABQaQoAuX4Rb\/IKAAABTUJU6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":560,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739400522}
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_last_seen":946739400522,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAAXcaQwgAH4RSx0KAAABTUJU6cZFAbsGBGDUspsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":562,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739400522}
00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":562,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAABQaQwAuX4Rb\/AKAAABTUJU6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":562,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739400522}
00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_last_seen":946739400522,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAAXcaQ0gAH4RSxwKAAABTUJU6d8VAbsGBEgCsp0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400522,"flow_last_seen":946739400522,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739400522,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":564,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739400522}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":564,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739400522,"pkt":"REREREREZmZmZmZmCABFAABQaQ0AuX4Rb+8KAAABTUJU6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":564,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739400522}
00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":2,"flow_last_seen":946739400522,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":946739400522,"pkt":"ZmZmZmZmRERERERECABFAADQoa1AADYRp\/25wX\/0CgAAAQG7tOoAvNxR\/I6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANT+QyCeqOpvY3ek9vOTVGrWy3oc27D9SS491oCJRe7RQWKb3q0aPb33Ziq0RP9PPCzRMBy1lW3l6rz74jWgmwszJtIbCS+4i64Fme9c0vB4hxz+sKp41i8d9KRbhVFMbjMm0hsJL7iLAAAAAV9TV8BfVKlA"}
00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":2,"flow_last_seen":946739400550,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":946739400550,"pkt":"ZmZmZmZmRERERERECABFAADcDmgAADYREsJNQlTpCgAAAQG7tDwAyK7NspqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAAHTELXM+13EPB+IE+zJ9PQOXdJ7IKBJfAx72Wd7gihP8hRGtsF77cDm0yhz652JqAFc0tI+h6KATFWPKnD7HPQCiR1MNmirJFbpEf5fuBV5xkfCiHCm163IIgp4yvCcsa6NHUw2aKskVX1OfeV9Tn3lfVPD5"}
00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":2,"flow_last_seen":946739400550,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":946739400550,"pkt":"ZmZmZmZmRERERERECABFAADcDmcAADYREsNNQlTpCgAAAQG7waAAyKFlsp6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAAHTELXM+13EPB+IE+zJ9PQOXdJ7IKBJfAx72Wd7gihP8hRGtsF77cDm0yhz652JqAFc0tI+h6KATFWPKnD7HPQCiR1MNmirJFbpEf5fuBV5xkfCiHCm163IIgp4yvCcsa6NHUw2aKskVX1OfeV9Tn3lfVPD5"}
@@ -1160,15 +1160,15 @@
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_last_seen":946739402188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAAXc1vUgAH4RHSMKAAABF29KzYToAbsGBA8bS8IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":577,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739402188}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":577,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAABQ1vYAuX4RQfUKAAABF29KzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":577,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739402188}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":578,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739402188}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":578,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAABQ1vUAuX4RQfYKAAABF29KzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":578,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739402188}
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":946739402188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAAXc1vcgAH4RHSEKAAABF29KzerRAbsGBKkvS8QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402188,"flow_last_seen":946739402188,"flow_idle_time":180000,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"thread_ts_msec":946739402188,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00225{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":580,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739402188}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":580,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":946739402188,"pkt":"REREREREZmZmZmZmCABFAABQ1vcAuX4RQfQKAAABF29KzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":580,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":946739402188}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":2,"flow_last_seen":946739402352,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739402352,"pkt":"ZmZmZmZmRERERERECABFAADUpqhAADURe3gXb0rNCgAAAQG76MMAwNUkS8OBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADFMi1FdTWI6xs9AIHJqo\/A+wDfjlj3WkVYnoIQAvOP3ISfoMelOBqvsYElaECIkBkM1KRmWo7IwtwzQE5GK6ICxIfEdneiwuXVbSuJIibtWiAHFQr52HeEOQNDYtX2pkLEh8R2d6LC5QAAAAFfU1VGX1Smxg=="}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":2,"flow_last_seen":946739402354,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739402354,"pkt":"ZmZmZmZmRERERERECABFAADUpqpAADURe3YXb0rNCgAAAQG7rvkAwA7rS8eBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADFMi1FdTWI6xs9AIHJqo\/A+wDfjlj3WkVYnoIQAvOP3ISfoMelOBqvsYElaECIkBkM1KRmWo7IwtwzQE5GK6ICxIfEdneiwuXVbSuJIibtWiAHFQr52HeEOQNDYtX2pkLEh8R2d6LC5QAAAAFfU1VGX1Smxg=="}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":2,"flow_last_seen":946739402354,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946739402354,"pkt":"ZmZmZmZmRERERERECABFAADUpqtAADURe3UXb0rNCgAAAQG7zzUAwO6vS8aBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADFMi1FdTWI6xs9AIHJqo\/A+wDfjlj3WkVYnoIQAvOP3ISfoMelOBqvsYElaECIkBkM1KRmWo7IwtwzQE5GK6ICxIfEdneiwuXVbSuJIibtWiAHFQr52HeEOQNDYtX2pkLEh8R2d6LC5QAAAAFfU1VGX1Smxg=="}

316
test/results/dos_win98_smb_netbeui.pcap.out
View File

@@ -1,21 +1,21 @@
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00479{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1576409796586}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409796586}
00354{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACQAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAw=="}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409796586}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409796586}
00354{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgAA=="}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409796586}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409796586}
00354{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAABwAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAA=="}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409796586}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409796605}
00354{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACgAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgIA=="}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409796605}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409797075}
00354{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACQAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAw=="}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409797075}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":6,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409797075}
00354{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgAA=="}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":6,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409797075}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":7,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409797075}
00354{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAABwAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAA=="}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":7,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409797075}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409797101}
00354{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACgAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgIA=="}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409797101}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409797553,"flow_last_seen":1576409797553,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409797553,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1576409797553,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409797553,"pkt":"AFBW6YlWAFBWM3ieCABFAABgBwAAAIAR07fAqO+BwKjvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409797553,"flow_last_seen":1576409797553,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409797553,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
@@ -24,316 +24,316 @@
00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1576409798047,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1576409798047,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":8,"thread_ts_msec":1576409798047,"pkt":"AQBeAAACAFBWM3ieCABFAAAcCwAAAIABn7TAqO+B4AAAAgoA9f8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1576409798047,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409798642}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409798047,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409798642}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409799428}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409799059,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409799428}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409800348}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409799059,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409800348}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409800543,"flow_last_seen":1576409800543,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409800543,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1576409800543,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409800543,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEAAAAIARybrAqO+BwKjv\/wCJAIkATAq6AAQpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409800543,"flow_last_seen":1576409800543,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409800543,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1576409800544,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409800544,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEQAAAIARyLrAqO+BwKjv\/wCJAIkATHuvAAIpEAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1576409800544,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409800544,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEgAAAIARx7rAqO+BwKjv\/wCJAIkATA22AAgpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_msec":1576409802223}
00525{"packet_event_id":1,"packet_event_name":"packet","packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"thread_ts_msec":1576409802083,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_msec":1576409802223}
00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409807597,"flow_last_seen":1576409807597,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1576409807597,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1576409807597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576409807597,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADlJAAAAIARtTXAqO+BwKjv\/wCKAIoA0Qn+EQIADMCo74EAigC7AAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"}
00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409807597,"flow_last_seen":1576409807597,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1576409807597,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409811132}
00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409811132}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409811517}
00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409811517}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":45,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409811901}
00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":45,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":45,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409811901}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":46,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409812669}
00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":46,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":46,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409812669}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":47,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409813829}
00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":47,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":47,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409813829}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":48,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409815308}
00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":48,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":48,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409815308}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":49,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409817241}
00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":49,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":49,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409817241}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409819547}
00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409819547}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":51,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409822253}
00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":51,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409822253}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":52,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409825334}
00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":52,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":52,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409825334}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":53,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409828857}
00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":53,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":53,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409828857}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":54,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409832716}
00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":54,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":54,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409832716}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":55,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409836953}
00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":55,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409836953}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":56,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409844797}
00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":56,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAQAAAAAAAQACo2haC8B0A+lo+\/82xHHoVEVTVDEgICAgICAgICAgAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":56,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409844797}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":57,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409844798}
00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":57,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAgAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":57,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409844798}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":58,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409845301}
00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":58,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAAAAAAAAAgACo2haC8B0A+lo+\/82xHHoV09SS0dST1VQICAgICAgAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":58,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409845301}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":59,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409845301}
00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAQAAAAAAAQAEuP7\/UOih91uNRuQWUOhaVEVTVDEgICAgICAgICAgAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":59,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409845301}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":60,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409845853}
00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":60,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAQAAAAAAAQACo2haC8B0A+lo+\/82xHHoVEVTVDEgICAgICAgICAgAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":60,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409845853}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":61,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409845853}
00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":61,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAgAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":61,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409845853}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":62,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409846177}
00493{"packet_event_id":1,"packet_event_name":"packet","packet_id":62,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":62,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409846177}
00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1576409851581,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_msec":1576409851581,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNJQAAAIARtE3AqO+BwKjv\/wCKAIoAuRxGEQIADsCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409856181}
00493{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409856181}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":65,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_msec":1576409859028}
00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":65,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiAAQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":65,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_msec":1576409859028}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":66,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409859028}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":66,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vCgADAAAAAwBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":66,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409859028}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":67,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409859028}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":67,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAC\/w8AMsAP\/vDhcVAAMAFQBURVNUMSAgICAgICAgICAATURKUjk4ICAgICAgICAgIA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":67,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409859028}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":68,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_msec":1576409859029}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":68,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAAPw8H8sAP\/vAQAAAAAAAQACo2haC8B0A+lo+\/82xHHoVEVTVDEgICAgICAgICAg"}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":68,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_msec":1576409859029}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":69,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_msec":1576409859029}
00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":69,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAAPw8XNgDAAAAIARzrfAqO+BwKjvAgCJAIkATA7DAAgpAAABAAAAAAABIEVORUVF"}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":69,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_msec":1576409859029}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":70,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859029}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":70,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAATw8AEBAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAg"}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":70,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859029}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":71,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859029}
00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":71,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAATw8QEBDQAAAIARzbfAqO+BwKjvAgCJAIkATHy8AAIpAAABAAAAAAABIEZIRVBG"}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":71,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859029}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":72,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409859029}
00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":72,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyABLw8AAADgD\/7xmPygUVAAMAFQP\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAA"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":72,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409859029}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":73,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409859029}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":73,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieABLw8AADDgD\/7xeBvAUDABUAAxXvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVF"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":73,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409859029}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":74,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859029}
00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":74,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAATw8QEDAP\/vCgADAAAAAwBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAg"}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":74,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859029}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":75,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":160,"global_ts_msec":1576409859029}
00518{"packet_event_id":1,"packet_event_name":"packet","packet_id":75,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":174,"pkt_type":160,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":174,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAKDw8AICDgD\/7xYEAAAAAAEAFQP\/U01CcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAhAABrAAJQQyBORVRXT1JLIFBST0dSQU0gMS4wAAJNSUNST1NPRlQgTkVUV09SS1MgMy4wAAJET1MgTE0xLjJYMDAyAAJET1MgTEFOTUFOMi4xAAJXaW5kb3dzIGZvciBXb3JrZ3JvdXBzIDMuMWEA"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":75,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":160,"global_ts_msec":1576409859029}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":76,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859030}
00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAATw8QEEDwAAAIARy7fAqO+BwKjvAgCJAIkATA7DAAYpAAABAAAAAAABIEVORUVF"}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":76,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859030}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":77,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":87,"global_ts_msec":1576409859030}
00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":77,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":101,"pkt_type":87,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":101,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAFfw8AIEDgD\/7xYMAAABACgAAxX\/U01CcgAAAACAAAAAAAAAAAAAAAAAAAAAAAAyAAAhAA0EAAIAaAsCAAEAAwAVBQOAsmSPT8T\/AAAAAAgAFQUDgAEb9l0="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":77,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":87,"global_ts_msec":1576409859030}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":78,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859030}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":78,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAATw8QEEAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAg"}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":78,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859030}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":79,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":141,"global_ts_msec":1576409859030}
00496{"packet_event_id":1,"packet_event_name":"packet","packet_id":79,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":155,"pkt_type":141,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":155,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAI3w8AQEDgD\/7xYMAAAoAAIAFQP\/U01CcwAAAAAQAAAAAAAAAAAAAAAAAAAAAAAyAQAhAAp1AEcAPgYCAAAAFQUDgAEAAAAAABAAAE1BUlRJTiBST1NFTkFVAAT\/AAAAAAAYACkANLVcqnsYd8yVvD05\/JKBnmi3H4Zsvi3FXFxNREpSOThcVEVTVABBOgA="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":79,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":141,"global_ts_msec":1576409859030}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":80,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859030}
00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":80,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAATw8QEGAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAg"}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":80,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859030}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":81,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":69,"global_ts_msec":1576409859030}
00396{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":83,"pkt_type":69,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":83,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAEXw8AQGDgD\/7xYMAAACACgAAxX\/U01CcwAAAACQAAAAAAAAAAAAAAAAAAAAyAAyAAAhAAN1ACkAAAAAAAL\/AAAAAwBBOgA="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":81,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":69,"global_ts_msec":1576409859030}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":82,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859030}
00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":82,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAATw8QEGAP\/vCgADAAAAAwBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAg"}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":82,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859030}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":83,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409859030}
00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAD7w8AYGDgD\/7xYMAAAoAAMAFQP\/U01CKwAAAAAAAAAAAAAAAAAAAAAAAAAAyAAyAABhAAEBAAcABEhlbGxvAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":83,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409859030}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":84,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859030}
00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAATw8QEIEQAAAIARyLrAqO+BwKjv\/wCJAIkATHuvAAIpEAABAAAAAAABIEZIRVBG"}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":84,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859030}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":85,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409859030}
00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAD7w8AYIDgD\/7xYMAAADACgAAxX\/U01CKwAAAACAAAAAAAAAAAAAAAAAAAAAyAAyAABhAAEBAAcABEhlbGxvAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":85,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409859030}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":86,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859031}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":86,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAATw8QEIAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAg"}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":86,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859031}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":87,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409859141}
00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyABLw8AgJDgD\/7xQAAAAoAAAAFQP\/U01CcwAAAAAQAAAAAAAAAAAAAAAAAAAAAAAy"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":87,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409859141}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":88,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859141}
00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":88,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAATw8QELEwAAAIARxrrAqO+BwKjv\/wCJAIkATA22AAYpEAABAAAAAAABIEVORUVF"}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":88,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859141}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":89,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_msec":1576409859529}
00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":89,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":89,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_msec":1576409859529}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":90,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_msec":1576409860077}
00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":90,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":90,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_msec":1576409860077}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":91,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_msec":1576409860625}
00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":91,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_msec":1576409860625}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":92,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_msec":1576409861175}
00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":92,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_msec":1576409861175}
00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1576409861597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_msec":1576409861597,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNJgAAAIARs03AqO+BwKjv\/wCKAIoAuRxEEQIAEMCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":94,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_msec":1576409862195}
00525{"packet_event_id":1,"packet_event_name":"packet","packet_id":94,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"thread_ts_msec":1576409861597,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQRg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBBABUEVaoA"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":94,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_msec":1576409862195}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409866206}
00493{"packet_event_id":1,"packet_event_name":"packet","packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_msec":1576409861597,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409866206}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":97,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_msec":1576409868734}
00407{"packet_event_id":1,"packet_event_name":"packet","packet_id":97,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AFBWM3ieAAwp1HmyAEvw8AoIDgD\/7xYEAAAAAAQAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAAIUAAgAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":97,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_msec":1576409868734}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":98,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409868734}
00375{"packet_event_id":1,"packet_event_name":"packet","packet_id":98,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AAwp1HmyAFBWM3ieADXw8AgMDgD\/7xYMAAAEACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAACBAAAAAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":98,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409868734}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":99,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409868736}
00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":99,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AFBWM3ieAAwp1HmyAD7w8AwKDgD\/7xYMAAAoAAUAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAChAAIUAAAABQAEAAUAAA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":99,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409868736}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":100,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409868736}
00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":100,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AAwp1HmyAFBWM3ieADXw8AoODgD\/7xYMAAAFACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAAChAAAAAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":100,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409868736}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":101,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_msec":1576409868736}
00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":101,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AFBWM3ieAAwp1HmyAEvw8A4MDgD\/7xYMAAAoAAYAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADBAAIUABYAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":101,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_msec":1576409868736}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":102,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":144,"global_ts_msec":1576409868736}
00507{"packet_event_id":1,"packet_event_name":"packet","packet_id":102,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":158,"pkt_type":144,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":158,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AAwp1HmyAFBWM3ieAJDw8AwQDgD\/7xYMAAAGACgAAxX\/U01CgQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAADBAAECAFkABVYAgz8\/Pz8\/Pz8\/Pz8\/FgAAAQAAAAAAECpjj08AAAAALgAgICAgICAAAAAAAIM\/Pz8\/Pz8\/Pz8\/PxYBAAEAAAAAABAqY49PAAAAAC4uACAgICAgAAAAAAA="}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":102,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":144,"global_ts_msec":1576409868736}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":103,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_msec":1576409868739}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":103,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AFBWM3ieAAwp1HmyAFPw8BAODgD\/7xYMAAAoAAcAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADhAAIUAAAAGgAEAAUVAIM\/Pz8\/Pz8\/Pz8\/PxYBAAEAgwAAAQ=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":103,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_msec":1576409868739}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":104,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409868740}
00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":104,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AAwp1HmyAFBWM3ieADXw8A4SDgD\/7xYMAAAHACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAADhAAAAAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":104,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409868740}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":105,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409868742}
00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":105,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AFBWM3ieAAwp1HmyADXw8BIQDgD\/7xYMAAAoAAgAFQP\/U01CgAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAABAQAAAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":105,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409868742}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":106,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":63,"global_ts_msec":1576409868742}
00390{"packet_event_id":1,"packet_event_name":"packet","packet_id":106,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":77,"pkt_type":63,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":77,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AAwp1HmyAFBWM3ieAD\/w8BAUDgD\/7xYMAAAIACgAAxX\/U01CgAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAABAQVq\/wABAAJ2+AAAAAA="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":106,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":63,"global_ts_msec":1576409868742}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":107,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409868821}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":107,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AFBWM3ieAAwp1HmyABLw8BQTDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":107,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409868821}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":108,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409868821}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":108,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AAwp1HmyAFBWM3ieAATw8QEXHAAAAIARvbrAqO+BwKjv\/wCJAIkATA62AAgoEAABAAAAAAABIEVORUVF"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":108,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409868821}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":110,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":93,"global_ts_msec":1576409872653}
00432{"packet_event_id":1,"packet_event_name":"packet","packet_id":110,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":107,"pkt_type":93,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":107,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyAF3w8BYSDgD\/7xYEAAAAAAkAFQP\/U01CLQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAQ\/\/AAAABwACABYAIAAeKfZdEgAAAAAAAAAAAAAAAAAKAFxURVNULlRYVAA="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":110,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":93,"global_ts_msec":1576409872653}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":111,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_msec":1576409872653}
00418{"packet_event_id":1,"packet_event_name":"packet","packet_id":111,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieAFPw8BIYDgD\/7xYMAAAJACgAAxX\/U01CLQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAQ\/\/AAAAAAAgAB4p9l0AAAAAAgAAAAAAAgAAAAAAAAAAAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":111,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_msec":1576409872653}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":112,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":1190,"global_ts_msec":1576409872682}
01898{"packet_event_id":1,"packet_event_name":"packet","packet_id":112,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1204,"pkt_type":1190,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1204,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyBKbw8BgUDgD\/7xYMAAAoAAoAFQP\/U01CCwAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABBAQUAAGQEAAAAAGQEZwQBZAQNCiBWb2x1bWUgaW4gZHJpdmUgQyBpcyBNU0RPUyAgICAgIA0KIFZvbHVtZSBTZXJpYWwgTnVtYmVyIGlzIDQwMzEtMEZFMA0KIERpcmVjdG9yeSBvZiBDOlwNCg0KQ09NTUFORCAgQ09NICAgICAgICA1NC42NDUgMzEuMDUuOTQgICAgNjoyMg0KV0lORE9XUyAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODozNw0KV0lOQTIwICAgMzg2ICAgICAgICAgOS4zNDkgMzEuMDUuOTQgICAgNjoyMg0KVEVNUCAgICAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODowNA0KVE9PTFMgICAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODowNQ0KRE9TICAgICAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODowNQ0KQVVUT0VYRUMgTkVUICAgICAgICAgICAxNjkgMTMuMTIuMTkgICAgNjo1MA0KTk9WRUxMICAgICAgIDxESVI+ICAgICAgICAgMTQuMTIuMTkgICAyMTozOQ0KTkVUICAgICAgICAgIDxESVI+ICAgICAgICAgMDcuMTAuMTkgICAyMjoxMg0KQ09ORklHICAgV0lOICAgICAgICAgICAyNzggMDcuMTAuMTkgICAyMjoxMw0KQVVUT0VYRUMgV0lOICAgICAgICAgICAyNDEgMDcuMTAuMTkgICAyMjoxMw0KQVVUT0VYRUMgQkFUICAgICAgICAgICAxNjkgMTUuMTIuMTkgICAxMDo0NQ0KQVVUT0VYRUMgT0xEICAgICAgICAgICAyNDEgMDcuMTAuMTkgICAyMjoxMw0KQ09ORklHICAgTkVUICAgICAgICAgICAxMzQgMTMuMTIuMTkgICAgNjo1MA0KQVVUT0VYRUMgTk9WICAgICAgICAgICAzMDkgMTQuMTIuMTkgICAyMTozOQ0KQ09ORklHICAgTk9WICAgICAgICAgICAyODAgMTQuMTIuMTkgICAyMTozOQ0KQ09ORklHICAgT0xEICAgICAgICAgICAyNzggMDcuMTAuMTkgICAyMjoxMw0KTkJJSFcgICAgQ0ZHICAgICAgICAgICAzODggMTUuMTIuMTkgICAxMDoxOA0KQ09ORklHICAgMDAxICAgICAgICAgICAxMzQgMTUuMTIuMTkgICAxMDo0NQ0KQVVUT0VYRUMgMDAxICAgICAgICAgICAxNjkgMTUuMTIuMTkgICAxMDo0NQ0KQ09ORklHICAgU1lTICAgICAgICAgICAxMzQgMTUuMTIuMTkgICAxMDo0NQ0KICAgICAgIDIxIGZpbGUocykgICAgICAgICA2Ni45MTggYnl0ZXMNCiAgICAgICAgICAgICAgICAgICAgIDE1Mi44NTQuNTI4IGJ5dGVzIGZyZWUNCg=="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":112,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":1190,"global_ts_msec":1576409872682}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":113,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":55,"global_ts_msec":1576409872683}
00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":113,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":69,"pkt_type":55,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":69,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieADfw8BQaDgD\/7xYMAAAKACgAAxX\/U01CCwAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAABBAQFkBAAA"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":113,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":55,"global_ts_msec":1576409872683}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":114,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":59,"global_ts_msec":1576409872683}
00384{"packet_event_id":1,"packet_event_name":"packet","packet_id":114,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":73,"pkt_type":59,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":73,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyADvw8BoWDgD\/7xYMAAAoAAsAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABhAQMAAB4p9l0AAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":114,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":59,"global_ts_msec":1576409872683}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":115,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409872683}
00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":115,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieADXw8BYcDgD\/7xYMAAALACgAAxX\/U01CBAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAABhAQAAAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":115,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409872683}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":116,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409872793}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":116,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyABLw8BwYDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":116,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409872793}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":117,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409873117}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":117,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieAATw8QEeIQAAAIARuLrAqO+BwKjv\/wCJAIkATG2mAAopEAABAAAAAAABIEZIRVBG"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":117,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409873117}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":118,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409876181}
00494{"packet_event_id":1,"packet_event_name":"packet","packet_id":118,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":118,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409876181}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":119,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":93,"global_ts_msec":1576409876669}
00432{"packet_event_id":1,"packet_event_name":"packet","packet_id":119,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":107,"pkt_type":93,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":107,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyAF3w8B4YDgD\/7xYEAAAAAAwAFQP\/U01CLQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAQ\/\/AAAABwAAABYAAAAiKfZdAQAAAAAAAAAAAAAAAAAKAFxURVNULlRYVAA="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":119,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":93,"global_ts_msec":1576409876669}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":120,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409876669}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":120,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieAATw8QEgIwAAAIARtrrAqO+BwKjv\/wCJAIkATG6mAAooEAABAAAAAAABIEZIRVBG"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":120,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409876669}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":121,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_msec":1576409876670}
00418{"packet_event_id":1,"packet_event_name":"packet","packet_id":121,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieAFPw8BggDgD\/7xYMAAAMACgAAxX\/U01CLQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAACBAQ\/\/AAAAAQAgAB4p9l1kBAAAAAAAAAAAAQAAAAAAAAAAAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":121,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_msec":1576409876670}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":122,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":59,"global_ts_msec":1576409876703}
00388{"packet_event_id":1,"packet_event_name":"packet","packet_id":122,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":73,"pkt_type":59,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":73,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyADvw8CAaDgD\/7xYMAAAoAA0AFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAChAQMBAP\/\/\/\/8AAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":122,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":59,"global_ts_msec":1576409876703}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":123,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409876703}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":123,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieAATw8QEiAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAg"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":123,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409876703}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":124,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409876703}
00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":124,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieADXw8BoiDgD\/7xYMAAANACgAAxX\/U01CBAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAChAQAAAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":124,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409876703}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":125,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409876764}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":125,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyABLw8CIcDgD\/7xQAAAAoAAAAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":125,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409876764}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":126,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409876771}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":126,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieAATw8QEkAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAg"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":126,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409876771}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":128,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":64,"global_ts_msec":1576409882997}
00388{"packet_event_id":1,"packet_event_name":"packet","packet_id":128,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":78,"pkt_type":64,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":78,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AFBWM3ieAAwp1HmyAEDw8CQcDgD\/7xYEAAAAAA4AFQP\/U01CEAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADBAQALAARcVEVTVC5UWFQA"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":128,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":64,"global_ts_msec":1576409882997}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":129,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409882997}
00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":129,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AAwp1HmyAFBWM3ieADXw8BwmDgD\/7xYMAAAOACgAAxX\/U01CEAEAAwCAAAAAAAAAAAAAAAAAAAAAyHUFAADBAQAAAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":129,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409882997}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":130,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":66,"global_ts_msec":1576409882997}
00392{"packet_event_id":1,"packet_event_name":"packet","packet_id":130,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":80,"pkt_type":66,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":80,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AFBWM3ieAAwp1HmyAELw8CYeDgD\/7xYMAAAoAA8AFQP\/U01CBgAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADhAQEAAAsABFxURVNULlRYVAA="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":130,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":66,"global_ts_msec":1576409882997}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":131,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409882997}
00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":131,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AAwp1HmyAFBWM3ieADXw8B4oDgD\/7xYMAAAPACgAAxX\/U01CBgAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAADhAQAAAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":131,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409882997}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":132,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409883083}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":132,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AFBWM3ieAAwp1HmyABLw8CggDgD\/7xQAAAAoAAAAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":132,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409883083}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":133,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409883461}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":133,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AAwp1HmyAFBWM3ieAATw8QEqDgD\/7xeBvAUDABUAAxXvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVF"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":133,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409883461}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":134,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_msec":1576409886201}
00510{"packet_event_id":1,"packet_event_name":"packet","packet_id":134,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAAAAAAAAAAAAAAABNREpSOTgA"}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":134,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_msec":1576409886201}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":135,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_msec":1576409888477}
00510{"packet_event_id":1,"packet_event_name":"packet","packet_id":135,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":135,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_msec":1576409888477}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":136,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409888973}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":136,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AFBWM3ieAAwp1HmyABLw8CogDgD\/7x8AAAAAAAAAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":136,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409888973}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":137,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409888973}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":137,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AAwp1HmyAFBWM3ieAATw8QEsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAg"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":137,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409888973}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":138,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_msec":1576409889485}
00510{"packet_event_id":1,"packet_event_name":"packet","packet_id":138,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":138,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_msec":1576409889485}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":139,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_msec":1576409890489}
00510{"packet_event_id":1,"packet_event_name":"packet","packet_id":139,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":139,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_msec":1576409890489}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":140,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_msec":1576409891489}
00510{"packet_event_id":1,"packet_event_name":"packet","packet_id":140,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":140,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_msec":1576409891489}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":142,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409892489}
00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":142,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409891609,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":142,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409892489}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":143,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409893317}
00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":143,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409891609,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":143,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409893317}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":145,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409894273}
00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":145,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409893769,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":145,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409894273}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":147,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409895177}
00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":147,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409894785,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGABXT1JLR1JPVVAgICAgICAdAQJfX01TQlJPV1NFX18CAQ=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":147,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409895177}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":149,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409895982}
00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":149,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409895741,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGABXT1JLR1JPVVAgICAgICAdAQJfX01TQlJPV1NFX18CAQ=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":149,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409895982}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":151,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409896865}
00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":151,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409896749,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAQJfX01TQlJPV1NFX18CAQ=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":151,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409896865}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":152,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409897721}
00494{"packet_event_id":1,"packet_event_name":"packet","packet_id":152,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_msec":1576409896749,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":152,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409897721}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":153,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409897722}
00494{"packet_event_id":1,"packet_event_name":"packet","packet_id":153,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_msec":1576409896749,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAAABAl9fTVNCUk9XU0VfXwIBTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":153,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409897722}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":155,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_msec":1576409897781}
00526{"packet_event_id":1,"packet_event_name":"packet","packet_id":155,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"thread_ts_msec":1576409897749,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UADwXA1AEATURKUjk4AAAAAAAAAAAAAAQAAyBFABUEVaoA"}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":155,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_msec":1576409897781}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":60,"global_ts_msec":1576409898877}
00384{"packet_event_id":1,"packet_event_name":"packet","packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":60,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_msec":1576409897749,"pkt":"AFBWM3ieAAwp1HmyADzw8CwgDgD\/7xYEAAAAABAAFQP\/U01CAAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAABAgAHAARcVEVTVAA="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":60,"global_ts_msec":1576409898877}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":157,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409898877}
00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":157,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409897749,"pkt":"AAwp1HmyAFBWM3ieADXw8CAuDgD\/7xYMAAAQACgAAxX\/U01CAAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAABAgAAAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":157,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409898877}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":158,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409898941}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":158,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409897749,"pkt":"AFBWM3ieAAwp1HmyABLw8C4iDgD\/7xQAAAAoAAAAFQP\/U01CBgAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":158,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409898941}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":160,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409899293}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":160,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409899251,"pkt":"AAwp1HmyAFBWM3ieAATw8QEwIwAAAIARtrrAqO+BwKjv\/wCJAIkATG6mAAooEAABAAAAAAABIEZIRVBG"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":160,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409899293}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":164,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_msec":1576409903670}
00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":164,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AFBWM3ieAAwp1HmyAEvw8DAiDgD\/7xYEAAAAABEAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAgIUAAgAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":164,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_msec":1576409903670}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":165,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903670}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":165,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAATw8QEyAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAg"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":165,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903670}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":166,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409903670}
00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":166,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieADXw8CIyDgD\/7xYMAAARACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAgAAAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":166,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409903670}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":167,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409903671}
00388{"packet_event_id":1,"packet_event_name":"packet","packet_id":167,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AFBWM3ieAAwp1HmyAD7w8DIkDgD\/7xYMAAAoABIAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABBAgIUAAAABQAEAAUAAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":167,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409903671}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":168,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903671}
00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":168,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAATw8QE0DgD\/7xYMAAAOACgAAxX\/U01CEAEAAwCAAAAAAAAAAAAAAAAAAAAAyHUF"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":168,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903671}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":169,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409903671}
00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":169,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieADXw8CQ0DgD\/7xYMAAASACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAABBAgAAAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":169,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409903671}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":170,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_msec":1576409903672}
00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":170,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AFBWM3ieAAwp1HmyAEvw8DQmDgD\/7xYMAAAoABMAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABhAgIUABYAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":170,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_msec":1576409903672}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":171,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903672}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":171,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAATw8QE2DgD\/7xeBvAUDABUAAxXvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVF"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":171,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903672}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":172,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":187,"global_ts_msec":1576409903672}
00566{"packet_event_id":1,"packet_event_name":"packet","packet_id":172,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":201,"pkt_type":187,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":201,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieALvw8CY2DgD\/7xYMAAATACgAAxX\/U01CgQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAABhAgEDAIQABYEAgz8\/Pz8\/Pz8\/Pz8\/FgAAAQAAAAAAECpjj08AAAAALgAgICAgICAAAAAAAIM\/Pz8\/Pz8\/Pz8\/PxYBAAEAAAAAABAqY49PAAAAAC4uACAgICAgAAAAAACDPz8\/Pz8\/Pz8\/Pz8WAgABAAAAAAAQyWSPTwAAAABURVNUACAgIAAAAAAA"}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":172,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":187,"global_ts_msec":1576409903672}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":173,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_msec":1576409903677}
00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":173,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AFBWM3ieAAwp1HmyAFPw8DYoDgD\/7xYMAAAoABQAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAgIUAAAAGgAEAAUVAIM\/Pz8\/Pz8\/Pz8\/PxYCAAEAgwAAAQ=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":173,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_msec":1576409903677}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":174,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903677}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":174,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAATw8QE4AP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":174,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903677}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":175,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409903677}
00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":175,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieADXw8Cg4DgD\/7xYMAAAUACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAACBAgAAAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":175,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409903677}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":176,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409903679}
00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":176,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AFBWM3ieAAwp1HmyADXw8DgqDgD\/7xYMAAAoABUAFQP\/U01CgAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAChAgAAAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":176,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409903679}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":177,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903679}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":177,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAATw8QE6AP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":177,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903679}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":178,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":63,"global_ts_msec":1576409903679}
00390{"packet_event_id":1,"packet_event_name":"packet","packet_id":178,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":77,"pkt_type":63,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":77,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAD\/w8Co6DgD\/7xYMAAAVACgAAxX\/U01CgAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAChAgVq\/wABAAJ2+AAAAAA="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":178,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":63,"global_ts_msec":1576409903679}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":179,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409903737}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":179,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AFBWM3ieAAwp1HmyABLw8DosDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":179,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409903737}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":180,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903738}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":180,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAATw8QE8AP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":180,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903738}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":184,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":60,"global_ts_msec":1576409905957}
00384{"packet_event_id":1,"packet_event_name":"packet","packet_id":184,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":60,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_msec":1576409905313,"pkt":"AFBWM3ieAAwp1HmyADzw8DwsDgD\/7xYEAAAAABYAFQP\/U01CAQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADBAgAHAARcVEVTVAA="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":184,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":60,"global_ts_msec":1576409905957}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":185,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409905958}
00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":185,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409905313,"pkt":"AAwp1HmyAFBWM3ieADXw8Cw+DgD\/7xYMAAAWACgAAxX\/U01CAQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAADBAgAAAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":185,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409905958}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":186,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409906045}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":186,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409905313,"pkt":"AFBWM3ieAAwp1HmyABLw8D4uDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":186,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409906045}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":188,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409906373}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":188,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409906065,"pkt":"AAwp1HmyAFBWM3ieAATw8QFALAAAAIARrUHAqO+BwKjv\/wCKAIoAxYA7EQIAHMCo74EAigCvAAAgRU5F"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":188,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409906373}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":194,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409908865}
00388{"packet_event_id":1,"packet_event_name":"packet","packet_id":194,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyAD7w8EAuDgD\/7xYEAAAAABcAFQP\/U01CKwAAAAAAAAAAAAAAAAAAAAAAAAAAyAAyAADhAgEBAAcABEhlbGxvAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":194,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409908865}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":195,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409908865}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":195,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieAATw8QFCAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":195,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409908865}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":196,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409908865}
00388{"packet_event_id":1,"packet_event_name":"packet","packet_id":196,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieAD7w8C5CDgD\/7xYMAAAXACgAAxX\/U01CKwAAAACAAAAAAAAAAAAAAAAAAAAAyAAyAADhAgEBAAcABEhlbGxvAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":196,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409908865}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":197,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409908973}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":197,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyABLw8EIwDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":197,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409908973}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":198,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409908973}
00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":198,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieAATw8QFELwAAAIARq7fAqO+BwKjvAgCJAIkATO+bACIpAAABAAAAAAABIEZIRVBG"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":198,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409908973}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":199,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409909161}
00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":199,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieABLw8DBEDgD\/7x8AAAAAAAAAAxVLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":199,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409909161}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":200,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409909358}
00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":200,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyAATw8QEyDgD\/7xYEAAAAABYAFQP\/U01CAQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":200,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409909358}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":201,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409911828}
00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":201,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyADXw8EQyDgD\/7xYEAAAAABgAFQP\/U01CcQAAAAAAAAAAAAAAAAAAAAAAAAAAyAAyAAABAwAAAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":201,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409911828}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":202,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409911828}
00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":202,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieADXw8DJGDgD\/7xYMAAAYACgAAxX\/U01CcQAAAACAAAAAAAAAAAAAAAAAAAAAyAAyAAABAwAAAA=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":202,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409911828}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":203,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409911828}
00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":203,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyAATw8QE0DgD\/7xYEAAAAABcAFQP\/U01CKwAAAAAAAAAAAAAAAAAAAAAAAAAAyAAy"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":203,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409911828}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":204,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409911828}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":204,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyABLw8EY0DgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":204,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409911828}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":205,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409911828}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":205,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyABLw8Eg1DgD\/7xgAAAAAAAAAFQP\/U01CAQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":205,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409911828}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":206,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409911829}
00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":206,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieAATw8QFLMAAAAIARqrfAqO+BwKjvAgCJAIkATO+bACIpAAABAAAAAAABIEZIRVBG"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":206,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409911829}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":207,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_msec":1576409911829}
00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":207,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyAAPw8FMyDgD\/7xYEAAAAABgAFQP\/U01CcQAAAAAAAAAAAAAAAAAAAAAAAAAAyAAy"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":207,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_msec":1576409911829}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":208,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_msec":1576409911829}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":208,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieAAPw8XMwIwAAAIARtrrAqO+BwKjv\/wCJAIkATG6mAAooEAABAAAAAAABIEZIRVBG"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":208,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_msec":1576409911829}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":209,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":172,"global_ts_msec":1576409912777}
00534{"packet_event_id":1,"packet_event_name":"packet","packet_id":209,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":186,"pkt_type":172,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":186,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AwAAAAABAFBWM3ieAKzw8AMsAP\/vCAAAAAAAAAABAl9fTVNCUk9XU0VfXwIBTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAJwAAAAAAAAAAAAAAAAAAAAAAAAAnAFYAAwABAAEAAgA4AFxNQUlMU0xPVFxCUk9XU0UADADA1AEAV09SS0dST1VQAAAAAAAAAAQAACBAgAAAAABNREpSOTgA"}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":209,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":172,"global_ts_msec":1576409912777}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":212,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409925058}
00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":212,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409925057,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQBXT1JLR1JPVVAgICAgICAdTUFSVElOIFJPU0VOQVUgAw=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":212,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409925058}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":213,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409925661}
00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":213,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409925057,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQBXT1JLR1JPVVAgICAgICAeTUFSVElOIFJPU0VOQVUgAw=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":213,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409925661}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409926307}
00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409925057,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQAAAAAAAAAAAAAAAAAAAAAATUFSVElOIFJPU0VOQVUgAw=="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409926307}
00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1576409800543,"flow_last_seen":1576409931837,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1576409797553,"flow_last_seen":1576409928060,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}

188
test/results/fuzz-2006-06-26-2594.pcap.out
View File

@@ -23,8 +23,8 @@
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469556827,"flow_last_seen":1120469556827,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469556827,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1120469556827,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469556827,"pkt":"ADBUADRWAODtAW69CABFAABIaZMAAIARTb7AqAFuwKgBAQqZADUANN1ZTNIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5JXMAJXMAAAE="}
00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469556827,"flow_last_seen":1120469556827,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469556827,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":9587,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":12,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":27904,"global_ts_msec":1120469558830}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":27904,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469556827,"pkt":"ADBUADRWAODtAW69bQBFAABIaZQAAIARTb3QqAECwKgBAQqZADUANN1ZTNIBAAABAAAAAAAABF9zaXAMX3VkcINzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":12,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":27904,"global_ts_msec":1120469558830}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469560833,"flow_last_seen":1120469560833,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469560833,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2597,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1120469560833,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469560833,"pkt":"ADBUADRWAODtAW69CABFAABIaZUAAIARTbzAqAECwKgBAQolcwAANN9ZTE4BAAABACVzAAAABF9zaXAEX1VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1120469564839,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469564839,"pkt":"ADBUADRWAODtAW69CABFAABIaZYAAIARTbvAqAECwKgBAQqZADUANN1ZTNIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
@@ -45,20 +45,20 @@
00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469573246,"flow_last_seen":1120469573246,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469573246,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":32,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1120469574242,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469574242,"pkt":"ADBUADRWAODtAW69CABFAABIaZoAAIARTbfAqAECwKgBAQqbADUANPFWONMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469573246,"flow_last_seen":1120469574242,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469574242,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":23,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120469576245}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":23,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469574242,"pkt":"ADCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":23,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120469576245}
00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1120469578248,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469578248,"pkt":"ADBUADRWAODtAW69CABFAABIaZwAAIARTbXAqAECwKgBAQqbADUANPFWONMBAAABAAAAAABJBF9zaXAEX3VkcANzaXAJY3liZXLyaXR5AmRrAAAhAAE="}
00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469573246,"flow_last_seen":1120469578248,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469578248,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyber?ity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":25,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120469582254}
00398{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469578248,"pkt":"ADBUADRWAODtAW69CABFAAB2aZ0AAIARTbTAqAECwKgBAQqbADUANPFWONMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5TWRrAAAhAAE="}
00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":25,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120469582254}
00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1120469589080,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469589080,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOaZ4AAIARTK\/AqAECwKgB\/wCJAIkAOluxhOoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590256,"flow_last_seen":1120469590256,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469590256,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1120469590256,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120469590256,"pkt":"ADBUADRWAODtAW69CABFAABEaaAAAIARTbXAqAECwKgBAQqcADUAMHpPqtMAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590256,"flow_last_seen":1120469590256,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469590256,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590257,"flow_last_seen":1120469590257,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1120469590257,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":9587,"dst_port":156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1120469590257,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":65,"thread_ts_msec":1120469590257,"pkt":"AODtAW69ADBUADRWCABFAABVAABAAEARtz7AqAEBwKgBAiVzAJwAx1zLqtOAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":30,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":10240,"global_ts_msec":1120469590259}
01249{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":722,"pkt_type":10240,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":722,"pkt_l4_len":0,"thread_ts_msec":1120469590257,"pkt":"ADBUADRWAODtAW69KABFAALEaaEAAIARFsjAqAEC1PIhIxPEE8QCsIioUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhVyBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFsY2g9ejloRzRiS25wMTQ5NTA1MTc4LTQzOGM1MjhiMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPThlOTQ4YjANClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4PjEuMjo1MDYwO2xpbmU8OWM3ZDJkYmQ4ODIyMDHhYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY5IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KQXV0aG9yaXphdGlvbjogRGlnZXMlcwBzZXJuYW1lPSJ2b2mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":30,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":10240,"global_ts_msec":1120469590259}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590405,"flow_last_seen":1120469590405,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":0,"thread_ts_msec":1120469590405,"l3_proto":"ip4","src_ip":"208.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1120469590405,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":348,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":348,"pkt_l4_len":314,"thread_ts_msec":1120469590405,"pkt":"AODtAW69ADBUADRWCABFAAFOAABAADcRit\/Q8iEjwKgBAhPEE8QBOln2U0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDQ2VxOiA2OSBSRUdJU1RFUg0KRnJvbTogPHNpcEZ2b2kxODA2M0DzaXAuY3liZXJjaXR5LmRrPjt0YWc9OGU5NDhiMA0KVG86IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz4NClacYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7cmVjZWl2ZWQ9ODAuMjMwLjIxOS43MDtycG9ydD01MDYwO2JyYW5jaD16OWhHNGJLbnAxNDk1MDUxNzhTNDM4YzUyOGIxOTIuMTY4LjEuMg0KQ29udGVudC1MZW5ndGg6IDANCg0K"}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590405,"flow_last_seen":1120469590405,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":0,"thread_ts_msec":1120469590405,"l3_proto":"ip4","src_ip":"208.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
@@ -85,28 +85,28 @@
00887{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469633828,"flow_last_seen":1120469634840,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1120469634840,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"147.234.1.253"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469634878,"flow_last_seen":1120469634878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469634878,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1120469634878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469634878,"pkt":"ADBUAHNWAODtAW69CABFAAAwaaxAAIAGOYrAqAECk+oB\/QqgABWvnVkPAABkAHACQABuKwAAAgQFtAEBBAI="}
00195{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":45,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120469634896}
00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":45,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":62,"pkt_l4_len":0,"thread_ts_msec":1120469634878,"pkt":"AODtAW69ADBUADRWCABVAAAweP9AADkGcTeT6gH9wKgBAgAVCqDlH5UEr53DEHASYzbQ8AAAAQEEAgIEBYM="}
00195{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":45,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120469634896}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":46,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1120469634896}
00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":46,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1120469634878,"pkt":"ADBUADRWAODtAW69CABFAAAoaa1eAIAGOZHAqAECk+oB\/QqgABWvncMQ5R+VBVAQQiQelgAA"}
00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":46,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1120469634896}
00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1120469634993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1120469634993,"pkt":"AODtAW4UADBUADRWCABFEABeeQBAADkGcPiT6gH9wKgBAgAVCqDlH5UFr53DEFAYYzaF6QAAMjIwIFByb0ZUUEQgU2VydmVyIEluIEVDSSBUZWxlY29tIChudHAsZWNpdGVsZS5jQ20pIA0K"}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1120469634993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1120469634993,"pkt":"ADBUADRWAODtAW69CABFAAA4aa5AAIAGOYDAqAECk+oB\/QqgABWvncNQ5R+VO1AYQe6WoQAAnlNFUiBhbm9ueW1vdXMNCg=="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120469635010,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1120469635010,"pkt":"AOBzAW69ADBUADRWCABFEAB0eQJAADkGcOCT6gH9wKkBAgAVCqDlH5U7r53DIFAYYzZecwAAMzMxIEFub255bW91cyBsb2dpbiBvaywgc2VuZCB5b3VyIGNvbXBsZXRlIGVtYWlsIGFkZHJlc3Mg4XMgeW91ciBwYXNzd29yZC4NCg=="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635012,"flow_last_seen":1120469635012,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1120469635012,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2679,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1120469635012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1120469635012,"pkt":"ADBUACRWAODtAW69CABFAAA0aa9AAIAGOYPAqAECk+oB\/Qp3ABWvncMg5R+Vb1AYQaK71QAAUEFTUyBkMHhhIQ0K"}
00195{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":55,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120469635042}
00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1120469635042,"pkt":"ADBUADRWAODtAW69CAAGAAAoabBAAIAGOY7AqAECk+oB\/QqgABWvncMs5R+VqVAQQYAeegAA"}
00195{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":55,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120469635042}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635042,"flow_last_seen":1120469635042,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120469635042,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1120469635042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635042,"pkt":"AODtAW69ADBUBDRWCABFEAAreQZAADkGcSWT6gH9wAIBAgAVCqDlH5Wpr53DLFAYYzbSqwAAIA0KAAAA"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635043,"flow_last_seen":1120469635043,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1120469635043,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.66","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1120469635043,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1120469635043,"pkt":"AODtAW69ADBUADRWCABFEABDeQdAADkGcQyT6gH9wKgBQgAVCqDlH5Wsr53DLFAYYzYWCgAAIC9wdWIJCS0+IFB1YmxpYyBGb2xkZXIuIA0K"}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":62,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":53,"global_ts_msec":1120469635044}
00398{"packet_event_id":1,"packet_event_name":"packet","packet_id":62,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":87,"pkt_l4_len":0,"thread_ts_msec":1120469635044,"pkt":"AODtAW69ADBUADRWCABFJXMAeQpAADkGcQOT6gH9wKgBAgB4CqDlH5YGr53DLFAYY3bTEAAAIC9pbmNvbWluZwktJXMAbmNvbWluZyBGb2xkZXIuIA0K"}
00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":62,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":53,"global_ts_msec":1120469635044}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635045,"flow_last_seen":1120469635045,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1120469635045,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1120469635045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1120469635045,"pkt":"AODtAW69ADBUADRWCABFEABjeQtAADkGcOiT6gGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":65,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":53,"global_ts_msec":1120469635045}
00398{"packet_event_id":1,"packet_event_name":"packet","packet_id":65,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":87,"pkt_l4_len":0,"thread_ts_msec":1120469635045,"pkt":"AODtAW69ADBUJXMACABFEBBJeQxAADkGcQGT6gH5wKgBAggVCqDlH5Zir53DLFAYYzaAtgAAIC9vdXRnb2luZwktPiBvdXRnb2luZyBGb2xkZXIuIA0K"}
00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":65,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":53,"global_ts_msec":1120469635045}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635046,"flow_last_seen":1120469635046,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120469635046,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2208,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1120469635046,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635046,"pkt":"AKrtAW69ADBUADRWCABFEAAreQ5AADkGcR2T6gH9wKgBAgAVCKDlH5a+r53DLFgYYzbRlgAAIFUKAAAA"}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635048,"flow_last_seen":1120469635048,"flow_idle_time":7440000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":1,"thread_ts_msec":1120469635048,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -115,32 +115,32 @@
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1120469635049,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635049,"pkt":"AODtAW69ADBUADRWCABFEAAreRJAADkGcRmT6gH9wKgBAgQVCqDlH5cvr53DLFAYYzbRJQAAIA0KAAAA"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635052,"flow_last_seen":1120469635052,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1120469635052,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1120469635052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1120469635052,"pkt":"AODtAW69ADBUADRWCABFEABReRRAADkGcPGT6gH9wKhBAgAVCqDlH5dFr53DLFAYYzYwqgAAMjMwIEd1ZXN0IGFjY2VzcyBncmFudGVkIGZvciBhbm9ueW1vdSVzAAo="}
00195{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":78,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120469635053}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":78,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":62,"pkt_l4_len":0,"thread_ts_msec":1120469635052,"pkt":"ADBUADRWAODtAW69CADFAAAwabhAAIAGOX7AqAECk+oB\/QqgABWvncMs5R+XblAYP7tMeAAAVFlQRSBJDQo="}
00195{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":78,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120469635053}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635105,"flow_last_seen":1120469635105,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120469635105,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"84.168.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1120469635105,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1120469635105,"pkt":"AODtAW69ADBUADRWCABFEAA7eRVAADkGcQaT6gH9VKgBAgAVCqDlH5dur53DNFAYYzYlcwAAMjAwIFR5cGUgc2V0IHRvIEkNCg=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635106,"flow_last_seen":1120469635106,"flow_idle_time":7440000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1120469635106,"l3_proto":"ip4","src_ip":"192.112.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1120469635106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1120469635106,"pkt":"ADBUADRWAODtAW69CABFAAAuablAAIAGOX\/AcAECk+oB\/QqgABWvncM05R+XgVAYP6htwgAAUEFTVg0K"}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":81,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":72,"global_ts_msec":1120469635127}
00428{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1120469635106,"pkt":"AODtAW69ADBUADRWCABFqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":81,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":72,"global_ts_msec":1120469635127}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635128,"flow_last_seen":1120469635128,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120469635128,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.117.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1120469635128,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1120469635128,"pkt":"ADBUADRWAODtAW6zCABFAAA7aU1AAIAGOXHAqAECk3UB\/QqgABWvHcM65R+X+lAYP3SxkwAAUkVUUiBTaXRlJXMAdC54bWwNCg=="}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":83,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":28,"global_ts_msec":1120469635129}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":62,"pkt_l4_len":0,"thread_ts_msec":1120469635128,"pkt":"ADBUADRWAODtAW69CABFAAB6abtAAIAGOXvAqAEGk+oB\/Qqh5ncb6piKAAAAAHACQABGAAAAAgQFtAkBBAI="}
00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":83,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":28,"global_ts_msec":1120469635129}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":84,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120469635147}
00415{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":99,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":99,"pkt_l4_len":0,"thread_ts_msec":1120469635128,"pkt":"qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":84,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120469635147}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635152,"flow_last_seen":1120469635152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469635152,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1120469635152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469635152,"pkt":"AODtAW69ADBUADRWCABFAAAweRhAADkGcR4lcwD9wKgBAuZ3CqHlIbocG+qYi3ASYzaDqwAAAQEEAgIEBYM="}
00217{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","datalink":1,"packet_id":86,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","size":54,"expected":62,"global_ts_msec":1120469635152}
00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":86,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":42,"pkt_len":54,"pkt_l4_len":12,"thread_ts_msec":1120469635152,"pkt":"ADBUADRWAODtAW69CABHAAAoabxAAIAGOYLAqAECk+oB\/Qqh5ncb6piL5SG6HVAQQiTRUAAA"}
00217{"basic_event_id":13,"basic_event_name":"TCP packet smaller than expected","datalink":1,"packet_id":86,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","size":54,"expected":62,"global_ts_msec":1120469635152}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635153,"flow_last_seen":1120469635153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635153,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1120469635153,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1120469635153,"pkt":"ADBUADRWAODtAW69CABFAAAoab1AAIAGOYHAqAECk+oB\/Qqh5ncb6piL5SG6HVARQiTRTwAA"}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635173,"flow_last_seen":1120469635173,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635173,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.232.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1120469635173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1120469635173,"pkt":"AODtAW69ADBUADRWCABFAAAoeRlAADkGcSWT6gH9wOgBAuZ3CqHlIbodG+qYjFAQYzawPQAAAAAAAAAA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635179,"flow_last_seen":1120469635179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635179,"l3_proto":"ip4","src_ip":"37.115.0.2","dst_ip":"147.234.1.253","src_port":2639,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1120469635179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1120469635179,"pkt":"ADBUADRWAODtAW69CABFAAAoacBAAIAGOX4lcwACk+oB\/QpPABWvncNU5R+X8VAQPzkeUQAA"}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":97,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120469638585}
00414{"packet_event_id":1,"packet_event_name":"packet","packet_id":97,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120469637833,"pkt":"\/\/\/\/\/7\/\/AODtAW69CABFAABeacMAAIARTIrAqAECwKgB\/wCJAIkAOluqhPEBEAABAAAAAAB0IEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":97,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120469638585}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469663172,"flow_last_seen":1120469663172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.136.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1120469663172,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469663172,"pkt":"ADBUADRWAODtAW69CABFAABIacgAAIARTYnAqAECwIgBAQqiADUANGxNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469663172,"flow_last_seen":1120469663172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.136.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -149,8 +149,8 @@
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469664171,"flow_last_seen":1120469664171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469664171,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1120469666174,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469666174,"pkt":"ADBUADRWAODtAW69CABFAABIacoAAIARpYfAqAECwKgBAQqiADUANFpNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1120469668178,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469668178,"pkt":"ADBUADRWAODtAW69CABFAABIacsAAIARTYbAqAECwKgBAQqiADUANGxNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhADA="}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":104,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120469672183}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":104,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469668178,"pkt":"ADBUADRWAODtAW7bCABFABFIacwAAIARTYXAqAECwKgBAQqiADUANGxNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":104,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120469672183}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469664171,"flow_last_seen":1120469680185,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1120469680185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469680186,"flow_last_seen":1120469680186,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469680186,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1120469680186,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120469680186,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CqMAR8XBQdaAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRzBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
@@ -174,13 +174,13 @@
00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697460,"flow_last_seen":1120469697460,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469697460,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1120469697462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120469697462,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CqUAR8a+QNeAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAxWAQAAJxAACwlsb2NhbGhvc3QA"}
00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":118,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469697460,"flow_last_seen":1120469697462,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120469697462,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":119,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42,"global_ts_msec":1120469697466}
00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":119,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1120469697462,"pkt":"ADBUADRWAODtAW69CABFAAA+adiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":119,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42,"global_ts_msec":1120469697466}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697468,"flow_last_seen":1120469697468,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469697468,"l3_proto":"ip4","src_ip":"192.168.1.46","dst_ip":"192.168.1.2","src_port":53,"dst_port":2726,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1120469697468,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469697468,"pkt":"AODtAW69ADBUADRWCABFAABOAABAAEARt0vAqAEuwKgBAgA1CqYAOqrT7deBAAABAAEAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAcAMAAEAAQAAJxAABNTyISM="}
00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697468,"flow_last_seen":1120469697468,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469697468,"l3_proto":"ip4","src_ip":"192.168.1.46","dst_ip":"192.168.1.2","src_port":53,"dst_port":2726,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":1,"rsp_addr":"212.242.33.35"}}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":122,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":499,"global_ts_msec":1120469697621}
00997{"packet_event_id":1,"packet_event_name":"packet","packet_id":122,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":533,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":533,"pkt_l4_len":0,"thread_ts_msec":1120469697469,"pkt":"AODtAW69ADBUADRWCABFAAIHAAD6ADcRiibU8iEjwKgBAhPEE8QB877qU0lQLzIuMCA0MDEgbm9uY2UgaGFzIGNoYW5nZWQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDcxIFJFR0lTVEVSDQpGcm9tOiA8c2lwNXZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz04fTVhMDBkDQpUbzIgPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwODktMTcwMWIwNjctMzIwYWQyZGEzDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNjguMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTluNzA7cnBvZnQ9NTA2MDticmFuY2g9ejloRzRiS25wMTM4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":122,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":499,"global_ts_msec":1120469697621}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469552651,"flow_last_seen":1120469552651,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120469733221,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.37.115.0","src_port":2712,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469542336,"flow_last_seen":1120469542336,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469733221,"l3_proto":"ip4","src_ip":"217.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469542336,"flow_last_seen":1120469542336,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469733221,"l3_proto":"ip4","src_ip":"217.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -210,13 +210,13 @@
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469828958,"flow_last_seen":1120469828958,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469828958,"l3_proto":"ip4","src_ip":"192.168.1.202","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1120469828958,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469828958,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOah8AAIARTC7AqAHKwKgB\/wCJAIkAOluchP8BEAABAAAAAAAAIEVGRURFSkZQRUVFUEVOa0JFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469828958,"flow_last_seen":1120469828958,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469828958,"l3_proto":"ip4","src_ip":"192.168.1.202","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":136,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120469830657}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":136,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469828958,"pkt":"ADBPADRWAODtAW69CABFAI1IaiAAAIARTTHAqAECwKgBAQqsADUANM1AXNgBAAABAAABgAAABF9zaXAEX3VkcANzMnAJY3liZXJjaXR5AmRrAAAhAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":136,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120469830657}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469831652,"flow_last_seen":1120469831652,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469831652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2732,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1120469831652,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469831652,"pkt":"ADBUADRWAODtAXq9CABFAABISiEAAIARTTDAqAECwKgBAQqsADUANM1AXNgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469831652,"flow_last_seen":1120469831652,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469831652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2732,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":138,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120469833655}
00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":138,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469831652,"pkt":"MDBUADRWAODtAW69CABFAABIaiIAE4ARTS\/AqAECwKgBAQqsADUANM1AXNgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":138,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120469833655}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1120469835658,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469835658,"pkt":"ADBUADRWAODtAW69CABFAABIaiMAAIARTS7AqAECwKgBAQqsADUANM1AXNgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":140,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469633828,"flow_last_seen":1120469634840,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1120469835658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":140,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469632829,"flow_last_seen":1120469632829,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1120469835658,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -228,8 +228,8 @@
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847667,"flow_last_seen":1120469847667,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469847667,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1120469847667,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120469847667,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Cq0ARz61yNiAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwmEb2NhbGhvc3QA"}
00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847667,"flow_last_seen":1120469847667,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469847667,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":143,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":475,"global_ts_msec":1120469847669}
00965{"packet_event_id":1,"packet_event_name":"packet","packet_id":143,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":509,"pkt_l4_len":0,"thread_ts_msec":1120469847667,"pkt":"ADBUADRWAODtAVK9CABFAAHvaiZJAIB4FxjAqAEC1PIhIxPEE8QB25tyUkVmSVNURVIgc2lZOnNpcC5jeWJlckdpdHkyZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTZxJXMAMjticmFuY2g9ejloRzRiS25wMTIzNzU5MDYzLTQ2NGJjMWJiMTkyLjE2OC4xLjI7cpdvcnQNaUZyb206IDxzaXA6dm9pMTgwNjJAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTc2MDY5ZTQNClRvOiA8c2lwOnZvaTE4MDYyQHNpcC5jeWJlcmNpdHkuZGs+QwpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":143,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":475,"global_ts_msec":1120469847669}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847979,"flow_last_seen":1120469847979,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469847979,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1120469847979,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469847979,"pkt":"ADBUADRWAODtAW69CABFAABIaicAAIARTSrAqAECwKgBAQquADUANKw8fdoBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847979,"flow_last_seen":1120469847979,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469847979,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -257,8 +257,8 @@
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469681446,"flow_last_seen":1120469689458,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469865145,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685131,"flow_last_seen":1120469685131,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469865145,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":25481,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685131,"flow_last_seen":1120469685131,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469865145,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":25481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":157,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120469876437}
00416{"packet_event_id":1,"packet_event_name":"packet","packet_id":157,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120469875687,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABPai8AAIARTB7AqAECwKgB\/wCJAIkAOluZhQIBEAABWQAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQWNNAAAgAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":157,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120469876437}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469877188,"flow_last_seen":1120469877188,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469877188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":169,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1120469877188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469877188,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOajAAAIARTB3AqAECwKgB\/wCJAKkAOluZhQIBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNB10FDQUJNAAAgAAE="}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469697460,"flow_last_seen":1120469697462,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120469877188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
@@ -269,8 +269,8 @@
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469922894,"flow_last_seen":1120469922894,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469922894,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1120469922894,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469922894,"pkt":"ADBUADRWAODtAW69CABFAABIJXMAAIARTRvAqAECwKgBAQp8ADUANK14fNwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJRHliZXJjaXR5AmRrAAAhAAE="}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469922894,"flow_last_seen":1120469922894,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469922894,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.dybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":163,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120469924456}
00416{"packet_event_id":1,"packet_event_name":"packet","packet_id":163,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120469923705,"pkt":"\/\/\/\/\/\/\/\/AODtAW69qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":163,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120469924456}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469924897,"flow_last_seen":1120469924897,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469924897,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.17","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1120469924897,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469924897,"pkt":"ADBUADRWAODtAW69CABFAABIajoAAIARTRfAqAECwKgBEQqwADUANK04fNwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469924897,"flow_last_seen":1120469924897,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469924897,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.17","src_port":2736,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -308,8 +308,8 @@
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1120469957944,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469957944,"pkt":"ADBUADRWAODtAW69CABFAABIakkAAIARTQjAqAECwKgBAQq0ADUANP0xLN82AAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469956945,"flow_last_seen":1120469957944,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469957944,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1120469959947,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469959947,"pkt":"ADBUADRWAODtAW69CABFAABIakoAAIARTQfAqAECwKgBAQq0ADUANP0xLN8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":186,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2151,"global_ts_msec":1120469961950}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":186,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2151,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469959947,"pkt":"ADBUADRWAODtAW69CGdFAABIaksAAIARTQbAqAECwKgBAQq0ADUAPP0xLN8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":186,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2151,"global_ts_msec":1120469961950}
00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469956945,"flow_last_seen":1120469965955,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469965955,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":188,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1120469572981,"flow_last_seen":1120469956406,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":6064,"flow_avg_l4_payload_len":505,"midstream":0,"thread_ts_msec":1120469965955,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469970215,"flow_last_seen":1120469970215,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469970215,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":8329,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -329,8 +329,8 @@
00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469985981,"flow_last_seen":1120469988978,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469988978,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":35,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1120469990981,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469990981,"pkt":"ADBUADRWAOLtAW69CABFAABIalYAAIARTPvAqAECwKgBAQq2ADUANHZOs8ABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":197,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469985981,"flow_last_seen":1120469990981,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469990981,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":199,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2115,"global_ts_msec":1120470000407}
00619{"packet_event_id":1,"packet_event_name":"packet","packet_id":199,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":243,"pkt_type":2115,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":243,"pkt_l4_len":0,"thread_ts_msec":1120469994988,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCENFAADlXL4AAIARWNHAqAEpwKgB\/wCKAIoA0SAWEQKRS8CoASkAigC7AAAgRU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEbuRVBGQ0VMRUhGQ0VQRkZGQUNBQyVzAENBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlxU0xPVFxCUk9XU0UAAQCA\/AoATEFCMTExAAAAAA+y781oIgUBAxAAAA8BVaoA"}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":199,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2115,"global_ts_msec":1120470000407}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470002989,"flow_last_seen":1120470002989,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470002989,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1120470002989,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470002989,"pkt":"ADBUADRWAODtAW69CABFAABEalgAAIARTP3AqAECwKgBAQq3ADUAMKhFfMIAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470002989,"flow_last_seen":1120470002989,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470002989,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -400,8 +400,8 @@
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066201,"flow_last_seen":1120470066201,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470066201,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1120470066201,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470066201,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Cq0AR+y1GsiAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066201,"flow_last_seen":1120470066201,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470066201,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":238,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":10240,"global_ts_msec":1120470066203}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":238,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":10240,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"thread_ts_msec":1120470066201,"pkt":"ADBUADRWAODtAW69KABFAAAhankAAIARGJPAqAEC1PIhIxPEE8QADcBLICAgICA="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":238,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":10240,"global_ts_msec":1120470066203}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066293,"flow_last_seen":1120470066293,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470066293,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1120470066293,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470066293,"pkt":"ADBUADRWAODtAW69CABFAABIanoAAIARTNfAqAECwKgBAQq+ADUANBAIP8gBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhAAE="}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066293,"flow_last_seen":1120470066293,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470066293,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.voip.brujula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -448,8 +448,8 @@
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":265,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469922894,"flow_last_seen":1120469922894,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470102883,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":265,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469924897,"flow_last_seen":1120469924897,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470102883,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.17","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":265,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469921898,"flow_last_seen":1120469930905,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470102883,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":267,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470112342}
00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":267,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470110894,"pkt":"ADBUAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":267,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470112342}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470113337,"flow_last_seen":1120470113337,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1120470113337,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1120470113337,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":17,"thread_ts_msec":1120470113337,"pkt":"ADBUADRWAODtA269CABFAAAlcwAAAIARTLzAqAECwKgBAQrCADUAPKwzfc8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470114910,"flow_last_seen":1120470114910,"flow_idle_time":600000,"flow_min_l4_payload_len":383,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":383,"midstream":0,"thread_ts_msec":1120470114910,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"flow_datalink":1,"flow_max_packets":3}
@@ -517,19 +517,19 @@
00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187656,"flow_last_seen":1120470187656,"flow_idle_time":600000,"flow_min_l4_payload_len":71,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":71,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1120470187656,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1120470187656,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470187656,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEAlcwDAqAEBwKgBAgA1CscAR96AKPOAAAABAAEAAAAAATFCMAEwAzEyNwdpbq1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470002989,"flow_last_seen":1120470002991,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470187658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470199678}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470187658,"pkt":"ADBUADRWAODtAW69CABBAABIarMAAIARTJ7xqAECwKgBAQrIADUANHAIufQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470199678}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470200673,"flow_last_seen":1120470200673,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470200673,"l3_proto":"ip4","src_ip":"192.22.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1120470200673,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470200673,"pkt":"ADBUADRWAODtAW69CABFAABIaqsAAIARTJ3AFgECwKgBAQrIADUANHAIufQBALQBAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470202676,"flow_last_seen":1120470202676,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470202676,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1120470202676,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470202676,"pkt":"ADBUADRWAODtAW69CABFAABIarUAAIARTJzAqAECwKgBAQrIADUANHAIufQBAAABAAAAAAAABF9zaXAEZXVkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":305,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470202676,"flow_last_seen":1120470202676,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470202676,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip.eudp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":306,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":47872,"global_ts_msec":1120470204679}
00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":306,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":47872,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470202676,"pkt":"ADBUADRWAODtAW69uwBFAABIarYAAIARTJvAqAECwKgBAQrIADUANHAIufQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":306,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":47872,"global_ts_msec":1120470204679}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":307,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470207908}
00414{"packet_event_id":1,"packet_event_name":"packet","packet_id":307,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470202676,"pkt":"\/zT\/\/\/\/\/AODVAW69CABFAFJOarcAAIARkZbAqAECwKgB\/wCJAIkAOlt+hR0BEAABAAAAAABFIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":307,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470207908}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":308,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_msec":1120470208654}
00416{"packet_event_id":1,"packet_event_name":"packet","packet_id":308,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":9587,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470202676,"pkt":"\/\/\/\/\/\/\/\/AODtAW69JXMAAABOargAAIARS5XAqAECwKgB\/wCJAIkAOlt+hZ0BEAABAAAAAAAAIEVGRURFSkZQRUVFUEVOREJFSkVPQ0FDQUNBQ0GQQUJNAAAgAAE="}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":308,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_msec":1120470208654}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":2,"flow_last_seen":1120470208684,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470208684,"pkt":"ADBUADRWAODtAW69CABFAABIarkAAIARTJjAqAECwKgBAQrIADUANHAIufQBAAABAAAAADYABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470202676,"flow_last_seen":1120470208684,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470208684,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":311,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470019512,"flow_last_seen":1120470019512,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470209405,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":88,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
@@ -545,27 +545,27 @@
00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":315,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470216783,"flow_last_seen":1120470217778,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470217778,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":3,"flow_last_seen":1120470219780,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470219780,"pkt":"ADBUADRWAODtAW69CABFAABIar8AAIARTJLAqAECwKgBAQrKADUANKsCfvgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AnNrAAAhAAE="}
00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470216783,"flow_last_seen":1120470219780,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.sk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":317,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":29440,"global_ts_msec":1120470221783}
00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":317,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":29440,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470219780,"pkt":"ADBUADRWAODtAW4lcwBFAABIasAAAIARTJHAqAECwKglcwDKADUANKsCfvgBAAABAAAAAAgABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":317,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":29440,"global_ts_msec":1120470221783}
00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":318,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120470225789}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":318,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470219780,"pkt":"ADBUADRWAODtAW69CACbAABIasEEAIARTJDAqAECwKgBAQrKADUANKsCfvgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00196{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":318,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120470225789}
00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032081,"flow_last_seen":1120470032081,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032081,"flow_last_seen":1120470032081,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470032083,"flow_last_seen":1120470032083,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470035175,"flow_last_seen":1120470035175,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470032178,"flow_last_seen":1120470041184,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":29440,"global_ts_msec":1120470233791}
00397{"packet_event_id":1,"packet_event_name":"packet","packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":82,"pkt_type":29440,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":82,"pkt_l4_len":0,"thread_ts_msec":1120470219780,"pkt":"ADBUADRWAODtSm4lcwBFAABEasIAAIARTJPAqAECwKgBAQrLADUAMHT6r\/kAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":29440,"global_ts_msec":1120470233791}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233792,"flow_last_seen":1120470233792,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470233792,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1120470233792,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470233792,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CssAR1d2r\/mAAAAmcwEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAYAAJxAACwlsb2NhbGhvc3QA"}
00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233792,"flow_last_seen":1120470233792,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470233792,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":38,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":321,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2176,"global_ts_msec":1120470233794}
01441{"packet_event_id":1,"packet_event_name":"packet","packet_id":321,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":867,"pkt_type":2176,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":867,"pkt_l4_len":0,"thread_ts_msec":1120470233792,"pkt":"ADBUADRWAODtAW69CIBFAANVaMMAAIARFRXAqAEC1PIhIxPEE8QDQYjhSU5WSVRFIHNpcDowMDk3MjM5Mjg3MDQ0QHNpcC5jeWJlcmNpdHkuZGsgU0lQL1MuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjo1MDYwO2JyYW5jaD16OWhHNGJLbnA4NTIxMzY5NC00MzBhYTFkZTGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":321,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2176,"global_ts_msec":1120470233794}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":322,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233796,"flow_last_seen":1120470233796,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470233796,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1120470233796,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470233796,"pkt":"ADBUADRWAODtAW69CABFAABIasQAAIARTI3AqAECwKgBAQrMADUANEn93\/sBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233796,"flow_last_seen":1120470233796,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470233796,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":323,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470234292}
01442{"packet_event_id":1,"packet_event_name":"packet","packet_id":323,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":867,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":867,"pkt_l4_len":0,"thread_ts_msec":1120470233796,"pkt":"ADBUADRWAOCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":323,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470234292}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_last_seen":1120470234792,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470234792,"pkt":"ADBUADRWAODtAW69CABFAABIasYAAIARTIvAqAECwKgBAQrMADUANEn93\/sBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470236795,"flow_last_seen":1120470236795,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470236795,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1120470236795,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470236795,"pkt":"ADBUADRWAODtAW69CABFAABIaskAAIARTIjAqAECqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
@@ -596,8 +596,8 @@
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470251907,"flow_last_seen":1120470251907,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470251907,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":2,"flow_last_seen":1120470253909,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470253909,"pkt":"ADBUADRWAODtAW69CABFAABIatAAAIARTIHAqAECwKgBAQrOADUANK35e\/0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZTBjaXR5AmRrAAAhAAE="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":338,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470251907,"flow_last_seen":1120470253909,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470253909,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybe0city.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":339,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470255912}
00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":339,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470253909,"pkt":"ADBUAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":339,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470255912}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470259918,"flow_last_seen":1120470259918,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470259918,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1120470259918,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470259918,"pkt":"ADBUADRWAODtAW69CABFAABIatkAAIQRTHjAqAECwKgBATnOADUANK35e\/0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhABE="}
00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470259918,"flow_last_seen":1120470259918,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470259918,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -611,8 +611,8 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470267925,"flow_last_seen":1120470267925,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470267925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1120470267925,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470267925,"pkt":"ADBUADRWAODtAW69CABFAABIatwAAIARTHXAqAECwKgBAQrQADUANDb28v4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470267925,"flow_last_seen":1120470267925,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470267925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":350,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470268921}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":350,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470268180,"pkt":"ADBUADRWAODtAW69CABFAGhIat4AAIARTHPAqAECwKgBAQrQADUANDb28v4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":350,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470268921}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470270925,"flow_last_seen":1120470270925,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470270925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1120470270925,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470270925,"pkt":"ADBUADRWAODtAW69CABFAABIat8AAIARTHLAqAECwKgBAYrQADUANDb28v4BAAABwwAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470270925,"flow_last_seen":1120470270925,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470270925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -633,27 +633,27 @@
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470284935,"flow_last_seen":1120470284935,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470284935,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2769,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470284936,"flow_last_seen":1120470284936,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470284936,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":117,"dst_port":2769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1120470284936,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470284936,"pkt":"AODtAW4FADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgB1CtEARyVzAP+AAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":356,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":13,"global_ts_msec":1120470284937}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":356,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"thread_ts_msec":1120470284936,"pkt":"ADBUADRWAODtAW69CABFAAAhauMAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":356,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":13,"global_ts_msec":1120470284937}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470102883,"flow_last_seen":1120470102883,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1120470284936,"l3_proto":"ip4","src_ip":"192.86.1.2","dst_ip":"200.68.120.99","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470102883,"flow_last_seen":1120470102883,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1120470284936,"l3_proto":"ip4","src_ip":"192.86.1.2","dst_ip":"200.68.120.99","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470100319,"flow_last_seen":1120470100321,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470284936,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470298331}
00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470284936,"pkt":"qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470298331}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":358,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_msec":1120470299325}
00401{"packet_event_id":1,"packet_event_name":"packet","packet_id":358,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":9587,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470284936,"pkt":"ADBUADRWAODtAW69JXMAAABIauUAAIARTGzAqFwCwKgBAQrSADUANCnz\/\/8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":358,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_msec":1120470299325}
00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470301328,"flow_last_seen":1120470301328,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1120470301328,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":127,"flow_datalink":1,"flow_max_packets":3}
00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1120470301328,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470301328,"pkt":"ADBUADRWAODtAW69CABFAABIauYAAIB\/TGvAqAECwKgBAQrSADUANCnz\/\/8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJYnliZXJjaXR5AmRrAAAhAAE="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":360,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470303331,"flow_last_seen":1120470303331,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470303331,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1120470303331,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470303331,"pkt":"ADBUADRWAODtAW69CABFBABIaucAAIARTGrAqAECwKgBAQrSADUANCnz\/\/8BAAABAAAAAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470303331,"flow_last_seen":1120470303331,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470303331,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":361,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470303562}
00416{"packet_event_id":1,"packet_event_name":"packet","packet_id":361,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470303331,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAFhOaugAAIARS2XAqAECwKgB\/wCJAIkAOlt2hSUBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":361,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470303562}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470304312,"flow_last_seen":1120470304312,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470304312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1120470304312,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470304312,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABO7ukAAIARS2TAqAECeKgB\/wCJAIkAOlt2hSUBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUKqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470304312,"flow_last_seen":1120470304312,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470304312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":363,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470305063}
00412{"packet_event_id":1,"packet_event_name":"packet","packet_id":363,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470304312,"pkt":"\/\/\/\/qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":363,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470305063}
00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":2,"flow_last_seen":1120470307336,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470307336,"pkt":"AFNUADRWAEjtAW69CABFAABIausAAIARTGbAqAECwKgBAQrSADUANCnz\/\/8BAABGAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00881{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470303331,"flow_last_seen":1120470307336,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470307336,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470117343,"flow_last_seen":1120470117343,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470307336,"l3_proto":"ip4","src_ip":"14.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -667,8 +667,8 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315340,"flow_last_seen":1120470315340,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470315340,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1120470315340,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470315340,"pkt":"AODtAW68ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CtMARwmH\/eCAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQBhJxAACwlsb2NhbGhvc3QA"}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315340,"flow_last_seen":1120470315340,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470315340,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":367,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":13,"global_ts_msec":1120470315341}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":367,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"thread_ts_msec":1120470315340,"pkt":"ADBUADRWAODtAW69CABFAAAhau0AUoARGB8NqAEC1PIhIxPEE8QADcBLICAgNiA="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":367,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":13,"global_ts_msec":1120470315341}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315653,"flow_last_seen":1120470315653,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120470315653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1120470315653,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1120470315653,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAADlau4AAIARSsjAqAECwKgB\/wCKAIoA0VstEQ6FJ8CoAQIAigC7AAAgRUVEQURBRENERURHREZDtkNBQ0FDQUNBQ0FDQUNBQ0EAIEVGRURFSkZQRUVFOEVORUJFSkVPQ0FDQUNBQ0FDQUJOAP9TTUIlNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhBFYAAwABAAAAAgA2AFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoARDAwMjQ2NQAAAAAAAAAAAAUAA2EAAA8BVaoA"}
00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315653,"flow_last_seen":1120470315653,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120470315653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
@@ -689,8 +689,8 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470344560,"flow_last_seen":1120470344560,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2773,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1120470344560,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470344560,"pkt":"ADBUADRWAODtAW69CABFAABEavQAAIARTEHAqAECwKgBAQrVADUAMLAHdOoEAAABAAAAAAAAATEBMAEwAzEyNwdpTC1hZGRyBGFycGEAAAwAAQ=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470344560,"flow_last_seen":1120470344560,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2773,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.il-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":377,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470344562}
00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":377,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470344560,"pkt":"AODtAW69ADBUADRWCABFAABbAACGAEARtz7AqAEBwKgBAgA1CtUAR5KDdOKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":377,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470344562}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470170646,"flow_last_seen":1120470170646,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470352381,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00885{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470173644,"flow_last_seen":1120470173644,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470352381,"l3_proto":"ip4","src_ip":"192.168.37.115","dst_ip":"128.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"1":"Match by port"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470173644,"flow_last_seen":1120470173644,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470352381,"l3_proto":"ip4","src_ip":"192.168.37.115","dst_ip":"128.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -718,8 +718,8 @@
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470385615,"flow_last_seen":1120470385615,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470385615,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_last_seen":1120470386610,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470386610,"pkt":"ADBUADRWAODtAW69CABFAABIawUAAKARTEzAqAECwKgBAQrYADUANEcJLuMBAAABAAAAAAAABV9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00882{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470385615,"flow_last_seen":1120470386610,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470386610,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":392,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470388613}
00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":392,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470386610,"pkt":"ADBUADSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":392,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470388613}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_last_seen":1120470390616,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470390616,"pkt":"ADBUADRWAODtAW69CABFAABIawsAAIARTEbAqAECwKgBAQrYADUANPsJLuMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470385615,"flow_last_seen":1120470390616,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470390616,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00881{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470200673,"flow_last_seen":1120470200673,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470394622,"l3_proto":"ip4","src_ip":"192.22.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"1":"Match by port"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -727,8 +727,8 @@
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470202676,"flow_last_seen":1120470208684,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470394622,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470216686,"flow_last_seen":1120470216688,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1120470394622,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470216783,"flow_last_seen":1120470219780,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470394622,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":397,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470399719}
00416{"packet_event_id":1,"packet_event_name":"packet","packet_id":397,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470398968,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOazwAJXMASxHAqAECwKgB\/wD+AIkAOltshS8BFAABAAAAAAAAIEVGRURFSkZQRUVFUEVOJXMASkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":397,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470399719}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402624,"flow_last_seen":1120470402624,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470402624,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1120470402624,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470402624,"pkt":"ADBUADRWAODtAW69CABFAABEaz0AAIARTBjAqCECwKgBAQreADUAMNT8T+QAAAABAAAAAAAAQTEBMAEwAzEyNwdpbi1hZGQgBGFycGEAAAwAAQ=="}
00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402624,"flow_last_seen":1120470402624,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470402624,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -737,15 +737,15 @@
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402625,"flow_last_seen":1120470402625,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470402625,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402627,"flow_last_seen":1120470402627,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1120470402627,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1120470402627,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":47,"pkt_l4_len":13,"thread_ts_msec":1120470402627,"pkt":"ADBUADRWAODtAW69CABFAAAhaz4AAIARF87AqAEG1PIhIxPEE8QADcBLICAgICA="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":401,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2566,"global_ts_msec":1120470407625}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":401,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2566,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1120470402627,"pkt":"AODtAW5nADBUADRWCgYAAQgABgQAAQAwVAA0VsCoAQEAAAAAAADAqAECiGQRAPY3AArAIQkOAAjPO\/nN"}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":401,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2566,"global_ts_msec":1120470407625}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470414647,"flow_last_seen":1120470414647,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1120470414647,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470414647,"pkt":"ADBUADRWAODtAW69CABFAABIa0oAAIARTAfAqAECwKgBAQrfADUANOABSeQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAQhAAE="}
00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470414647,"flow_last_seen":1120470414647,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1057,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_last_seen":1120470415643,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470415643,"pkt":"ADBUJXMAAODtAW69CABFAABIa0sAAIARTAbAqAECwKgBAQrfADUANOABSeQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":404,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470414647,"flow_last_seen":1120470415643,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470415643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":405,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470417645}
00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":405,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470415643,"pkt":"ADBUADRWAOCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":405,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470417645}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470419648,"flow_last_seen":1120470419648,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470419648,"l3_proto":"ip4","src_ip":"0.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1120470419648,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470419648,"pkt":"ADBUADRWAODtAW69CABFAABIa00AAIARJXMAqAECwKgBAQrfADUANOABSeQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470419648,"flow_last_seen":1120470419648,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470419648,"l3_proto":"ip4","src_ip":"0.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -761,10 +761,10 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431657,"flow_last_seen":1120470431657,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470431657,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1120470431657,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470431657,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgFAgA1CuAAR2l1neWAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFzcGEAAAwAAcAMAAwAAQAAJyVzAAlsb2NhbGhvc3QA"}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431657,"flow_last_seen":1120470431657,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470431657,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.aspa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":411,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":18688,"global_ts_msec":1120470439142}
00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":411,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":18688,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470431658,"pkt":"ADBUADRWAODtAW69SQBFAIBIa1EAAIARTADAqAECwKgBAQrhADUANAD+KOYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":411,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":18688,"global_ts_msec":1120470439142}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":412,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470440137}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":412,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470431658,"pkt":"ADBUADRWAODtAW69CABFAABIa1LfAEwlcwDAqAECwKgBAQrhADUANAD+KOYBAAABAAAAQAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":412,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470440137}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470259918,"flow_last_seen":1120470259918,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470431658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470250807,"flow_last_seen":1120470250807,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470431658,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2765,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250805,"flow_last_seen":1120470250805,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470431658,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -785,8 +785,8 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456151,"flow_last_seen":1120470456151,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470456151,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1120470456151,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470456151,"pkt":"ADBUADRWAODtAW69CABFAABEa1kAAIARS\/zAqAECwKgBAwriADUAMED14+cAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZKxyBGFycGEAAAwAAQ=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456151,"flow_last_seen":1120470456151,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470456151,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-ad?r.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":420,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470456152}
00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":420,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470456151,"pkt":"AODtAW69ADBUADRWCABFAABbAABACEARtz7AqAEBwKgBAgA1CuIARyNx4+eAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":420,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470456152}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456286,"flow_last_seen":1120470456286,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470456286,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":9587,"dst_port":196,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01099{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1120470456286,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_msec":1120470456286,"pkt":"AODtAW69ADBUADRWCABFAAIBAABAADcRiizU8iEjwKgBAiVzAMQB7c3hU0lQJXMAMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA3NiBSRUdJU1RFUg0KRnJvbTogPHNpcDp2b2kxODA2MkBzaXAuY3liZXJjaXR5LmRrPjN0YWc9M2JmZmNjYw0KVG86IDxzaXA6dm9pMTgwNjJAc2lwLmN5+GVyY2l0cS5kaz47dGFnPTAwLTA0MDkwLTE3MDFiNjUxLTE1YzIzOGNlNg0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZUNlaXNlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5aEc0YktucDYyOTEzNjY1LTQzMGFhMmRhMTkyLjE2OC4xLjINCldXVy0lcwBoZW50aWNhtWU6IERpZ2VzdFNyZWFsbT0ic2lwLmN5YmVyYyVzAEFkayIsbm9uY2VUIjE3MDFiNjM5MTQ4MDVjZDIxMzk1MzZjMDAzMjNkNTgiLG9wYXF1ZT0iMTcwMWExMzUxYjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aCVzAEQ1DQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456513,"flow_last_seen":1120470456513,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470456513,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.3.1","src_port":2787,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -809,12 +809,12 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470473526,"flow_last_seen":1120470473526,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470473526,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1120470473526,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470473526,"pkt":"ADBUADRWAODtAW69CABFAABEa2AAAIARS\/XAqAECwKgBAQrkADUAMLnxaukAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470473526,"flow_last_seen":1120470473526,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470473526,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2788,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":429,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470473527}
00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":429,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470473526,"pkt":"AODtAW69ADBUADRWCABFAABbAABAJXMAtz7AqAEBwKgBAgA1CuQAR5xtaumAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3Qw"}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":429,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470473527}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":431,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2157,"global_ts_msec":1120470473631}
00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":431,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2157,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470473529,"pkt":"ADBUADRWACVzVG69CG1FAABIa2IAAIARS+\/AqAECwKgBAQrlADUANLH1d+oBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":431,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2157,"global_ts_msec":1120470473631}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":432,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":498,"global_ts_msec":1120470473676}
00997{"packet_event_id":1,"packet_event_name":"packet","packet_id":432,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":532,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":532,"pkt_l4_len":0,"thread_ts_msec":1120470473529,"pkt":"AODtCW69ADBUADRWCABFACVzAABAADcRiifU8iEjwKgBAhPEE8QB8jJ0U0lQLzIuMCA0MDEgbm9uY2UgaGFzIGNoYW5nZWQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDc3IFJFR0lTVEVSDQpGcm9tOiA8c2lwOnZvaTE4MDYyQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz0zYTU4MTQxDQpUbzogPHNpcDp2b2kxODA2MkBzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwODktMTcwMWI2ODMtMThlYzGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":432,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":498,"global_ts_msec":1120470473676}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470474627,"flow_last_seen":1120470474627,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470474627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1120470474627,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470474627,"pkt":"ADBUADRWAODtAW69CABFAABIa2MAAIARS+7AqAECwKgBAQrlADUANLH1d+oBgAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470474627,"flow_last_seen":1120470474627,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470474627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -829,8 +829,8 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490640,"flow_last_seen":1120470490640,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1120470490640,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470490640,"pkt":"ADBUADRWAODlAW69CABFAABEa2cAAIARS+7AqAECwKgBAQrmADUAMMHtYusAAAABAAAA6QAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490640,"flow_last_seen":1120470490640,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2790,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":440,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470490642}
00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":440,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470490640,"pkt":"AJLtAW69ADBUADRWCABFAABbAABADUARtz7AqAEBwKgBAgA1CuYAR6QBYuuAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":440,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470490642}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490782,"flow_last_seen":1120470490782,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470490782,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01099{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1120470490782,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_msec":1120470490782,"pkt":"AODtAW69ADBUADRWCABFAAIBAABAADcRiizU8iEjwCVzABPEE8QB7RaaU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA3OCBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9M2EyZDBkYw0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0NC5kaz47dGFnPTAwLTk0JXMALTE3MDFiNmFiLTEzOTM1YzgzNA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyYWNlaXZlZD04MC4yMzAuMjE5cjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5SEc0YktucDYxMDAxODczLTQzYmViWWE1MTkyLjE2OC4xLjINCldXVy1BdXRoZW50aWNhdGU6IERpZ2VzdCByZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsbm9mY2U9IjE3MDFiNjliNDdiNTFjNmQ2NmM5ZTQ1MDNjNjc5YzIiLG9wYXF1ZT0iMTcwMWExMzUxZjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aG30TUQ1DQpDb250ZW50Lf5lbmd0aDogMA0KDQo="}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490782,"flow_last_seen":1120470490782,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470490782,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
@@ -840,8 +840,8 @@
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470492042,"flow_last_seen":1120470492042,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470492042,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1120470492042,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470492042,"pkt":"ADBUADRWAODtAW69CABFAABIa2oAAIARS+fAqAE1wKgBAQrnADUANKbygusBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470492042,"flow_last_seen":1120470492042,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470492042,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":445,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470494045}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":445,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470492042,"pkt":"ADBUADRWAODtAW69CABFAABIayVzAIARS+bAqAECwKgBAQrnADUANKbygusBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":445,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470494045}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":446,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470494127,"flow_last_seen":1120470494127,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470494127,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":1120470494127,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470494127,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa2wAAIARSuHAqAECwMIB\/wCJAIkAOltkhTcBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":446,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470494127,"flow_last_seen":1120470494127,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470494127,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
@@ -862,8 +862,8 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":452,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509449,"flow_last_seen":1120470509449,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470509449,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1120470509449,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470509449,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEB8KgBAgA1CugAR8ZmQOyAAABkAAEAAAAAATEBMAEwAzEyNwdpbi1hGmRyBGFycGEAAFcAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509449,"flow_last_seen":1120470509449,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470509449,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-a?dr.arpa","num_queries":100,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":454,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":498,"global_ts_msec":1120470509599}
00997{"packet_event_id":1,"packet_event_name":"packet","packet_id":454,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":532,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":532,"pkt_l4_len":0,"thread_ts_msec":1120470509450,"pkt":"AODtAW69ADBUADRWCABFAEMGAABAADcRiifU8iEjwKgBAhPEE8QB8vKXU0lQLzIuMCA0MDEgbm9uY2UgaGFzIGNoYW5nZWQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDc5IFJFR0lTVEVSDQpGcm9tOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz0zNzBkOGU1DQpUbzogPHNpcDozNTEwNDcyM2pzaXAuY3liZSljaXR5LmRrPjt0YWc9MDAtMDQwODMtMTcwMWI2ZGQtMDUxZjVkYzMxDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNo4uMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTUuNzA7cnBvcnQ9NTA2MDticmFuY2g9ejloRzRiS25wNTc3MjYxOTctNDg0MWM3Y2QxOTIuMTY4LjEuMvQKV1dXLUF1dGhlbnRpY2F0ZTogRGlnZXN0IHJlYWxtPSJzaXAuY3lzZXJjaXR5LmRrIixub25jZT0iMTcwMWI2Y2MxY2JjOTBkMzI4ZmUxZjFhMzFhMmM0ZSIsb3BhcXVlPSIxNzAxYTEzNTFmNzA3OTUiLHN0YWxlPWZhbHNlLGFsZ29yaXRobT1NRDUNCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":454,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":498,"global_ts_msec":1120470509599}
00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1120469572981,"flow_last_seen":1120470509450,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":11994,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":1120470509450,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00594{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470327552,"flow_last_seen":1120470336558,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470509450,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470332553,"flow_last_seen":1120470332553,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470542975,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.184.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -884,8 +884,8 @@
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470385615,"flow_last_seen":1120470394622,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470590283,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470402625,"flow_last_seen":1120470402625,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470590283,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402624,"flow_last_seen":1120470402624,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470590283,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470636050}
00416{"packet_event_id":1,"packet_event_name":"packet","packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470590283,"pkt":"\/\/\/\/\/\/\/\/AODtAW5LCABFAJxOa4EAAIARSszAqAECwKgB\/wCJAIkAOltZhUIBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFTkVPYkFDQUNBekFDQUJNAAAgAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470636050}
00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456286,"flow_last_seen":1120470456286,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470637551,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":9587,"dst_port":196,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456286,"flow_last_seen":1120470456286,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470637551,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":9587,"dst_port":196,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470033172,"flow_last_seen":1120470033172,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1120470637551,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":240,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -919,8 +919,8 @@
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_last_seen":1120470662812,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470662812,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMUAAIARWWHAqAEpwKgB\/wCJAIkAOGggkVIBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUM1Q0FDQUNBQ0FDQUJMAAAgAAE="}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":3,"flow_last_seen":1120470663563,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470663563,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMYAAIARWWDAqAEpwKgB\/wCJAIkAOmggkVIBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJMAAAgAAE="}
00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":3,"flow_last_seen":1120470666317,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1120470666317,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAADKXMcAAIARWOPAqAEpwKgB\/wCKAIoAtl+rEQKRU8CoASkAigCgAAAgRU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEQIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAABMAAAAAAAAAAAAEQAABgAAQAAAAAAAAOgDAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTYAM8A"}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":474,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470667069}
00416{"packet_event_id":1,"packet_event_name":"packet","packet_id":474,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470666318,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAFJOXMkAAIARWV3A6AEpwKgB\/wCJAIkAOmgdkVUBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJMAAAgAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":474,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470667069}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":475,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470457512,"flow_last_seen":1120470465524,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470666318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":475,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470473526,"flow_last_seen":1120470473526,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470666318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":475,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470474627,"flow_last_seen":1120470482638,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470666318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -959,8 +959,8 @@
00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470764674,"flow_last_seen":1120470764674,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"re-.sippstar.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":2,"flow_last_seen":1120470765675,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470765675,"pkt":"AEtUADRWAODtAW69CABFAAA+a5AAAIARS8vAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlZwhzaXC6c3RhcgNjb20AAAEAAQ=="}
00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470764674,"flow_last_seen":1120470765675,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470765675,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"reg.sip?star.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":492,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42,"global_ts_msec":1120470767678}
00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":492,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1120470765675,"pkt":"ADBUADRWAODtAW69CABFAAA+a5EABGQRS8rAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlZwhzaXBwc3RhcgNjb20AAAEAAQ=="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":492,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42,"global_ts_msec":1120470767678}
00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":3,"flow_last_seen":1120470768028,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_msec":1120470768028,"pkt":"AODtAW69ADBUADRWCABFAACbAABAAGcRtv7AqAEBwKgBAgA1CukAh65F6OyBgAABAAEAAgACA3JlZwhzaXBwc3RhcgNjb20AAAEAAcAMAAEAAQAAAlgABFJi0SfAEAACAAEAAAJYAA8CbnMGaHNwZWVkA25ldADAEAACAAEAAAJYAAYDbnMzwEHAPgABAAEAAAUPAAQ+XcA7wFkAAQABAAAFDwAE1d1SAg=="}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":493,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470764674,"flow_last_seen":1120470768028,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1120470768028,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"reg.sippstar.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.98.209.39"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470774132,"flow_last_seen":1120470774132,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470774132,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -977,8 +977,8 @@
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":2,"flow_last_seen":1120470776050,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470776050,"pkt":"ADBUADRWAODtAW69CABFAAA+a20AAIARS8bAqAECwKgBAQrrADUAKvLQ4u8BAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":2,"flow_last_seen":1120470777132,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470777132,"pkt":"ADBUADRWAODtAW69CABFAAA+a5YAAIARS8XAqAECwKgBAQrqADUAKnjTXO4BAAABAAAAAAAQA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":3,"flow_last_seen":1120470778053,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470778053,"pkt":"ADBUADRWAODtAW69CABFAAA+a5cAAIARS8TAqAECwKgBAQrrADUAKvLQ4m8BAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":502,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42,"global_ts_msec":1120470779135}
00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":502,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1120470778053,"pkt":"ADBUADRWAODtAW69CABFAAA+ayVzAIARS8PAqAECwKgBAQrqADUAKnjTXO4BAAABAAAABAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":502,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42,"global_ts_msec":1120470779135}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":503,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470775049,"flow_last_seen":1120470779408,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1120470779408,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"212.242.33.35"}}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":3,"flow_last_seen":1120470779409,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":1120470779409,"pkt":"ACjtAW69ADBUADRWCABFAAByAABAAEARtyfAqAEBwKgBAgA1CuoAXlCmXO6BgAABAAEAAgAAA3NpcAljeWJlcmNpdHkCZGsAAAECAcAMAAEAAQAAASwABNTyISPAEAACAAEAAAEsAAYDbnMywBDAEAACAAEAAAEsAAYDbnMxwBA="}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470775129,"flow_last_seen":1120470779409,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470779409,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"212.242.33.35"}}
@@ -991,8 +991,8 @@
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1120470781608,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470781608,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa5wAAIARSrHAqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":3,"flow_last_seen":1120470782692,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470782692,"pkt":"ADBUADRWAODtAW69CABFAABIa54AAIARS7PAqAECwKgBAQrsADUANNbHUxEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470779487,"flow_last_seen":1120470782692,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470782692,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":511,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470784796}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":511,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470782692,"pkt":"ADBUADRWAODtAW69CABFAAB6a58AAIARS7LAqAECwKgBAQrsADUANNbHUxEBAAABAAAAAAAAJF9zaXAEX3VkcANzaXAJeXliZXJjaXR5AmRrAAAhAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":511,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470784796}
00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187656,"flow_last_seen":1120470187656,"flow_idle_time":600000,"flow_min_l4_payload_len":71,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":71,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1120470782692,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187656,"flow_last_seen":1120470187656,"flow_idle_time":600000,"flow_min_l4_payload_len":71,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":71,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1120470782692,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470788806,"flow_last_seen":1120470788806,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470788806,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.129","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1003,19 +1003,19 @@
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796801,"flow_last_seen":1120470796801,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470796801,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arp_","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_last_seen":1120470796802,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470796802,"pkt":"AODtAW69ADBUADRWCABFiQBbAABAAEARtz7AqAEBwKgBAgA1Cu0ARzw7yxKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470796801,"flow_last_seen":1120470796802,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470796802,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":515,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":474,"global_ts_msec":1120470796804}
00965{"packet_event_id":1,"packet_event_name":"packet","packet_id":515,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":508,"pkt_l4_len":0,"thread_ts_msec":1120470796802,"pkt":"ADBUADRWAODtAW69CABFAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":515,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":474,"global_ts_msec":1120470796804}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796941,"flow_last_seen":1120470796941,"flow_idle_time":180000,"flow_min_l4_payload_len":482,"flow_max_l4_payload_len":482,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":482,"midstream":0,"thread_ts_msec":1120470796941,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01096{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1120470796941,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"thread_ts_msec":1120470796941,"pkt":"AODtAW69ADBUADRWCABFAAH+AABAADcRii\/U8iEjwKgBAhPEE8QB6uoyU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiAyOTg1ODE0Ny00NjViMDc1MkAyOTg1ODA1MS00NjViMDdiMg0KQ1NlcTogMSBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MWI4OWJjZA0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTAwLTA0MDcyLTE3MDFiOTQxLTc3OTk0NTg0Mw0iVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZWNlaXZlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmPYPWM5aEc0YktucCVzADc0Njg2LTQ1NWRiYmQ5MTkyLjE2OC4xLjINCldXYy1BdXRoZW50aWNhdGU6IERpZ2VzdCByZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsbm9uY2U9IjE3MDFiOTMzM2U4NzEzMmUxZjc0N2M1MDcyNjNkOTMiLG9wYXF1ZT0iMTcwMWExMzUxZjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aG09TUQ1DQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796941,"flow_last_seen":1120470796941,"flow_idle_time":180000,"flow_min_l4_payload_len":482,"flow_max_l4_payload_len":482,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":482,"midstream":0,"thread_ts_msec":1120470796941,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":517,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470797172}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":517,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470796941,"pkt":"ADBUADRWAODtAW69CABFAACBa6MAAIARSyVzAAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXB0Y3liZXJjaXR5AmRrAAAhAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":517,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470797172}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470798172,"flow_last_seen":1120470798172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470798172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1120470798172,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470798172,"pkt":"ADBUABRUAODtAW69CABFAABIa6QAAIARS63AqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470798172,"flow_last_seen":1120470798172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470798172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_last_seen":1120470800175,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470800175,"pkt":"ADBUADRWAODtAW69CABFAABIa6UAAIARS6zAqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":520,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2167,"global_ts_msec":1120470802178}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":520,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2167,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470800175,"pkt":"ADBUADRWAODtAW69CHdFAABIa6YAAIARS6vAqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEXyVzAANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":520,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2167,"global_ts_msec":1120470802178}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":3,"flow_last_seen":1120470806184,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470806184,"pkt":"ADBUADRWAODtAW69CABFAABIa6cAAIARS6rAqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":522,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814186,"flow_last_seen":1120470814186,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470814186,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2799,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1120470814186,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470814186,"pkt":"ADBUADRWAODtAW69CABFAABEa6gAAIARS63AqAECwKgBAQrvADXTMAi8HBQAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
@@ -1033,15 +1033,15 @@
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":3,"flow_last_seen":1120470817390,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470817390,"pkt":"ADBUADRWAODtAW69CABFAABIa6wAAIARS6XAqAECwKgBAQrwADUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470819393,"flow_last_seen":1120470819393,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1120470819393,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1120470819393,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":17,"thread_ts_msec":1120470819393,"pkt":"ADBUADRWAODtAW69CABFAAAlcwAAAIARS6TAqAECwKgBAQrwABUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3libXJjaXR5AmRrAAAhAAE="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":531,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_msec":1120470823399}
00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":531,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":9587,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470819393,"pkt":"ADBUADRWAODtAW69JXMAAABIa64AAIARS6PAqAECwKgBAQrwADUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":531,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_msec":1120470823399}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831400,"flow_last_seen":1120470831400,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470831400,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1120470831400,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470831400,"pkt":"ADBUADRWAODtAW69CABFAABEa7IAAIARS6PAqAECwKgBAQrxADUAMKq2ehcAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAQAwAAQ=="}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831400,"flow_last_seen":1120470831400,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470831400,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16396,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_last_seen":1120470831402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470831402,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvEAR40yeheAAAABAAEAAAAAATEBMCVzADEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00886{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":536,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470831400,"flow_last_seen":1120470831402,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470831402,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":16396,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":537,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":474,"global_ts_msec":1120470831403}
00965{"packet_event_id":1,"packet_event_name":"packet","packet_id":537,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":508,"pkt_l4_len":0,"thread_ts_msec":1120470831402,"pkt":"ADBUADRWAODtAW69CABFAAHua7MAJXMAFYzAqAEC1PIhIxPEE8QB2oO4UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMjY5MzY5tDUtNDc5ZTgzZjExOTIuMTY4LjEuMjtycG9ydA0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MTliMDYxNA0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz4NCkNhbGwtSUQ6IDI5ODU4MTQ3LTQ2NWIwNzUyQDI5ODU4MDUxLTQ2NWIwN2IyDQpDb250YWN0OiBwZWwgPHNpcDozNTEwNDcyM0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9N2QzNjU1OGYzMTM2NzA1MT47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDMgUkVHSVNURVINCkNvbnRlbnQtTGVuZ3RoOiAwDQpNYXgtRm9yd2FyZHM6IDcwDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb2wgMi4wLjUxLjE2DQoNCg=="}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":537,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":474,"global_ts_msec":1120470831403}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":538,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831516,"flow_last_seen":1120470831516,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470831516,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":1120470831516,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470831516,"pkt":"ADBUADRWAODsAW69CABFAABIa7QAAIARS53AqAECwKgBAQoIADUANBq8DxcBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831516,"flow_last_seen":1120470831516,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470831516,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -1065,8 +1065,8 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":549,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470848643,"flow_last_seen":1120470848643,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470848643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1120470848643,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470848643,"pkt":"ADBUADRWAODtAW69CABFAABIW7sAAIARS5bAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470848643,"flow_last_seen":1120470848643,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470848643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":551,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120470848686}
00798{"packet_event_id":1,"packet_event_name":"packet","packet_id":551,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":382,"pkt_l4_len":0,"thread_ts_msec":1120470848682,"pkt":"ADBUADRWAODtAW69CAA\/AAFwa7wAAIARFgHAeQEC1PIhIxPEE8QBXMMEQUNLIHNpcDowMDk3MjM5Mjg3MDQ0QHNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KRnJvbTogImFyaWsiIDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTE3NWExZGQNbENhbGwtSUQ6IDI0NDg3MzkxLTQ0OWJmMmEwQDE5Mi4xNjguMS4yDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNjguMS4yOjUwNjA7YnJhbmNoPXo5aEc0YktucDI0NDY2NDAyLTQ1ZGM2MWQ1MTkyLjE2OC4xLjI7cnBvcnQNClRvOiA8c2lwOjAwOTcyMzkyODcwNDRAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTBMLTA0JXMALTE3MDFiOWEwLTEzYzkyYTY3Mg0KQ1NlcTogMSBBQ0sNCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="}
00196{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":551,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120470848686}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":2,"flow_last_seen":1120470849636,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470849636,"pkt":"ADBUADRWAODtAW69CABFAABIa70AAIARS5TAqAECwKgBAQr0ADUANOq3JXMAAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJj6XR5AmRrAAAhAAE="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470848643,"flow_last_seen":1120470849636,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberc?ty.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470662062,"flow_last_seen":1120470662062,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"115.0.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
@@ -1074,10 +1074,10 @@
00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":1120469540839,"flow_last_seen":1120470830228,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2992,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":3,"flow_last_seen":1120470851639,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470851639,"pkt":"ADBUADRWAODtAW69CABFAABIa74AAIARS5PAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470848643,"flow_last_seen":1120470851639,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470851639,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":554,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2136,"global_ts_msec":1120470853642}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":554,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2136,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470851639,"pkt":"ADBUADRWAODtAW69CFhFAABIa78AAIARS5LAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAET3VkcANzaXAJY3liZXJjaXR5AuRrAFchAAE="}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":554,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2136,"global_ts_msec":1120470853642}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":555,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470857648}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":555,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470851639,"pkt":"ADBUADRWAODtAW69CABFAABJa8QAAIARS43AqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":555,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470857648}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1120470658556,"flow_last_seen":1120470672075,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470851639,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470670573,"flow_last_seen":1120470670573,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470851639,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.37.115","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865650,"flow_last_seen":1120470865650,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470865650,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2805,"dst_port":51,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1097,8 +1097,8 @@
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470685610,"flow_last_seen":1120470685610,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470684859,"flow_last_seen":1120470684859,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470684859,"flow_last_seen":1120470684859,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":568,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2056,"global_ts_msec":1120470882724}
00395{"packet_event_id":1,"packet_event_name":"packet","packet_id":568,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":82,"pkt_type":2056,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":82,"pkt_l4_len":0,"thread_ts_msec":1120470877496,"pkt":"ADBUADRWAODtAW69CAhFAABEa88AAIARS4bCqAECwKgBAQr3ADUAMHGrsxwAAAABAAAAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":568,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2056,"global_ts_msec":1120470882724}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470882726,"flow_last_seen":1120470882726,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470882726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1120470882726,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470882726,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvcAR1QnsxyAAAABAAEAAAAAASVzAAEwAzEyNwdpbi1hZGRyBGF2cGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470882726,"flow_last_seen":1120470882726,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470882726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -1109,8 +1109,8 @@
00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470883845,"flow_last_seen":1120470883845,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470883845,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":30753,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":2,"flow_last_seen":1120470885848,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470885848,"pkt":"ADBUADRWAODtAW69CABFAABIa9MAAIARS37AqAECwKgBAQr4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":573,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470883845,"flow_last_seen":1120470885848,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470885848,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43392,"global_ts_msec":1120470887851}
00401{"packet_event_id":1,"packet_event_name":"packet","packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43392,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470885848,"pkt":"ADBUADRWAODtAW69qYBFAABI\/dQAAIARS33AqAECwKgBAXP4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaWJ5AmRrAAAhAAE="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43392,"global_ts_msec":1120470887851}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470891857,"flow_last_seen":1120470891857,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470891857,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":19192,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1120470891857,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470891857,"pkt":"ADBUADRWAODtAW69CABFAABIa1YAAIARS3zAqAECwKgBAUr4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470891857,"flow_last_seen":1120470891857,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470891857,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":19192,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -1144,10 +1144,10 @@
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470916875,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1120470916875,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470916875,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqOkBwKgBAgA1CvsAR689eAKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470916875,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":591,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470916876}
00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":591,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"thread_ts_msec":1120470916875,"pkt":"ADBUADRWAODtAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":591,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470916876}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":592,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_msec":1120470923515}
00416{"packet_event_id":1,"packet_event_name":"packet","packet_id":592,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":3072,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470916875,"pkt":"\/\/\/\/\/\/\/\/AODtAW4zDABFAABOa+AAAIARSm3AqAECwKgB\/wCJAIkAOltBhVoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":592,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_msec":1120470923515}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470924263,"flow_last_seen":1120470924263,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470924263,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":905,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":1120470924263,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470924263,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa+EAAIARSmzAqAECwKgB\/wCJA4kAOltBhVoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVIQ0FDQUNBQ0FDQUJNAAAgAAE="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470949427,"flow_last_seen":1120470949427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470949427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1156,8 +1156,8 @@
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":2,"flow_last_seen":1120470950421,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470950421,"pkt":"ADBUADRWAODtAW49CABFAABIa+QAAIARS23AqAECwKgBAQr8ADUANNjGUZgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":596,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470949427,"flow_last_seen":1120470950421,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470950421,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":3,"flow_last_seen":1120470952424,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470952424,"pkt":"ADBUADRWAODtAW69CABFAABIa+UAAIARS2zAqAECwKgBAQr8ADUANNjGUQIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":598,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470954427}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":598,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470952424,"pkt":"ADBUADRWAODtAW69CABFAABIa+YAEIARS6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":598,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470954427}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470764674,"flow_last_seen":1120470768028,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1120470958433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470775129,"flow_last_seen":1120470779409,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470958433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470774132,"flow_last_seen":1120470774132,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470958433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1166,26 +1166,26 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966440,"flow_last_seen":1120470966440,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_last_seen":1120470966440,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470966440,"pkt":"ADBUADRWAODtAW69CABFAABEa+gAAIARS23AqAECwKgBAQr9ADUAMIS+oAMAAAABAAAAAAAAATEBMAEwEzEyNwdpbi1hZGByBGFycGEAAAwAAQ=="}
00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966440,"flow_last_seen":1120470966440,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127?in-ad_r?arpa???","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":601,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470966442}
00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":601,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470966440,"pkt":"AJrtBW69ADBUADRWCABFAJFbeQBAAEARtz7AqAEBwKgBAgA1Cv0AR2c6oAOAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGTyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":601,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470966442}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":602,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":822,"global_ts_msec":1120470966443}
01430{"packet_event_id":1,"packet_event_name":"packet","packet_id":602,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":856,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":856,"pkt_l4_len":0,"thread_ts_msec":1120470966440,"pkt":"ADBUADRWAODtAW69CABFAGtKa+kAAIARE\/rAqAEC1PIhIxPEE8QDNtslSU5WSVRFIHNpcDozNTEwNDcyNEBzaXAuY3liZXJraXR5LmRrIFNJUC8yLjANClZpYbcgU0lQLzIuMC9VRFAgMY4yLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTE4ODgyOTgtNDQ4ZTM3NzcxOaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":602,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":822,"global_ts_msec":1120470966443}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":604,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":337,"global_ts_msec":1120470966606}
00781{"packet_event_id":1,"packet_event_name":"packet","packet_id":604,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":371,"pkt_l4_len":0,"thread_ts_msec":1120470966601,"pkt":"ADBUADRWAODtAW69CABFAAFla+oIAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":604,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":337,"global_ts_msec":1120470966606}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966852,"flow_last_seen":1120470966852,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470966852,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":1120470966852,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470966852,"pkt":"ADBUADR2AODtAW69CABFAABIa+sAAIARS2bAqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABF9zaXAEX3VkcAJzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966852,"flow_last_seen":1120470966852,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470966852,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":606,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470967846}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":606,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470966852,"pkt":"ADBUADRWAODtAW69CABFAABIa+yjAIARS2XAqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":606,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470967846}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":607,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":0,"global_ts_msec":1120470969849}
00396{"packet_event_id":1,"packet_event_name":"packet","packet_id":607,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":0,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470966852,"pkt":"ADBUADRWAODtASVzAABFAABIa+0AAIARS2TAqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABGRzaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":607,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":0,"global_ts_msec":1120470969849}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":608,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":0,"global_ts_msec":1120470971072}
00414{"packet_event_id":1,"packet_event_name":"packet","packet_id":608,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":0,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470966852,"pkt":"\/\/\/\/\/\/\/\/AODtAW69AABFAABOa+4AAIARSl\/AqAECwKgB\/wCJAIkAOlt8hV8BEAABAAAAAAAAIEVGRW9FSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQTVNAAAgAAE="}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":608,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":0,"global_ts_msec":1120470971072}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470971822,"flow_last_seen":1120470971822,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470971822,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":1120470971822,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470971822,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa+8AAIARSl7AqAECwKgBJXMAAIkAOls8hV8BEAABAAAAAAAAIUVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470971822,"flow_last_seen":1120470971822,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470971822,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":612,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470971852}
00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":612,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470971822,"pkt":"ADBUADRWAODtAW69CABFAGVIa\/AAAIARS2HAqAECwKgBAQr+ADUANOrBPwUBAAABAAAACAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":612,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470971852}
00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":2,"flow_last_seen":1120470975858,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470975858,"pkt":"ADBUADRWAODtAW69CABFAABIa\/IAAIARS1\/AqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABF9zaWIEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":614,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470966852,"flow_last_seen":1120470975858,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470975858,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sib._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00618{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470781608,"flow_last_seen":1120470781608,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470975858,"l3_proto":"ip4","src_ip":"192.168.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -1198,8 +1198,8 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983860,"flow_last_seen":1120470983860,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":1120470983860,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470983860,"pkt":"ADBUADRWAODtAW69CABFAABEa\/cAAIARS17AqAECwKgBAQr\/ADUAMJu6iQWqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983860,"flow_last_seen":1120470983860,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":170,"num_answers":254,"reply_code":10,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":616,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470983861}
00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":616,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470983860,"pkt":"AODtam69ADBUADRWCABFAABLAABcAEARtz7AqAEBhagBAgA1Cv8AR342iQWAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":616,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470983861}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983999,"flow_last_seen":1120470983999,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470983999,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":1120470983999,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470983999,"pkt":"ADBUADRWAODtAW69CABFAABIa\/kAAIARS1jAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABOxzaXAEX3VkcANzaHAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983999,"flow_last_seen":1120470983999,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470983999,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"?sip._udp.shp.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -1225,12 +1225,12 @@
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985511,"flow_last_seen":1120470985511,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985511,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1120470985511,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1120470985511,"pkt":"ADBUADRWAODtAb+9CABFAADIbAQAAIARFm9RqAEC1PIhJHUwncgAtIfqgAhvtgAACdg3lstxlpDplp2cmZ6fkpaRle3n9PTy\/CVzAJKehIeEmJGRl52QlJaX6OOU6JaRlp2cn4WEhZ2RkJeV6WOQnZ6EhJOFh4WFmYWYk7+dkpCQ6u\/qkZ2fmYSYnZ6Rk5OU7OD6+Pbh4PTl+OTo6unl9eXi7f7c1VT\/+uiX6JSUkJCV7uXm\/Obu7pWWkZeW7OPpk5Ofm5+Yk5WV7untlJeSkpeV7+qWkA=="}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985511,"flow_last_seen":1120470985511,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985511,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":633,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":20992,"global_ts_msec":1120470986363}
00482{"packet_event_id":1,"packet_event_name":"packet","packet_id":633,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":146,"pkt_type":20992,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":146,"pkt_l4_len":0,"thread_ts_msec":1120470985511,"pkt":"ADBUADRWAODtAW69UgBFAACEbAVoAIARFqPAqAEC9PIhJHUxnckAcCyBgMgABjeWy3FCyQfKXvrGAwAAJMMAAAAJAAAGDIHKAAs3lstxAR0xMTg5NDI5Ny00NDMyYTlmOEAxOTIuMTY4LjEuMgYFU0lQUFMAAIHLAAY3lstxEHNlc3Npb24gc2h1dGRvd24AAAE="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":633,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":20992,"global_ts_msec":1120470986363}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":3,"flow_last_seen":1120470987237,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470987237,"pkt":"ADBUADRWAODtAW69CABFAABIbAYAAIARS0vAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaVR5AmRrAAAhAAE="}
00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":634,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470983999,"flow_last_seen":1120470987237,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470987237,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":635,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470989238}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":635,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470987237,"pkt":"ADBUADRWAODtAW69CABFAABIbAdtAIARS07AqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaVN5AmRrAAAhAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":635,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470989238}
00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470819393,"flow_last_seen":1120470819393,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1120470993243,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470819393,"flow_last_seen":1120470819393,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1120470993243,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470798172,"flow_last_seen":1120470806184,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470993243,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1240,19 +1240,19 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001245,"flow_last_seen":1120471001245,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1120471001245,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120471001245,"pkt":"ADBUADRWAODtAW69CABFAABEbDoAAIARSxvAqAECwKgBAQsGADUAMBixDAgAAAABEAAAAAAAATEBMAEwAzHvNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001245,"flow_last_seen":1120471001245,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.1?7.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":638,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120471001246}
00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":638,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120471001245,"pkt":"AODtAW4lcwBUADRWCABFqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":638,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120471001246}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":639,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001263,"flow_last_seen":1120471001263,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1120471001263,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01072{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":1120471001263,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_msec":1120471001263,"pkt":"ADBUADRWAODtAW69CABFAAHsbDsAAIARFQbAqAEC1OohIxPEE8QB2K3LUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wODg4NjAxNi00NGIxNGZlMzE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz04Nzk3MWENClRvOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiAyOTg1ODFHNy00NjViMDc1MkAyOTg1ODA1MS00NjViMDdiMnMKQ29udGFjdDogcGVsIDxzaXA6MzUxMDQ3MjNAMTkyLjE2OC4xLjI6NTA2MDtsaW5lPTdkMzY1NThmMzEzNjcwNTE+O2V4cGlyZXM9MTIwMDtxBDAuNTAwDQpFeHBpcmVzOiAxMjAwDQpDU2VxOiA1IFJFR0lTVEVSDQpD\/G50ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhYmRzOiA3MA0KVXNlci1BZ2VudDoiTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuOC41MS4xNg0KDQo="}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":639,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001263,"flow_last_seen":1120471001263,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1120471001263,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":640,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":488,"global_ts_msec":1120471001405}
00981{"packet_event_id":1,"packet_event_name":"packet","packet_id":640,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":522,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":522,"pkt_l4_len":0,"thread_ts_msec":1120471001263,"pkt":"AODtAW69ADBUADRWCABFAEH8AABAADcRijHU8iEjwKgBAhPEE8QB6DHXU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiAyOTg1ODE0N4M0NjViMDc1MkAyMTg1ODA1MS00NjViMDdiMg0KQ1MxcTogNSBSRUdJU1RFXw0KRnJvbTogWnNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9ODc5NzFhDQpUbzpqPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwNzQtMTcwMWJhYzktMWRhYTBiNGM1DQpWaWE6IFNJJXMALjAvVURQIDE5Mi4xNjguMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTkuNzA7cnBvcnQ9NTA2MDticmFuY2g9ejloRzRiS25wODg4NjAxNi00NGIxNGZlMzE5Mi4xNjguMS4yDQpXV1ctQXV0aGVudGljYXRlOiBEaWdlc3QgcmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLG5vbmNlPSIxNzAxYmFiZDJhZDY3JXMANWU2ZDZiZjE1NDQyYSVzACxvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsc3RhbGU9ZmFsc2UsYWxnb3JpdGhtPU1ENQ0KQ29udGVuLy1MZW5ndGg6IDANCg0K"}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":640,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":488,"global_ts_msec":1120471001405}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":641,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001714,"flow_last_seen":1120471001714,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471001714,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1120471001714,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471001714,"pkt":"ADBUADRWAODtAW69CABFAABIbDwAAIARSxXAqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001714,"flow_last_seen":1120471001714,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471001714,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":2,"flow_last_seen":1120471002706,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471002706,"pkt":"ADBUADRWAODtAW69CABFAABIbD8gAIARSxTAqAECwKgBAQsHADUANKe0gjgBAAABAAAAAAAABF9zaXAEXXVkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":643,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120471004709}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":643,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120471002706,"pkt":"ALlUADRWAODtAW69CABFAABIbD4Au4ARSxNYqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":643,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120471004709}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":3,"flow_last_seen":1120471006712,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471006712,"pkt":"ADBUADRWAODtAW69CABFAABIbEcAAIARSwrAqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAApAAE="}
00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":644,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120471001714,"flow_last_seen":1120471006712,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471006712,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":41,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120471001714,"flow_last_seen":1120471010718,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471010718,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -1264,8 +1264,8 @@
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471018720,"flow_last_seen":1120471018720,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471018720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":2,"flow_last_seen":1120471018721,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120471018721,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CwgAR8InDQuAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAgQAAJxAACwlsb2NhbGhvc3QA"}
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":647,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471018720,"flow_last_seen":1120471018721,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471018721,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":649,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":308,"global_ts_msec":1120471018870}
00741{"packet_event_id":1,"packet_event_name":"packet","packet_id":649,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":342,"pkt_l4_len":0,"thread_ts_msec":1120471018723,"pkt":"AODtAW69ADBUADRWCABFAAFIAABACDcRiuXU8iEjwKgBAhPEE8QBNCHFU0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiAyOTg1ODE0qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":649,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":308,"global_ts_msec":1120471018870}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":652,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471019307,"flow_last_seen":1120471019307,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471019307,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1120471019307,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471019307,"pkt":"ADBUADRWAODtAW69CABFAABIbEwAAIARSwXAqAECwKgBAQsJADUANMyuXQ0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471019307,"flow_last_seen":1120471019307,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471019307,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -1292,13 +1292,13 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471049334,"flow_last_seen":1120471049334,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471049334,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1120471049334,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471049334,"pkt":"ADBUADRWAODtAW69CABFAABIbFcAAIARSvrAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaU15Alb4AAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471049334,"flow_last_seen":1120471049334,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471049334,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercimy.v?","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":667,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":18432,"global_ts_msec":1120471051336}
00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":667,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":18432,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120471049334,"pkt":"ADBUADRWAODtAW69SABFAABIbFgAAIARQvnAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":667,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":18432,"global_ts_msec":1120471051336}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471053339,"flow_last_seen":1120471053339,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1120471053339,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471053339,"pkt":"ADBUADRWAODtAW69CABFAABIbFkAAIARSvjAqAECwKoBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJj8XR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471053339,"flow_last_seen":1120471053339,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberc?ty.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":669,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120471057345}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":669,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120471053339,"pkt":"ADBcADRHAODtAW69CABgAABIbFoAAIARSvfAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liRXdjaXR5AmRrAAAhgAE="}
00196{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":669,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120471057345}
00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470442140,"flow_last_seen":1120470442140,"flow_idle_time":600000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":19,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470442140,"flow_last_seen":1120470442140,"flow_idle_time":600000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":19,"flow_datalink":1,"flow_max_packets":3}
00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865650,"flow_last_seen":1120470865650,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2805,"dst_port":51,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -1325,8 +1325,8 @@
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1120471077370,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471077370,"pkt":"ADBUADRWAODtAW69CABFAABIbGAAAIARSvHAqAECwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471077370,"flow_last_seen":1120471077370,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_last_seen":1120471078365,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471078365,"pkt":"ADBUADRWAODtAW69CABFAABIbGEAAIARSvDAqAECwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":678,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120471080368}
00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":678,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120471078365,"pkt":"ADBUADRWAODtAW69CABFAABjbGIAAIARSu\/AqAECwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3muZXJjaXR5AmRrAAAhAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":678,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120471080368}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471082371,"flow_last_seen":1120471082371,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471082371,"l3_proto":"ip4","src_ip":"192.168.54.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1120471082371,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471082371,"pkt":"ADBUADRWAODtAW69CABFAABIbGMAAIARSu7AqDYCwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcCVzAHAJY2liZXJjaXR5AmRrAAAhAAE="}
00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":679,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471082371,"flow_last_seen":1120471082371,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471082371,"l3_proto":"ip4","src_ip":"192.168.54.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28681,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -1355,8 +1355,8 @@
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":688,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471094410,"flow_last_seen":1120471094412,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471094412,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916873,"flow_last_seen":1120470916873,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2811,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120471106433}
00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120471094413,"pkt":"ADBUADRWAODtAW69CABFAABIbG4A3oARSuPAqAECwKgBAQsQJXMANDd+8jYBAFEBAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120471106433}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471107427,"flow_last_seen":1120471107427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":1120471107427,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471107427,"pkt":"ADBUADRWAODtAW69CABFAABIbJIAAIARSuLAqAECwKgBAQsQADUANDd+8jYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471107427,"flow_last_seen":1120471107427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}

28
test/results/fuzz-2006-09-29-28586.pcap.out
View File

@@ -1,13 +1,13 @@
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00479{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1031854484481}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2304,"global_ts_msec":1031854484481}
00351{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2304,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"CAAgsl17AFCLk5N8CQBFAAAo8EpAAIAGrEqsFAMFrBQDDQooAFDkFf3+yWv\/bVARIal6iQAABIGD1GDD"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2304,"global_ts_msec":1031854484481}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854484481,"flow_last_seen":1031854484481,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854484481,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1031854484481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854484481,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKVAAEAGF\/CsFAMNrBQDBQBQCijJa\/9t5BX9\/1AQgywZBgAA"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1031854484481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854484481,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKZAAEAGF++sFAMNrBQDBQBQCijJa\/9t5BX9\/1ARgywZBQAA"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1031854484482,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854484482,"pkt":"CAAgsl17AFCLk5N8CABFAAAo8UpAAIAGq0qsFAMFrBQDDQooAFDkFf3\/yWv\/blAQIal6iAAABIGD1GDD"}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2246,"global_ts_msec":1031854488666}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2246,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854484482,"pkt":"CAAgsl17AFCLk5J8CMZFAAAs9EpAAIAGqEasFAMFrBQDDQopAFDkS6qJAAAAACUCMACAnQAAuAQFtGBh"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2246,"global_ts_msec":1031854488666}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488666,"flow_last_seen":1031854488666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854488666,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1031854488666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854488666,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxKdAAEAGF+qsFAMNrBQDBQBQCinJpw1U5EuqimASgyxGZAAAAgQFtA=="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1031854488666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854488666,"pkt":"CAAgsl17AFCLk5N8CABFAAAo9UpAAIAGp0qsFAMFrBQDDQopAFDkS6qKyacNVVAQIji\/FQAAAgQFtGDD"}
@@ -17,8 +17,8 @@
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854488668,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKhAAEAGF+2sFAMNrBQDBQBRCinJpw1V5EuwPlAQgyxYbQAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854488668,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854488668,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKlAAEAGJXMAFAMNrBQDBQBQCinJpw1V5Eu18lAQgyxSuQAA"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":15,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":21760,"global_ts_msec":1031854488923}
00611{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":243,"pkt_type":21760,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":243,"pkt_l4_len":0,"thread_ts_msec":1031854488771,"pkt":"AFCLk5N8CAAgsl17VQBFAADlxKtAAEAGFy2sFAMNrBQDBQBQCinLpw1V5EvBTVAYgyzwBgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXL+IFJlc2luLzIuMMsxDQpDb2509m50LVR5cGU6IGFwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA0NQ0KRGF0ZTogVGh1LCAxMiBTZXAgMjAwMiAxODoxNDo0OCBHTVQNCg0KjIGYMS05YmEwAI2QkoCLMTg5MzAwQGdl\/WTHMi5tb2JpbGl0eWxhYi5uZXQA"}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":15,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":21760,"global_ts_msec":1031854488923}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489004,"flow_last_seen":1031854489004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854489004,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1031854489004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1031854489004,"pkt":"AFCLk5N8CAAgsl17CABFAAAwxKxAAEAGF+GsFAMNrBQDBc+MAFDJtOyOAAAAAHACgywbmAAAAQEEiQIEBbQ="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1031854489005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854489005,"pkt":"CAAgsl17AFCLk5N8CABFAAAs+0pAAIAGoUasFAMFrBQDDQBQz4zkTZoOyWDsj2ASIjgTJgAAAgQFtG4v"}
@@ -32,10 +32,10 @@
01039{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1031854489131,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":481,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":481,"pkt_l4_len":447,"thread_ts_msec":1031854489131,"pkt":"CAAgsl17AFCLk5N8CABFAAHT\/0pAAIAGm5+sBgMFrBQDDQBQz4zkTZr1ybTxE1AYHbTqTgAAPD94bWwgdmVyc2lvbj0iMS4wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+CjxwYXA+CiAgPHB1c2gtcmVzcG9uc2UgcnVzaC1pZD0iMTg5MzAxXzEwMzE4NTQ0ODg5OTdfMTAzOEBnZWNkczIubW9iaWxpdHlsYWIubmV0IiBzZW5kZXKtYWRkcmVzcz0iaHR0cDovL2xtY21vbGYud2FwbWF0aWMuZGUiIHNlbmRlcuRuYW1lPSJ3Z3A0IiByZXBseS2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.21.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854495447,"pkt":"CAAgsl17AFCLk5N8CABFAAAsB0tAAIAGlUasFAMFrBUDDQoqAFDkZMdqAADsAGACIABjogAAAgQFtFQI"}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":34,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2177,"global_ts_msec":1031854495447}
00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":34,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":58,"pkt_type":2177,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_msec":1031854495447,"pkt":"AFCLk5N8CAAgsl17CIFFAAAsxLVAAEAGF9ysFAMNTBQDBQBQCirJ0lLg5GTHa2ASgywbsgAAAgQFtA=="}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":34,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2177,"global_ts_msec":1031854495447}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":26,"global_ts_msec":1031854495447}
00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854495447,"pkt":"CAAgskZ7AFCLk5N8CABFAAAoCKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":26,"global_ts_msec":1031854495447}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":708,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":708,"midstream":1,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":762,"pkt_l4_len":728,"thread_ts_msec":1031854495447,"pkt":"CAAgsl17AFCLk5N8CABFAALsCUtAAIAGkIasFAMFrBQDDQoqAFDkZMdrbtIa4VAYIjhGCgAAUE9TVCAuc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N0OiAxNzIuMjAuMy4xMw0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94bWwNCkNvbnRlbnQtTGVuZ3RoOiA2MDYNCg0KPD94bWwgdmVyc2lvbj0iMS4wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQb9GT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9yYXBfMS4wLmR0byI+CjxwYXA+CiAgPHJlc3VhdG5vdGlmaWNhdGlvbi1tZXNzYWdlIHB1c2gtaWQ9IjE4OTMwMV8xMDMxODU0NDg4OTk3XzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm9ldCIgc2VuZGVyLWFkJHJlc3M9Imh0dHA6Ly9sbWNtb2xmLndhcG1hdGljLmRlIiBzZW5kZXItbmFtZT0id2dwNCIgcmVjZWl2ZWQtdGltZT0iMjAwMi0wOS0xMlQxNzo1ODo1NloiIGV2ZW50LXRpbWU9IjIwMDItMDktMTJUMTc6NTk6MDJaIiBtZaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":708,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":708,"midstream":1,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13.servlets\/mms","code":0,"content_type":"","user_agent":""}}
@@ -48,10 +48,10 @@
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854514843,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxLxAAEAGF9WsFAMNrBQDBQBQCivKHToI5Klq0WASgyxYkwAAAgQFtA=="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854514843,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.77","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854514843,"pkt":"CAAgsl17AFCLk5N8CABFAAAoFEtAAIAGiEqsFAMFrBQDTQorAFDkqWrRyh06CVAQIjjRRAAAAgQFtGDD"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":51,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":1480,"global_ts_msec":1031854514844}
02307{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1514,"pkt_l4_len":0,"thread_ts_msec":1031854514843,"pkt":"CAAgsl17AFCLk5N8CABFAAXcFaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":51,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":1480,"global_ts_msec":1031854514844}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":52,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":445,"global_ts_msec":1031854514844}
00925{"packet_event_id":1,"packet_event_name":"packet","packet_id":52,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":479,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":479,"pkt_l4_len":0,"thread_ts_msec":1031854514843,"pkt":"CAAgsl0lcwCLk5N8CABFAAHRFktVAIAGhKGsFAMFrBQDDQorAFDkqXCFyh06CVAYIo+iDAAAMjAxLnhtbCIsIjEtT3dQVndnTWs4aXRxR3gwOGZNWXVmdz09IiwiMi1IZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzSXlLQnBCem01c2xPb2RISEE9PSINCkNvb2tpZTpKVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":52,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":445,"global_ts_msec":1031854514844}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1031854514845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854514845,"pkt":"AFCLk5N8CAAgsl17CABFIAAoxL1AAEAGF9isFAMNrBQDBQBQCivKHToJ5KlwhVAQgyxqnAAA"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854525903,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"72.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854525903,"pkt":"CAAgsl17AFCLk5N8CABFAAAoGktAAIAGgkqsFAMFSBQDDQorAFDkqXIuyh06mFARIanJ5gAApxaHSO7L"}
@@ -64,26 +64,26 @@
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1031854532142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854532142,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMFAAEAGF9CsFAMNrBQDBQBQCizKXurZ5OatpWASgyxkbgAAAgQFtA=="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1031854532142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854532142,"pkt":"CAAgsl17AFCLk5N8CABFAAAoH0tAAIAGfUqsFAMFrBQDDQosAFDk5q2lyl7q2lAQIjjdHwAAAgQFtGDD"}
00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854532142,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1031854532143,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189001","code":0,"content_type":"","user_agent":"SonyEricssonT68\/R201A"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":64,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":59136,"global_ts_msec":1031854532143}
00838{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":413,"pkt_type":59136,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":413,"pkt_l4_len":0,"thread_ts_msec":1031854532143,"pkt":"CAAgsl17AFCLk5N85wA1AAGPIUtAAIAGeeOsFAMFrBQDDQosAFDk5rNZyl7q2lAYIjgNigAAWXVTdz09IiwiMi1gZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzSXlLQnBCem01c2xPb2RISEE9PSINCkNvb2t6ZTogVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT02QzZENjM2RDZGNkM2Ng0KQ29va2llOiBVc2VyLUlkZW50aXR5LUZvcgRhcmQtbXNpc2RuPTO0MzkzMTM3MzIzNjMxMzAzMTMwMzAzNA0KQ29va2llOiBVc2VyLQlkZW50aXR5LUF1dGhlbnRpY2F0aW9uPUJlYXJlcg0KQ29va2llOiBJcC1BZGRyZXNzPTE5Mi4xNjguMi4yNg0KQ29va2llOiBCZWFyZXItVHlwZT1VRFBdCldBUC1Db25uZWN0aW9uOiBTdGFjay1UeXBlPUNPDQpDb29raWU6IHd0bHMtc2VjdXJpdHktbGV2ZWw9bm9uZVQKDQo="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":64,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":59136,"global_ts_msec":1031854532143}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854532143,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854532143,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMJAAEAGF9OsFAMNrBREBQBQCizKXura5OazWVAlcwB2dwAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854535021,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAAsJEtAAIAGeEasFAMFrBQDDQotAFDk8VvfAAAAAGACIADOnQAAAgQFtGDD"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854535021,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMVAAEAGF8ysFAMNrBQDBQBQCi3KbXHL5PFb4GASgywvJwAAAgQFtA=="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAAoJUtAAIAGd0qsFAMFrBQDDQotAFDk8Vvgym1xzFAQIjin2AAAAgQFtGDD"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":72,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":1480,"global_ts_msec":1031854535021}
02307{"packet_event_id":1,"packet_event_name":"packet","packet_id":72,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1514,"pkt_l4_len":0,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFACVzAEtAAIAGcJasFAMFrBQDDQotAFDk8Vvgym1xzFAQIjhHEAAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N0OiAxNzIuMjAuMy4xMw0KT3B0OiAiaHR0cDovL3d3dy53My5vcmcvMTk5OS8wNi8yNC1DQ1BQZXhjaGFuZ2UiOyBucz01Ng0KQ29udGVudC1UeXB0OiBhcHBsaWNhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpBY2NlcHQ6IGFwcGxpY2F0Rm9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpBY2NlcHQtTGFuZ3VhZ2U6IENuDQpVc2VyLUFnZW50OiBTb255inJpY3Nzb25UNjgvUjIwMUENCkFjY2Vw9C1DaGFyc2V0OiAqDQo1Ni1Qcm9maWxlLURpZmYtMTogPD94bWwgdqdyc2lvbj0iMS4wIj8+PHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjInhtbG5zOnByZj0ibHR0cDovL3d3dy53YXBmb3J1bS5vcmcvVUFQUk9GL2Nja3BzY2hlbWEtMTk5OTEwMTQjIj48IS0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IERlZmF1bHQgZGVzY3JpcHRpb24gb2YgcHJvcGVydGllcyAtLT48cmRmOkRlc2NyaXB0aW9uPjxwcmY6Q2NwcEFjY2VwdD48cmRmOkJhJXMAcmRmOmxpPmFwcGxpY2F0aW9uL3ZubC53YXAubW1zLW1lc3NhZ2U8L3JkZjpsaT48L3JkZjpCYWc+PC9wcmY6Q2NwcEFjY2VwdD48L3JkZjpEZXNjcmlwdGlvbj48L3JkZjpSREY+DQo1Ni1Qcm9maWxlLURpZmYt1TogPD94bWwgdmVyc2lvbj0iMS4wIj8+PHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjInhtbG5zOnByZj0iaHR0cDovL3d3dy53YXBmb3J1bS5vUmcvVUFQUk9GL2NjcHBzY2hlbWEtMTk5OTEwMTQjIiVzAC0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IEQlcwB1bHQgZGVzY3JpcHRpb24gb2YgcHJvcGVydGllcyAtJj48cqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":72,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":1480,"global_ts_msec":1031854535021}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1031854535021,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01031{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":477,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":477,"pkt_l4_len":443,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAHPJ0tAAIAGc6MzFAMFrBQDDQotAFDk8WGUym1xzFAYIjj+OwAAMjAxLnhtbCIsIjEtT3dQVndnTWs4aXRxR3gwOGZNWXVTdz09IiwiMi1IZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzCXlLQnBCem01c2xPb2RISEE9PYeXCkNvb2tpZTogVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT02QzZENjM2RDZGNkM2Ng0KQ29va2llOiBVc2VyLUlkZW50aXR5LUZvcndhcmQtbXNpc2RuPTM0MzkzMTM3MzIzNjMxMzAzMTMwMzAzNA0KQ29vayVzACBVc2VyLUlkZW50aXR5LUF1dGhlbnRpY2F0aW9uPUJlYXJncg0KQ29va2llOiBJcC1BZGRybXNzPTE5Mi4xNjguMi4mNg0KQ29va2llOiBCZWFyZXItVHlwZT1VRFANCldBUC1Db25uZWN0aW9uOiBTdGFjay1UeXBlPUNPDQpDb29raWU6IHd0bHMtc2VjdXJpdHktbGV2ZWw9bm9uZQ0KQ29udGVudC1MZW5ndGg6IDE0DQoNCoyDmDE4OTAwMQCNkJGA"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854535022,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854535022,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMZAAEAGF8+sFAMNrBRMBQBQ\/i3KbXHM5PFhlFAQgyxBMAAA"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1031854535090,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1031854535090,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_msec":1031854535090,"pkt":"AFCLk5N8CAAgsl17CABFAAC3xMdAAEAGFz+sFAMNLBQDBQBQCi3KbXHM5PFjO1AYgyyWzgAASFRUUC8xLjEgMjIwIE9LDQpTZXJ2ZXI6IEJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3Zuay53YXAubW1zLW1lc3NhZ2UNCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE4OjFKOjM1IEdNVA0KDQo="}
00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":76,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1031854535294}
00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854535090,"pkt":"CAAgsl17AFCLk5N8CAAQAAAoKUtAAIAGc0qsFAMFrBQDDQotAFDk8WM7ym1yW1AQIamgfQAAYXRpb24v"}
00196{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":76,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1031854535294}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":79,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1031854543322}
00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":79,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1031854543315,"pkt":"AFCLk5N8CAAgsl17CABFAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":79,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1031854543322}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854543322,"flow_last_seen":1031854543322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854543322,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1031854543322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854543322,"pkt":"CAAgsiVzAFCLk5N8CABFAAAoLktAAIAGbkqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546078,"flow_last_seen":1031854546078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854546078,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -95,8 +95,8 @@
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854557802,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMxAAEAGF8WsFAMNrBQDBQBQCi7KxfhE5UFs9mASgyyW7gAAAgQFtA=="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854557802,"pkt":"CAAgsl17AFCLk5N8CABFAAAoNktAAIAGZkqsFAMFrBQDDQouAFDlQWz2ysX4RVAQIjgPoAAAAgQFtAAA"}
00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854557802,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1031854557802,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}}
00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":91,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1031854557899}
00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1031854557803,"pkt":"AFCLk5N8kgAgsl2cCAAlcwAoxM5AAEAGF8esFAMNrBQDBQB+Ci7KxfhF5UF0EVAQgyynkAAA"}
00196{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":91,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1031854557899}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1031854557975,"pkt":"AFCLk5N8CAAgsl17CABFAAXcxM9AAEAGEhKsFAMNrBRIBQBQCi7KxfhF5UF0EVAQg2xUTwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2Zds6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcJVpY2F0aU9uL3ZuZC53YXAubW1zLW1lQnNhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA0MDAzDQpEYXRlOiBEaHUsIDEyI1NlcCAyMDAyIDE4OjEzOjU3IEdNVA0KDQqMhJgxODkzMDEAjZCLMTg5MzAwQGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQAhQQ9gOeoiRmAKzQ5MTcyNjEwMTAwNC9UWVBFPVBMTU4Alys0OTE3MjYxMDEwMDQvVFlQRT1QTE1OAJZSRTogAIqAj4GGgJCAhBuziWFwcGxpY2F0aW9uL3NtaWwAijxBQUHJPgACF5sIFmF1ZGlvL89tcgCFTWVtb18yLmFtcgAjIUFNUgoEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAIAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEYMHXD3zV\/8IgwWAMBAJCE3zKTS6yvWim2AQAaW9MjVBAFq9g49AEG3NPa5xSPjJCwdiuBGBzXCVzANBaejQlAgQt3KzJjOxe+tzME8YEwHMjOLJPC9RhIk1GBGcB9hyMVB+ymov9JgQcc+TIiquQD7ex2a4EwPA8+J0C0fnQHsHIBAJrIB2IKQBtWLyT3gRGCgMIhBG3oPgxOIIEYApux4qh3leJmGFmBAPwbXU1e9R22GaS9AQACnMDejLvmEUFMqwEnXCQ+IVVpDVVYOcgBAMm+YOVuf\/qr8C7EASdBxxFjGX+HDtZYUwEHBnMGjW5n+PI4knwBBsK4SmqTS8eSRtrYAQiJjP5kk8lcwBI1AgEHAoP2II8axveMUxCBBwKU3dDqfCKT69HlgQcGbBpzQqeNOKNF6oEwAEga4ImSmqwxRZQBFAp8rg96cDaFckq\/gRlAdboXdDfSI5Fhs4Eygrc660OMDBW5HaEBBsHdhiinThEsf5noAQbGQJaMx0Ha8dBdkAEbgqMCaJz67tCjYyGBFYKElgduY8Vu4Zy7gQiCozpdU1ad0ULON4ERAcMeDUZFTuMPjUeBCQG2xs90aDTRIjGIgQiCgWIMmeabddj5oQEHBPho51DgcHKVONABDMmMbh6HE7Qii8JIgQxKT03NTDED6MOAHwEACa6M6Mfl1xY4Ih2BG4p2Zgatr88WCLapAQAJndLPeWwjkERZqQEHCkMM4JXinkRKYxyBCMyCApUNjcVUeFBtAQpCgn4gisK1K1VbUYEGQr9sTV75X6826qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":93,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1031854557802,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3279,"flow_avg_l4_payload_len":468,"midstream":0,"thread_ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}}
@@ -122,8 +122,8 @@
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1031854562490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854562490,"pkt":"CAAgsl17AFCLk5N8CABFAAAoREtAAIAGWEqsFAMFrBQDDQBQz5DlW6AhyuQuqFAQHdzk2gAAAgQFtG4v"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562690,"flow_last_seen":1031854562690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854562690,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1031854562690,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854562690,"pkt":"AFCLk5N8CAAgsl17CABFAAAobNpAAEAGF7usFEMNrBQDBc+QAFDK5C6o5VOhNFAQgyx+pAAA"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":117,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_msec":1031854565447}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":117,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3072,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854562790,"pkt":"CAAgsl17AFCLk5N8DABFJXMATUtAAIAGT0asFAMFrBQDDQowAFDlXnSjAABhAGACIAC1aQAAAgQFtCiq"}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":117,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_msec":1031854565447}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565447,"flow_last_seen":1031854565447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854565447,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1031854565447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854565447,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxNxAAEQGF7WsFAMNrBQDBQBQCjDK9pOA5V50pGASgyzztQAAAgQFtA=="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1031854565448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854565448,"pkt":"CAAgsl17AFCLk5N8CABFAAAoTktAAIAGTkqsFAMFrBQDDQowAFDlXnSkyvaTgVAQIgtsZgAAAgQFtCiq"}
@@ -133,8 +133,8 @@
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1031854565449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854565449,"pkt":"AFCLk5MlcwAgsl17CABFAAAoxN1AAEAGF7isFAMNrBSUBQBQCjDK9viB5V53aFEQgywIrgAA"}
00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565547,"flow_last_seen":1031854565547,"flow_idle_time":600000,"flow_min_l4_payload_len":507,"flow_max_l4_payload_len":507,"flow_tot_l4_payload_len":507,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1031854565547,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","l4_proto":115,"flow_datalink":1,"flow_max_packets":3}
01119{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1031854565547,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"thread_ts_msec":1031854565547,"pkt":"AFCLk5N8CAAgsl17CABFAAIPxN5AACVzANCsFAMNrBQDBQBQCjDK9pOB5V53aFAYgywfUQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3htbA0KQ29udGVudC1MZW5ndGg6IDM1OA0KRGF0ZTogVGh1LCAxMiBTZXAgMjA0MiAxODoxNjowNTBHTVQNCg0KPD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8IURPQ1RZUEUgcGFwIFBVQkxJQyAiLS8vV0FQRk9SVU0vL0RUlCBQQVAgMS4wLy9FTiIgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+DQo8cGFwPg0KPFplc3VsdG5vdBBmaWNhdGlvbi1yZXNwb25zZSBwdXNoLWlkPSIxODkPMDFfMTAzMTg1NDU2MjQ4Ml8xMDM4QGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQiIGNvZGU9IjEwMDAiIGRlc2M9Ik9LIj4NCjxhZGRyZXNzIGFkZKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":130,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1031854568982}
00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":130,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1031854568982,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxOJAl0AGF7OsFAMNrBQDBQBQCi7Kxgh65UF0ElARgyyXWQAA"}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":130,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1031854568982}
00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7440000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7440000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1031854489004,"flow_last_seen":1031854494143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":840,"flow_tot_l4_payload_len":1156,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}

134
test/results/fuzz-2020-02-16-11740.pcap.out
View File

@@ -10,8 +10,8 @@
01324{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1528996068129,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528996068129,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIMdAAP8RAAAKDEAexuIZNXIQBxQClwAAAQsCj4S+BLJeRUI2j+crsJkatvQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUiUAGgkAADghDQM2NwZbIqDkATUwMzExNDgwMjcxNTE2NDgwQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZmMtZGItYjMtMDgtZmYtMTQeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjFkMWEwMjI1YiwgNWIyMmEwZDEvZmM6ZGI6YjM6MDg6ZmY6MTQvMjA1BAasFAEQIA5WWldDMlRlc3RsYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TwoCAgAIFwwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARMVBoQAAAlAAoKU3RhbmQ5cmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAGCESD0ludmFsQmQgVmFsdWUaHQAAOCETFzQwLjgwNDg4JQAtNzQuMTAyODNVVxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS3TFDXZx6RcHx5Q8nnMq0Ng=="}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996068129,"flow_last_seen":1528996068129,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528996068129,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1528996068284,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_msec":1528996068284,"pkt":"ABRP+4rqcNuYVcUnCABFAADz7eFAAPwRZdbG4hk1CgxAHgcUchAA39JxAwsA1+U\/DuIEVKatp1a5Vz8iUQkBNTAzMTE0ODAyNzE1MTY0ODBAd2xhbi5tbmM0ODAubaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528996520702}
01281{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528996068284,"pkt":"AAAMqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528996520702}
00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1528996520912,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528996520912,"pkt":"AFFP+4rqcNuYVcUnCABFAADh9PZAAPwRXtPG4hk1CgxAHgcUchAAzf\/ACwwAxUX8kZJ5SD1GIY9b3TLnaCUBNTAzMTEjODAwNzM2MzgwNzJAd2xhbi5tbmM0MDAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEwZmQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjA2T0oBAgBIFwEAAAEFAACzfR5W9eh2OghNxDwVbojaAgEAABPTIXEVtgAALhLyMDDdAueLAQACCwUAJQD\/wh144KSIGN1E2YBCoTFQEji6recwpo2EGDX0tsWSQ1s="}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996521324,"flow_last_seen":1528996521324,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528996521324,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01361{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1528996521324,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528996521324,"pkt":"AAAMB6xAABRP+4rqCABFAALHIMlAAP8RAAAKDEAexuIZNXIQBwQCswAAAQ0CqzlVBXH\/qH48qbcRRfwKWygaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMyNwZbIqKpATUwxjExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3Bwbhp0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTBVLWE3LDQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBTUAAAAIGjEAAAAJASthdWRpWS1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjJmZWEwMjI1Yqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
@@ -21,18 +21,18 @@
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996603395,"flow_last_seen":1528996603395,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996603395,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1528996603395,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528996603395,"pkt":"AAAMB6xAABRP+4rqCABFAALbIMpAAP8RAAAKDEAexuIZNXIQBxUCxwAABA4Cv7R7V6BSrXIqRSnri9UTMJ0aCnIAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzABNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0MDAubWNjMzExLjNncHBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWYRQAQP6AAAAAAAAAAAAAAAAAAAAgDlZaV0MyVGVzdExhYhoMAAA3YwEGAAAAAiwgNWIyMmEwZmQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjA2PQYAAAATGjEAAAAJASthdWRpdC1zZXNzaW9uLWlk3TEwZmYxMGFjMDAwMDAwYjJmZWEwMjI1Yi0GAAAAAUAGAAAADUEGAAAABlEENTY3BlsiovsaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXSBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhcnVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QoBgAAAAIqBgFYQ8k0BgAAAAArBpKpaYo1BgAAAAAvBgAD8PkwBgAY5WwxBgAAAAYuBgAAAewpBgAAAAAfE2YwLTc5LTYwLWQxLTdkLTM3HiUwMC1hNy00Mi1kMC1lMC0wMDpWZXJpem9uV2lGaUFjY2RzcxoMAAAFgwcGwFBKmQ=="}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996603395,"flow_last_seen":1528996603395,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996603395,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":10,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528996603490}
00482{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":147,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":147,"pkt_l4_len":0,"thread_ts_msec":1528996603395,"pkt":"ABRP+4qfcNuYqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":10,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528996603490}
01561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1528996609526,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":876,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":876,"pkt_l4_len":842,"thread_ts_msec":1528996609526,"pkt":"AAAMB6xAABRP+4rqCABFAANeIMtAAP8RAAAKDEAexuIZNXIQBxUDSgAABA8DQohFBlHb2YvdG6PaZMpxlt8aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwATUwMzExFDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmd+CDFjYXNjbwUGAAAACAQGrBQBEAgGrBQBFWEUAED+gAAAAAAAAAAAAAAAAAAAGYhTQlIyQ0zl2aywoICAgICAEYBzAYAUgZ6M7PeDwdzlup3t95Os3O+5mefgAoA7gZiM5pOJ0PCwmaemg8HY6LaZjoiHu7HC7pebreaZ0PCwl5ustpnM4rGXjOz3g8Hc5bqd7feTrNzvuZngEoAOgeXZrLCi7MWgzYCAgICgFZAGgIzA6rWCjCAOVlpXQzJUZXN0TGFiGgwAADdjAQYAAAACLCI1YjIyYTBmZS8wMDo1NjpjZDo2ZDo0Mjo1OS8yMDc9BgAAABMaMQAAAAkBK2F1ZGl0LXNlc3Npb24taWQ9MTBmZjEwYWMwMDAwMDBiM2ZlYTAyMjViLQYAAAABQAYAAAANQQYAAAAGUQQ1Njeqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1528996609592,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1528996609592,"pkt":"ABRP+4rqcNuYVcUnCABFAACFyc1AAPwRiljG4hk1CgxAHgcVchAAcZmUBQ8AaTuYG1n4ee1Aq0+zAcDNdlwBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3Jrqm9yZywgNWIyMmEwZmUvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjA3"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":13,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":34816,"global_ts_msec":1528996636106}
01283{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":34816,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528996609592,"pkt":"AAAMB6xAABRP+4rqiABFAALbIMxAAP8RAAAKDEAexuIZNXIQBxQCxwAAARACv7qQ3oRQOi6G4UsAlSEouDAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwdbIqIcATUwMzExNDgwMDczNjM4MDcyQXdsYW4ubW5jNDgwLm1jYzMxMS4zZ3FwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtM7ceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDA4YjYxY2EzMjI1YiwgNWIyMmEzMWM\/ZjA6Nzk6NjA6ZDE6N2Q6MzcvMjExBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAMzIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFSUAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNHY4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjYRoMAAAFgwcGwFBKmVASAmScZx+R57CcOV54IGggHQ=="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":13,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":34816,"global_ts_msec":1528996636106}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":15,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528996636664}
01254{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528996636345,"pkt":"ACAMB6wAABRP+4rqCABFAALHIM1AEP8RAAAKDEA+xuIZNXIQBxQCswAAARECq74dUyV3bJoqzJ\/QFk2VsKcaCiUAV8gOBFVTGgwAAFfIDQZsaWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqMcATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubX5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpRC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjYxY2EzMjI1YiwgNWIyMmEzMWNRZjA6Nzk6NjA6ZDE6N2Q6MzcvMjExBAasFAEQIA5WWldDMlRlc3RMaWIaDAAAN2MBBgAAAAIGBgAAAAIMBgBLBRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAAB6T051twDphk5XQeM2DLlzAwIAIGU7n6gaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN2YW5kYetkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0oC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEuAAmGnGPS3bgZlyWIVRxyA="}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":15,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528996636664}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":16,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528996636868}
00711{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528996636345,"pkt":"gBRP+4rqcNuYVcUnCABFAAEw9zBNAPwRXErG4hk1CgxAHgcUchABHM4XAhEBFIZVJWGtUrjkjYJ31AMheaoaCwAAV8gbBVNQQxpuAAABNxA0kHJPpbx8ay85DeRD\/YfvMwI+ldBikhmaYO0o9\/xxLxLcmQJWjN7B7B+dfQVGF8gDCMcRNLOAK5rezWH47eySAtmcrdIo8yMjeGx8MCZsAtT7L4lJowMPwZmfH007sNXtvljXq+BWATUwMzExNGUwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d2+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":16,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528996636868}
00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":17,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528996641474}
01181{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":671,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":671,"pkt_l4_len":0,"thread_ts_msec":1528996636345,"pkt":"AAAMB6xAABRP+4rqCABaAAKRIM5AAP8RAAAKDEAexuIZNXIQBxUCfQAABBICdf5uAQnl4Bm8CC3G2Muz0doaCgAAV8gOBFVVGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzQBNTAzMTElADAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNnHnBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIsIDViMjJhMzFjL2YwOjc5OjYwOmQxOjdkOjM3LzIxMT0GdgAAExoxAAAACQErYXVkaXQtc2Vzc2kvbi1pZD0xMGZmMTBhYzAwMDAwMGI2MWNhMzIyNWItBgAAAAFABgAAAH5BBgAAAAZRBDU2NwJbIqMhGhQAAFfIBw5WWldDMlRlc3RMYWIa1CoAV8gIBEVUGhAAAFfICwpTdGFuZGFyZBoQAABXyAsKVGVzdCBMYWIaCQAAV8gPAzEaCgAAV8gQBE5KGhEAAFfIEQtMeW5kaHVyc3QaDAAAV8gSBgAAAMkaFwAAV8gdEVZaVyBDMiBUZXN0IExhYhoLAABXyCUFVnpXGg0AADghDgcwNzA3MRoMAAA4IREGAAAAABoVAAA4IRIPSW52YWxpdCBWYWx9ZRodAAA4IRMXNDAuODA0RDgyTi03NC4xMDI4MzlXGgwAADghFAYAAAECGgwAADghFQYAAAACGhUAADghFg9TdGFkaXVtRGlyZWN0KAYAAAABHxNmMC03OS02MC1kMS03ZC0zNx4lMIAtYTctNDItZDAtZTAtMDA6VmVyaXpvbldpRmlBY2Nlc3MaDAAABYMHBsBQSpk="}
00196{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":17,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528996641474}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996641548,"flow_last_seen":1528996641548,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1528996641548,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":30764,"dst_port":12344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1528996641548,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":50,"pkt_len":147,"pkt_l4_len":97,"thread_ts_msec":1528996641548,"pkt":"ABRP+4rqcNuYVcUnCABJAACFyrZAAPsRim\/G4hk1CgxAHgcVchAAcXfuBRIAaavjNmx4LDA40fVoWG4z4qoBNTAzMTE0ODAwNjM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBsZXR3b3JrLm9yZywgNWIyMmEzMWMvZjA6Nzk6NjA6ZDE6N2RZMzcvMjEx"}
00486{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":19,"packets-processed":12,"total-skipped-flows":0,"total-l4-data-len":4794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-events-serialized":38,"global_ts_msec":1528996680540}
@@ -44,14 +44,14 @@
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996689402,"flow_last_seen":1528996689402,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528996689402,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29270,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1528996689402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528996689402,"pkt":"ABRP+4rqcNuYVcUnCABFAAClbuVAAPwRXCDG4hk1CgxAHgcUclYAkWdmCxcAiQrIitkB1LgR0s5zEPVzzzIBNTAzMTE0dzAyNzg1MDEwMDlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEzNDgvNjQ6YjA6YTY6MGU6YTQ6ZWMvMjEyTw4BAAAMFwwAAHYBf\/xQEjLibctMfYgZSgHqxKHsV1U="}
00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996689402,"flow_last_seen":1528996689402,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528996689402,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29270,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":30,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528996689587}
00561{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528996689524,"pkt":"ABRP+4rqcNuYVcUnCABFAADA9+klAPwRXAHG4hk1CgxAHgcUchAArPtqAxgApNkk5fehx32PqouJEXUDfwgBNTAzMTE0ODAyNzg1MDEwMDlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEzNDkvNjQ6YjA6YU06uGU6YTQ6ZWMvMjEyeCIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92aXNpb25lZE8lAAEABwBQEslNLvLV5rc9WbdNXraRxZQ="}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":30,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528996689587}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996733156,"flow_last_seen":1528996733156,"flow_idle_time":180000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1528996733156,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":309,"dst_port":12339,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1528996733156,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":179,"pkt_l4_len":117,"thread_ts_msec":1528996733156,"pkt":"ABRP+4rqcNuYVcUnCABMBACl+GRAAPwRW6HG4hk1CgxAHgcUchAAkfvBCxkAidYnQnH6\/q3z6sD9\/UzPvYgBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEzN2MvYjA6OWY6YmE6NGE6MGU6N2UvMjEzTw4BAAAxFwwAAAwBf\/xQEj4NW9JYKjnp+Qug4VR6j6U="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":35,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2050,"global_ts_msec":1528996736535}
01281{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2050,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528996733357,"pkt":"AAAMB6xAABRP+4rqCAJFAALbINdAAP8RAAAKDEAexuIZNXIQBxQCxwAAARsCv2gdiE+D2K4zEaVWxj6b5vAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqOAATUwMzExNDgwMDcxMzk0MzA0QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TYjAtOWYtYmEtNGEtMGUtN2UeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml4b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpVi1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjg3ZGEzMjI1Yiw0NWIyMmEzN2MvYjA6OWY6YmE6NGE6MGU6N2UvMjEzBAasFAEQIA5WWldDMlRlc3QBYWIaDAAAN2MBBgAAAAIGJQAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQBCATAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGm0AAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGXGdCBMYWIaCwAAV8glBVZ6Vxp3AAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5eBoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASdNdxL4DyCHN8UpXdyQsAbg=="}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":35,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2050,"global_ts_msec":1528996736535}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":38,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528996736804}
00562{"packet_event_id":1,"packet_event_name":"packet","packet_id":38,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528996736731,"pkt":"ABRP+4rqcNuYVcUnCABFAADA+HNBAPwRW3fG4hk1CgxAHgcUchAArIw9AxwApBZ8i1l5y5I6R7UN7fbGLQ0BNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLhNncHBuZXR3b3JrLm9yZywgNWIyMmEzN2PpYjA6OWY6YmE6NGE6MGU6N2UvMjEzEiIzMjc2NCBTdWJzY3JpYmVyJWlvdCBwcm92aXNpb25lZE8HBAEABwBQEhu6bMXdvKMo\/pphwZK5oRM="}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":38,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528996736804}
00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996521324,"flow_last_seen":1528996521324,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528996740339,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996521324,"flow_last_seen":1528996521324,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528996740339,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00701{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1528996068129,"flow_last_seen":1528996740339,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":9322,"flow_avg_l4_payload_len":423,"midstream":0,"thread_ts_msec":1528996740339,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -63,8 +63,8 @@
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996990648,"flow_last_seen":1528996990648,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528996990648,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1528996990648,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1528996990648,"pkt":"ABRP+4rqcNuYVcUnCABFAACFzqFAAPwRhYTG4hk1CgxAHgcVclAAcSboBSEAaT3FxpV5xYvpMtB7xhdyjsUBNTAzMTE0ODAwNzM2MzgwNzJAd2xhOS5tbmNwODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgJWIyMmEzMWMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjEx"}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996990648,"flow_last_seen":1528996990648,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528996990648,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":50,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":9472,"global_ts_msec":1528996997052}
00709{"packet_event_id":1,"packet_event_name":"packet","packet_id":50,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":9472,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528996996859,"pkt":"ABRP+4rqcNuYVcUnJQBFAAE4+6JAAPwRV9jG4hk1Cgyqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":50,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":9472,"global_ts_msec":1528996997052}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996684582,"flow_last_seen":1528996684582,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996733156,"flow_last_seen":1528996733156,"flow_idle_time":180000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":309,"dst_port":12339,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996733156,"flow_last_seen":1528996733156,"flow_idle_time":180000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":309,"dst_port":12339,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -72,17 +72,17 @@
00620{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996680808,"flow_last_seen":1528996680808,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"198.226.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00605{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996680808,"flow_last_seen":1528996680808,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"198.226.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00702{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1528996068129,"flow_last_seen":1528996996859,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":10905,"flow_avg_l4_payload_len":436,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":52,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2050,"global_ts_msec":1528997003303}
00608{"packet_event_id":1,"packet_event_name":"packet","packet_id":52,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2050,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528997003122,"pkt":"ABRP+4rqcNuYVcUnCAJFAADh+7RAAPwRWBXG4hk1CgxAHgcUchAAzbxOCyQAxZ9vEHep5UhYAk0ZSBfGW2ABNTAzMTE0ODAwcjM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0ODQvZjA6Nzk6NjA6ZDE6N2Q6MjcvMjE1WEoBAgBIFwEAAAEFAAD\/dHhHt8FXBaLd\/Dz8eGsAAgUAALtgmvoL3QAA9ON0yrW1Z\/uLAQACCwUAACkdfnJp8UtH8QraekvpDSFQErTrf98odpcx7aFbGWQ5MZk="}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":52,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2050,"global_ts_msec":1528997003303}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":58,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528997012338}
00711{"packet_event_id":1,"packet_event_name":"packet","packet_id":58,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997012137,"pkt":"ABRP+4rqcNuYVcUnCABFAIEw++ZAAPwRV5TG4hk1CgxAHgcUchABHA0JAicBFBsdKAWbpXDSR2MuOEvDRI4aCwAAV8gbBVNQQxpuAAABNxA0owm4HCG6PU2XNAkv\/vzDOB0KCSSyhii6vunR59O76CIKGOYjAfl7PUhdXq\/+IyUA1AERNOgzhBq9cBFTORk8iq5zOGawlRK5SmrzC9CE14BmLSTx9+rzUr5gcK7nljeTYDH3Q7JtAU4wMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNCUALm12YzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNDg0L2YwOjc5OjYwOmQxOjdkOjM3LzIxNVkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJln13lrCrLxGDT3fIxBMmg"}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":58,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528997012338}
00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1528996603395,"flow_last_seen":1528996832079,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":834,"flow_tot_l4_payload_len":2114,"flow_avg_l4_payload_len":422,"midstream":0,"thread_ts_msec":1528997012137,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":63,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997023243}
01281{"packet_event_id":1,"packet_event_name":"packet","packet_id":63,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997020091,"pkt":"AAAMB6xAABRP+4rqCAAHAALbIOZAAP8RAAAKDEAexuIZNXIQBxQC1gAAASoCn1lLG5tNeGgoWBAiZw18BtkaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICVZXSVNQUjEwGgkAADghDQMyNwZbIqSfATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00196{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":63,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997023243}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997023501,"flow_last_seen":1528997023501,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997023501,"l3_proto":"ip4","src_ip":"198.162.25.53","dst_ip":"10.12.64.30","src_port":1810,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1528997023501,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1528997023501,"pkt":"ABRP+4rqcNuYVcUnCABFAADA\/A1AAPwRV93Gohk1CgxAHgcSchAArGNDAysApImnbffn85ODhNvEVYWJb4QBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5HbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0OWYvZTA6NWY6NLU6ODA6MDk6NWYvMjE2EiIzMuQ2NCBTdWJzY3JpYmVyIG5vdCBw8m92aXNpb25lZE8HBAEABwBQEhVAqRdhR287TKPkS7q+CkU="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":71,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":19456,"global_ts_msec":1528997037997}
01283{"packet_event_id":1,"packet_event_name":"packet","packet_id":71,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":19456,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997030088,"pkt":"AAAMB6xAABRP+4rqTABFAALbIOpAAP8RAAC2DEAexuIZNXIQBxQCxwAAAS4Cv3+VaWYldnjLTxY8VfGmtUsaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqStATUwMzExNDh\/MjgxNTAxNTg5QHdsYW4ubW5jNDgwLm0jYzMxMS4zZ3Bwbm10d29yay5vcmdZAxB+CDVjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmE5ZmE0MjI1YiwgNWIyMmE0OWYvZTA6NWY6NDU6OTA6MDk6NWYvMjE2BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODBtODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXPTTGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAKLIDwMxGgoAAFfIEAROShoRAABXyBELTHluamh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWWqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":71,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":19456,"global_ts_msec":1528997037997}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997046661,"flow_last_seen":1528997046661,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997046661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"74.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1528997046661,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528997046661,"pkt":"ABRP+4rqcNuYVcUnCABFAACl\/GdAAPwRV57G4hk1SgxAHgcUchAAkRD9CzAAiXzLxBwubl1wwfS6AWnHLCcBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0OWYvZTA6NWY6NCU6OTA6MDk6NWYvMjE2Tw4BAAAMFwwAAAwBf\/xQEsknsuWEL1cn0K6nAa77dv0="}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997046661,"flow_last_seen":1528997046661,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997046661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"74.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -94,32 +94,32 @@
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997050187,"flow_last_seen":1528997050187,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997050187,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1528997050255,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528997050255,"pkt":"ABRP+0\/qcNuYVcUnCABFAACl\/HNAAPwRV4nG4hk+CgxAHgcUchAIkVSXCzIAiQCjJQAe3VyUfsXAQgu9DVIBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0OWYvZTA6NWY6NDU6OTA6MDk6NWYvMjE2Tw4BAAAMFwwAAAwBf\/xQEnsk2TyvRrElAGPaQu1TGoc="}
01327{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1528997050383,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528997050383,"pkt":"AAAMD6xAABRP+4rqCABFAAKrtOpAAP8RAAAKDEAexuIZPnIQBxQClwAAATMCj3XAts8pgtMIwokQgS0z6XQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AJQBbCQlXSVNQUjEwGgkAADghDQM1NwZbIqS6ATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjR4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJAStPdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmE5ZmE0MjI1YiwgNWIyMmE0OWYvZTA6NWY6NDU6OTA6MDk6NWYvMjFiBAasFAEQSg5WWldDMlBlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAElBBgAAAAZRBDU2TwoCAAAIFwwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIGRFWWlcgQzIgVGVzdCBMYWIaCyAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDKYAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMzAyODM5VxoMAAA4IRQGAAABAhpYAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASp1PPp6fzyd7h983G\/yoSHA=="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":82,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528997050448}
00563{"packet_event_id":1,"packet_event_name":"packet","packet_id":82,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528997050383,"pkt":"ABRP+4rqcNuYVcUnCABFAADA\/Hc3APwRV2rG4hk+CgxAHgcUchAArOXvAzMApAK5\/vK2WJ8qPE8W1U8CkZoBNTAzMTE0ODAyODE1MDE1ODlAd2xhbg5tbmM0ODAu2WNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0OWYvZSUANWY6NDU6OTA6MDk6tWYXMjE2EiIzMjc2NGFTdWJzY3JpYmVyIG5vdCBwcm92aXdpb25lZE8HwQEABwBQEvaqqqqqqqqqqqqqqqqqqqo="}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":82,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528997050448}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":83,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528997104586}
01281{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997050383,"pkt":"AAAMB6xAABRP+4rqCABFAALbIO5WAP8RAAAKDEAexuYZNXIQBxQCJQAAATQCv+aa7vRvKm2pJNxjASYcFmMaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqTwATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwXVZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdGZzZTNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmJmMGE0MjI1YiwgNTQyMmE0ZjAvZjA6Nzk6NjA6ZDFCN2Q6MzcvMjE4BAasFAEQIA5WWtdDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAHdBBgAAAAZRBDU2TzoCAQA4ATAzMRI0ODAwNzM2MzgQNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3ThbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgxrALTIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VyXmAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPUnRhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASLJHJyWe9KDtsOLUZd3kW6Q=="}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":83,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528997104586}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":84,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":205,"global_ts_msec":1528997104799}
00608{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528997050383,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/QZEAPwRVsPG4hk1CgxAHgcUchAAzQgPCzQAxXtSKpzAf8BNRiUAokr5DysBNTAzMTE0ODAwN542MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncEhuZXR3b3JrLm9yZyyJNWIyMmE0ZjAvZjA6Nzk6NjA6ZDE6N2Q6MzclADE4T0oBAgBIFwEAAAEFAACKcjsVwlSKKOJtGmnEM40WAgUAJQAILZ6MsQAAKZLBCeu2GRuLAQACCwUAAJ\/BcysACZ\/4FKr5Z9ZbwGpQEmbTcy3rfjC83itm2j6DCO4="}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":84,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":205,"global_ts_msec":1528997104799}
00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997105304,"flow_last_seen":1528997105304,"flow_idle_time":600000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":0,"thread_ts_msec":1528997105304,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":88,"flow_datalink":1,"flow_max_packets":3}
00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1528997105304,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"thread_ts_msec":1528997105304,"pkt":"ABRP+4rqcNuYVcUnCABFAAEw\/QtAAPxYVm\/G4hk1CgxAHgcUchABHIJZAjUBFIVrGSOS1oLndVnFKVWnbGoaCwAAV8gbBVNQQxpuAAABNxA068q45YUN\/fhrVdP8LBtW4SmALFtdsWb5hs7\/8\/9n5+eq0Df0PkMMbrFhe6mwiqYImFERNLWmv3lBPH8LOa+rokyY3FJkdnDDQhSYNRCrOtMioCo5aXrsAAJ6j7Kc6YNqYGU8UqSvASgwMzExNDgwMDczUjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNGYwL2YwOjc5OjYwOmQxOjdkOlk3LzIxOFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJMzhShZ173Q9M6eXZ8hQzE"}
00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997109583,"flow_last_seen":1528997109583,"flow_idle_time":600000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"thread_ts_msec":1528997109583,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":254,"flow_datalink":1,"flow_max_packets":3}
01365{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1528997109583,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528997109583,"pkt":"AAAMB6xAABRP+4rqCABFAALHIPFAAP\/+AAAKDEAexuIZNXIQBxQCswAAATcCq5VZOX5pbnkbLCYZ0nqbgzoaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqT1ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZnBwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2JmMGE0MjI1YiwgNWIyMmE0ZjAvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFcwD\/DNAuaveCVbGDkVIwd1IcAwIAIASFDyEaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXiBIGAAAAyRoXAABXUR0RVlpXIEMyIFRlc3QgTGFiGgsAAFdrJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAByOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlJQAaDAAABYMHBsBQSplQElS\/ahHMEatmlfMLiyrCF7k="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":92,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":205,"global_ts_msec":1528997113631}
00608{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528997113424,"pkt":"ABRP+4rqcNuYVcUnCABFAAvh\/SZAAPwRVqNv4hk1CgxAHgcUchAAzU+kCzgAxaY+TEQIBvIbEM8gxwm8HiEBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNSUAMmE0ZjBKZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE4T0oBAgBIFwEAAAEFAADPr1+7vG3\/htCZ9485+1faAgUAAJ17h25JOQAAmA0tC\/t4G7mLAQACCwUAAM8TNgqzvAoBwPCLdirLFOVQEinOKpiYJ1ox0+WTuvuhy58="}
00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":92,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":205,"global_ts_msec":1528997113631}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":95,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2100,"global_ts_msec":1528997133564}
01283{"packet_event_id":1,"packet_event_name":"packet","packet_id":95,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2100,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997114153,"pkt":"AAAMB6xAABRP+4rqCDRFAALbIPRAAP8RAAAKDEAexnIZNXIQBxQCxwAAAToCv+vfrufmnhCXLUg\/JVwSV1oaCkAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqUNATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTA+OlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zEXNzaW9uLWlkPTEwZiUAMGFjMDAwMDAwYmJmMGE0MjI1YiwgNWIyMmE0ZjAvZjA6N7s6NjA6ZDE6N2Q6MzcvMjE4BAasNAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgEAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzNTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjM14xLjNncHBuZXR3b3JrLm9yZxoUIABXyAcOVlpXQzJUZXMtTGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoBABBXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBNYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQEAOCESD0ludmFsaWQgVmFsdWUaHQAAOMQTFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcuVjdBoMAAAFgwcGwFBKmVASGDIZZLp6RfMCK\/1DfUENrQ=="}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":95,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2100,"global_ts_msec":1528997133564}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997134036,"flow_last_seen":1528997134036,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997134036,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.120.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1528997134036,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997134036,"pkt":"ABxP+4rqcNuYVcUnCABFAADh\/WZAAPsRV2PG4hk1Cgx4HgcUchAAzWYuCzpCxXGn0Uh9HQ+OyLOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1528997212627,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997212627,"pkt":"AAAMB6xAABRP+4p2CABFAALbIPZAAP8RAAAKDEAezuIZNXIQBxQCxwAAATwCvzm9iAIIk1e98ZWWJBeuNcEaCgAAV8gOBCUAGgwAAFfIDQZ3aWZpJQAAAFfICQlXSVNQUjEwGgkAADghDQMxNwZbIqVcATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQUNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmM0OWE1MjI1YiwgNWIyMmE1NDlOZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE5BgasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAQwIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCHAA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGglqAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":105,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_msec":1528997217637}
01254{"packet_event_id":1,"packet_event_name":"packet","packet_id":105,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":3072,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997217103,"pkt":"AAAMB6xAABRP+4rqDABFAALHIPlAAP8RAAAKDEAexuIZNXIQBxQCswAAAT8Cqw8xhdF672TCSWbkw5Hj930aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMxNwZbIqVhATUwMzFJNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3Bwbld0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LeoyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmZxMGFjMDAwMDAwYmM0OWE1MjI1YiwgNWIyMmE1NDkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE5BAasFAEQIA5WWldDMlRlc3RMYWIaWAAAN2MBBgAAAAIGBgAAAAIMBgAABUM9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAnIkFwEAAAsFAADyEldFerwQeByQ1kXOElNqAwIAILdGopoaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyGQERVQaEAAAV8gKClN0YW5kYXJkGhBmAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoacAAAV8gRC0x5dGRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMlAFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOTQaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEkID4rD4BVEKK4FucluzaU0="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":105,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_msec":1528997217637}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997221594,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1528997221594,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997221594,"pkt":"ABRP+4olANuYVcUnCABFAADh\/iUAAPwRVXHGnRk1CgxAHgcUchAAzbneC0AAxXHEG2jtNCK6Pim9jxODZEQBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWYyMmE1NDkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE5T0oBAgBIFwEAAAEFAAC130tW1AOjyO4EWETLCns4AgUAADpBoI2KsgAA1NEalEdfz2mLAQACCwUAAKYxpY6FFiCOWOh\/rUxMKdLfEvgA+nuQ51DKsqmwU74i6PE="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997221594,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":109,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528997221878}
01254{"packet_event_id":1,"packet_event_name":"packet","packet_id":109,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997221594,"pkt":"AAAMB6xAABRP+4rqCABFAALHIPtuAP8RAAAKDEAexuIZNXIQB1QCswAAAUECqxyBDV4hA0zB94U9KheYsYAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8Az1fICQlXSVNQUqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":109,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528997221878}
00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997023501,"flow_last_seen":1528997023501,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997222052,"l3_proto":"ip4","src_ip":"198.162.25.53","dst_ip":"10.12.64.30","src_port":1810,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997023501,"flow_last_seen":1528997023501,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997222052,"l3_proto":"ip4","src_ip":"198.162.25.53","dst_ip":"10.12.64.30","src_port":1810,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997046798,"flow_last_seen":1528997046798,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528997222052,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.77.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -136,8 +136,8 @@
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997261783,"flow_last_seen":1528997261783,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997261783,"l3_proto":"ip4","src_ip":"198.226.82.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1528997261783,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997261783,"pkt":"dxRP+4rqcNuYVcUnCABFAADh\/sxAAPwRVP3G4lI1CgxAHgcUchAAzQ3qC0YAxVP5rh2w5Lj8PI2upF4y\/0IBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXT3b3JrLm9yZywgNWIyMmE1ODkvZjA6N+g6NjA6ZDE6N2Q6MzcvMjIwT0oBAgBIFwEAAAEFAADvkK66gUfrDsISd3KA2Dq0AgUAAEGPAVxuDAAAtFagJxCAdoSLAQACCwUAAF3vTu1rfeBtyKrBBShZZHpQEiKq\/RQqlqya5NkwR6FJjV0="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997261783,"flow_last_seen":1528997261783,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997261783,"l3_proto":"ip4","src_ip":"198.226.82.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":121,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528997262078}
01258{"packet_event_id":1,"packet_event_name":"packet","packet_id":121,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997261783,"pkt":"AAAMB6xAABRP+4rqCABFAALHIP0lAP8RAAAKDEAexuIZNXIQBxQCswAAAUcCq0DUTgiBVRdCBPZhxwMy\/T4aCiUAV3EOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM2NwZbIqWOATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yaS5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjODAwMDAwYmQ4OWE1MjI1YiwgNWIyMmE1ODkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjIwBAasFAFKIA5WWldDMlQxc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkVAEAAAsFAADE2f3MRJYt4jvAki9JKC\/7AwIAIHMK7AgaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAB2V8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAZ8gRC0x5bmRodXJzdBoMABBXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVkGh0AADghExc0MC44MG84ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEV\/QAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEsOMLEiMSdbl\/UWsrT5hVfA="}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":121,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528997262078}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997262272,"flow_last_seen":1528997262272,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1528997262272,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1895,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1528997262272,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"thread_ts_msec":1528997262272,"pkt":"ABRP+4rqcNuYVcUlCABFAAEw\/tJAAPwRVKjG4hk1CgxAHgdnchABHO9uAkcBFNPCS391ou+9cV+4e8winsYaCwAAV8gbBVNQQxpuAAABNxA00HHPRTyBsiZ\/6IZyvYM7SEcCX4QDUPpLB\/Nfl+7+pUh0wsa+NLqA2uxWkFDu5HiEeuARNLVaDzSIzbsbfVqWHWeSG0JbhaHnOPPCnMTZqtKCAvxt6AWKG1d8LjPCNKE\/ymsqNvHxATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNTg5L2YwOjc5OjYwOmQxOjdkOjM3LzIyMFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJTw+nZtWuGBh7\/qdpxMTkR"}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997265856,"flow_last_seen":1528997265856,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997265856,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":30224,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -151,26 +151,26 @@
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997294408,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1528997294408,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997294408,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/xpAAPsRVa\/G4hk1ChxAHgcUchAAzU8kC0oAxWEDMLFDKTYIfgbKyEyHMfIBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE1YWUvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjIxT0oBAjRIFwEAAAEFAACfFoRHbsDvI\/+46yBaysIsAgUAAJcLQv7ORgAASiNmmimRHNuLAQACCwUAAKEH8wkM8t7F6HlgkovXWwdQEo++iUihP9VHkRTh6mD7kgU="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997294408,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":129,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997294665}
01255{"packet_event_id":1,"packet_event_name":"packet","packet_id":129,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997294408,"pkt":"AAAMB6xAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":129,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997294665}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":130,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2296,"global_ts_msec":1528997294874}
00716{"packet_event_id":1,"packet_event_name":"packet","packet_id":130,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2296,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997294408,"pkt":"ABRP+4rqcNuYVcUnCPhFAAEw\/yNAAPwRVFfG4hk1CgxAHgcUchABHADcAksBFFLEf\/kOKgAErzLPbpm7axIaCwAAV8gbBVNQQxpuAAABNxA040janeSai176IwGdu20qfHT6JdVX190nBVzQ8vbUeCsV1xduBdcl\/a+H+pp\/9\/XZ2p4RNITv9nAcFfSIQXySxypwJddtE1ldHXfDo7SxndAJGg66ub4EawJGyutGrkBcdNZ\/YktYATUwMzExNDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":130,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2296,"global_ts_msec":1528997294874}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":131,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997299762}
01283{"packet_event_id":1,"packet_event_name":"packet","packet_id":131,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997294408,"pkt":"AKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":131,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997299762}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528997307038}
01282{"packet_event_id":1,"packet_event_name":"packet","packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997300431,"pkt":"AAAMB6xAABRP+4rqCABFAALbIQRLAP8RAAAKDEAexpYZNXIQBxQCxwAAAU4Cv5wdq9spC4sVMXMqpc65j64aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqW6ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BCblJ0d29yay5vcmdZAxB+CDFjaXNjL4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYyAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAPYmZiM2E1SjI1YiwgNWIyMmE1YjMvZjA6Nyk6NjA6ZDE6N2Q6MzcvMjJqBAasFAESIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528997307038}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997311323,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1528997311323,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997311323,"pkt":"AAAMB6xAABRP+4rqCABFAALbIQZAAP8RAAAKDEAexuAZNXIQBxQCxwAAAVACv44mJt0CcxbAbqYZaENsgGMaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfIdQlXSVNQUmMwGgkAADghDQMxNwZbIqW\/ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLk1jYzMxMS4zZ3BwbmV0d29ydi5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmZiM2E1MjI1YiwgNXIyMmE1YjMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjIyBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwNbGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQIAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGxFBKmVASgNwWy5gYQ7uGHIUIDaTD8g=="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997311323,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997134036,"flow_last_seen":1528997134036,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997311984,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.120.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997134036,"flow_last_seen":1528997134036,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997311984,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.120.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":145,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997395223}
01255{"packet_event_id":1,"packet_event_name":"packet","packet_id":145,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997394907,"pkt":"AAAMqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":145,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997395223}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997399308,"flow_last_seen":1528997399308,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997399308,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1528997399308,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997399308,"pkt":"ABRPJQDqcNuYVcUnCABFAADhALRAAPwRUxbG4hk1CgwlAAcUchAAzVpOC1QAxRxqj+ts\/zbuXZza\/XyA7U4BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b1ZrLm9yZywgNWIyMiUAMTIvZjA6Nxk6NjA6ZDE6N2S6MzcvMjI0T0oBAgBIFwEAAAEFAAClYf4DzpLiqdyPyTgI99pYAgUAAG+BQKA0HAAAC9tSu9kUjAmLAQACCwUAANTPOn7BAwke3m06BT0FpdxQErKfyMWPNDJCfwFi2pzKF6M="}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997399308,"flow_last_seen":1528997399308,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997399308,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":150,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997399801}
00714{"packet_event_id":1,"packet_event_name":"packet","packet_id":150,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997399604,"pkt":"ABRP+4pTcNuYVcUnCAAbAAEwAL1AAPwRUr7G4hk1CgxAHgcUchABHDwbAlUBFM63G2\/ABME95vC\/YtPM3\/caCwAAV8gbBVNQQxpuAAABNxA0xuSFjY5XIJgFQGu0Uv0OYONLFS6YzD8pAXH0KZXHpfwyK4L\/92l5H6gqAq8nL0kepb8RNLxJYMKQCK0eGlYCRiBKtSavfrre3EDS6oPiPCuIZCCfvU44Ccl11WwK9jFxTgAolMtFATUwMzFPNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1DYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNjEyL2YwOjc5OjYwOmQxOjdkOjM3LzIyNFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBL2pfBK3Ll7exMTohpXZCAH"}
00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":150,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997399801}
00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997403593,"flow_last_seen":1528997403593,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997403593,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1528997403593,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997403593,"pkt":"AAAMB6xAABRP+4rqCABFAALbIQxAAP8RAAAKDEBuxuIZNXIQBxQCxwAAAVYCv+kKLAd5QTZEtH35XGAZbVIaCgAAV8gOBMFTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqYbATUwMzExNDgwMDczNmM4MDcyQHdkYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQgLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzExMmE2MjI1YiwgNWIyMmE2MTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI0BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAEBRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ZTAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997403593,"flow_last_seen":1528997403593,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997403593,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -180,10 +180,10 @@
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997404349,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997404349,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00703{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1528996068129,"flow_last_seen":1528997404349,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":37428,"flow_avg_l4_payload_len":450,"midstream":0,"thread_ts_msec":1528997404349,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997476267}
01283{"packet_event_id":1,"packet_event_name":"packet","packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997404349,"pkt":"AAAMB6xAABRPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997476267}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":156,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997476466}
00607{"packet_event_id":1,"packet_event_name":"packet","packet_id":156,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528997404349,"pkt":"ABRP+4rqcNuqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":156,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997476466}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997476761,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1528997476761,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528997476761,"pkt":"AAAMB6xAABRP+4rqCABFAALHIQ9AAP8RAAAKDEAexuIlAHIQBxQCswAAAVkCqxzt3wAE2R1LMmmDUD0Gdm8aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwJQAAADghDQM3N0xbIqZkATUwMzExNDgwMjUwODY0NjI4QHdsYW4uVm6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997476761,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -198,8 +198,8 @@
00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997632285,"flow_last_seen":1528997632285,"flow_idle_time":600000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":112,"flow_datalink":1,"flow_max_packets":3}
01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1528997632285,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528997632285,"pkt":"AAAMu6xAABRP+4rqCABFAALHIRFAAP9wAAAKDEAexuIZNXIQBxQCswAAAVsCq00mnArJWXX+N3JhhZON0ToaCgBDV8gOBFVTGgwAAFfIDQZ3aWZpGg8ACFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqcAATUwMzExNDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxNS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TMDAtNTYtY2QtNmQtNDItNSkeJTZjLaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997632285,"flow_last_seen":1528997632285,"flow_idle_time":600000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":112,"ndpi": {"confidence": {"4":"DPI"},"proto":"VRRP","breed":"Acceptable","category":"Network"}}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":162,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":17664,"global_ts_msec":1528997632478}
00715{"packet_event_id":1,"packet_event_name":"packet","packet_id":162,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":17664,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997632285,"pkt":"ABRP+4rqcNuYVcUnRQBFAAEwA2FAAPwRUBrG4hk1CgxAHgcUchABHGYCAlsBFPJGkwRL+pjdA5197qGahcwaCwAAV8gbBVNQQxpuAAABNxA06\/sNxTnxG6ukTqwhWbbA2iqJ9xUQWB4T5BwZI+vaxI+7bs\/vfw\/eMzQ3J3YR5Fh5RZWRNDm4c5zmNtk9aBmMKxf9+K7wySD8NYXouGgH0g5FMhfbrMBBWqKOxwRMjh\/pBwtArUnjATUwMzExNDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNmZmLzAwOjU2OmNkOjZkOjQyOjU5LzIyNyUAMjAxMjU0NDIzNRIJU3Vj42VzcxkFU1BDTwYDAgAEUBLN9Y5G45qq3LYn60raic1U"}
00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":162,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":17664,"global_ts_msec":1528997632478}
00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997403593,"flow_last_seen":1528997403593,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997399308,"flow_last_seen":1528997399308,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -211,8 +211,8 @@
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997655006,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1528997655006,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997655006,"pkt":"ABRP+4rqcNuYVcUnCABFAADhA5NAAPwRJQAlABk+CgxAHgcUchAAzVdGC1wAxX62GNWdpucNZiYPcJ1Tw+4BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyamE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4T0oBAgBIFwEAAAEF+QC\/pRrW1P2OBIB77PLtyYRYAgUAAKO0Q86taQAA4Eb2Dn1+Ei2LAQACCwUAANEKc5kzaUyUHJ2asC+h4v1QEoNkNdC6vGAIe51fKjW9k5g="}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997655006,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":165,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528997655347}
01256{"packet_event_id":1,"packet_event_name":"packet","packet_id":165,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997655006,"pkt":"AAAMB6xAABRP+4rqCABFAALHnfCWAP8RAAAKDEAexuIZPnIQBxQCswAAAV0Cq2pJZM0ruVNMnb6INz7DlDAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFd2CQlXSVNQUjEwGgkQADghDQM1NwZbIqcXATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceUTAwLWE3KjQyLWQwLWUwQDAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzUxNmE3MjI1YiwgNWIyMmE3MTYvZjA6Nzk6MjA6ZDE6N2Q6MzcvMjI4JAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAADLaWk9Y3GhxCUALFVq30f3AwIAIPJ2\/3EaFAAAV8gHDlZaV0MyVGVzdEzhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x4bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQXOelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZBbHVlGh0AADghExc0MC44MDQ4ODJOLTc2LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW26aXJlY3QaDAAABYMHBsB8SplQEpV0+y2O0IA5getcDb\/AJ1c="}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":165,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528997655347}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655528,"flow_last_seen":1528997655528,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1528997655528,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1528997655528,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"thread_ts_msec":1528997655528,"pkt":"ABRP+4rqcNuYZMUnCABFAAEwA5xAAPwRT9bG4hk+CgwlAAcUchB0HNn2Al0BFJBXpcO19tza8j\/VlLjh3P0aCwAAV8gbBVNQQxpuAAABNxA0jONf4TbIHPUvuy933g6GTJqzqlfKJTFZvtaM0NBQo2jkN\/g2tPEp73PKTNfSnSD8j7kRNPVhPusRHPLIHahhhZlLWh2egFea0oaNGerpaQMfhEQ5jMYg8ICzMJVYCSspbKc8\/fk7ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIjViMjJhNzE2L2YwOjc5OjYwOmQxOjclADM3LzIyOFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBIwdD70xCUAoHuVXO\/FXR+q"}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655528,"flow_last_seen":1528997655528,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1528997655528,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -227,10 +227,10 @@
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997663992,"flow_last_seen":1528997663992,"flow_idle_time":600000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1528997663992,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"flow_datalink":1,"flow_max_packets":3}
00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1528997663992,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997663992,"pkt":"ABRP+4rqcNuYVcUnCABFAADhA8JAAPuqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":174,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997664564,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":174,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528997664794}
00711{"packet_event_id":1,"packet_event_name":"packet","packet_id":174,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997664564,"pkt":"ABRP+4rqcNuYVcUnCABFAAEwJQBAOfwRT6vG4hk1CgxAHgcUchABHPYEAmEBFD8mC375vqLp+KF9uwm3k4gaCwAAV8gbBVNQQxpuAAABNxA07wUYi7+P\/KZsVS9NJaMwCtVJk9jEkC3Vl7jOtDBnuTtoap5IYaKcg6eQ4RJKJBTY9DYRNNB+ybyX+uSA4d1O4JYyTwpoEtUi2e6DQEAJ+nzQSzAvvoa2HSAJtTQFSW0rq69l6fpVATUwMzExNDgwMDcTwDM4MDcyQHdsYW4ubW5jNDjSLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNzE2L2YwOjc5OjYwOmQxOjdkOjM3LzIyOFkMOTA4JQAhMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJTXIMaNTnLNgc2lqiL9H7Q"}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":174,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528997664794}
00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":175,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997683254}
01282{"packet_event_id":1,"packet_event_name":"packet","packet_id":175,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997664564,"pkt":"AAAMB6xAABRP+4rqCABRAALbIRRAAP8RAAAKDEAexuIZNXIQBxQCxwAAAWICv9GcOA+HA3ZCcU+zBYarldEaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXMlNQUjEwGgkAADghDQM4NwZbIqczATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUyLTAwOlZlchR6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJAzdhdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzUxNmE3MjI1YiwgNWIyMlE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNMcHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3Rhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":175,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997683254}
00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683490,"flow_last_seen":1528997683490,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997683490,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.172.158","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1528997683490,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997683490,"pkt":"ABRP+4rqcNuYVcUnCABFAADhA\/1AAPsRUM3G4hk1CgysngcUchAAzV+4C2IAxbjeL+gJ\/Z8y3pAVBW+ilI8BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrTG9yZywgNWIyMmE3MTYvZjA6Nzk6NjA6UjE6NyUAMzcvMjI4T0oBAgBIFwEAAAEFAACeTPrzq4G+qMdV63zS5jgKAgUAANMitQR5aAAATi\/4eqBv42KLAQBzCwUAAI3Vpdgp79asxAN0pnzOl99QEuFioroE6q1umxIDXtaj55s="}
00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683490,"flow_last_seen":1528997683490,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997683490,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.172.158","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -238,8 +238,8 @@
01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1528997683835,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528997683835,"pkt":"AAAMB6xAABRP+4vqCABFAALHIRVAAP8RAAAKDEAexncZNXIQBxQCswAAAWMCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997687969,"flow_last_seen":1528997687969,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997687969,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1965,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1528997687969,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997687969,"pkt":"ABRP+4rqcNuYVcUnCABFAADhBApAAPwRT8DG4hk1CgxAHgetchAAzW6NC2QAxZQNQW9gM5ZAoOSO4YFP3T0BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4T0oBAgBIFwEAAAEFAABnRC75Yur1ZFj3fN3BeW98AgUAAFegbuvq5gAA\/FNfCuUdMLiLAQACCwUAAJwUGRbAWowbz35Ho4OQS4FQEj0VhwwOXHKZf7fI3xH\/2bM="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":185,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2304,"global_ts_msec":1528997692784}
01254{"packet_event_id":1,"packet_event_name":"packet","packet_id":185,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2304,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997692462,"pkt":"ACUAB2ugABRP+4rqCQBFAALHIRlAAP8RAAAKDEAexuIZNXIQBxQCswAAAWcCq6p8EPt1JA7lQ+Db9yRaDGkaCgAAV8gOBFVTGnAAAFfIDQZ3aWZpGg8AAFfICSlXSVNQUjEwGgkAADghDQM5NwZbIqc8ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLUkwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAIJASthdWRpdC1zZXNzaW9uLWlkJQAwZmYxMGFjMDIwMDAwYzUxNmE3MjI1YiwgNWIyMmE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4BAasFAEQII5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGIQAAAAIMBgAABRQ9Bk0AABNABgAAAA1BBgAAAAZRBDU2TyYCAnEkFwEAAAsFAAB5qZtl7jXBbH7Ivr+LWOj2AwIAIKwexEUaFAAAVsgHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJgwBXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXwB0RVlpXIEMyIFRlc3QgTGFiGgslAFclAAVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWj1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSolQEnRJIAwgdOVHaEimFKQwq+M="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":185,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2304,"global_ts_msec":1528997692784}
00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997764910,"flow_last_seen":1528997764910,"flow_idle_time":600000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":663,"midstream":0,"thread_ts_msec":1528997764910,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":0,"flow_datalink":1,"flow_max_packets":3}
01328{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1528997764910,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528997764910,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIRtAACUAAAAKDEAexuIZNXIQBxQClwAAAWkCj2WOGagJIQ3h2c\/0kWBqo7IaCgAAV8gOBFVTGgwAalfIyQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM2NwZbIqeEATUwMzExNDgwMDcxMzk0MzA0QHdsYW4ubW5jNDgwLm1jY6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997774688,"flow_last_seen":1528997774688,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997774688,"l3_proto":"ip4","src_ip":"198.234.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -260,16 +260,16 @@
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997777144,"flow_last_seen":1528997777144,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997777144,"l3_proto":"ip4","src_ip":"10.84.37.0","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01364{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1528997777144,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528997777144,"pkt":"AAAMB6xAABRP+4rqCABFAALHISdAAP8RAAAKVCUAxuIZNXIQBxQCswAAAXUCq0+RGyL6qp4kGgBnV02AqO8aCgAAV8gOBFVzGgwAAFfIDQZ3aWZpGg9zAFfICQlXSVNQUjEwGgkAADghDQM3NwZbItKBATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJWwwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmZBMGFjMDAwMDAwYzg4a2E3MjI1YiwgNWIyMmE3OGMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjMxBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyZ1AgAkFwEAAAsFAAB4gbzVxbw2lh1ax6mZCkrRAwIAIEu4WjAaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABNyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFBlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghTwYAAOsAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEiPn8\/WrP4cXVwKHtEGPFQc="}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997777144,"flow_last_seen":1528997777144,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997777144,"l3_proto":"ip4","src_ip":"10.84.37.0","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":214,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528997777328}
00714{"packet_event_id":1,"packet_event_name":"packet","packet_id":214,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997777144,"pkt":"ABRP+4rqcNuYVcUnCABFAAEwBTlWAPwRTkLG4hk1CgxAHgcUchABHFtlAnUBFPy\/77suJLORzOzxdqID6lIaCwAAV8gbBVNQQxpuAAABNxA0sgGX0jUZ0GkvrTEvR6JJSI5kjTryeLE5ZDtRZpqfIB5gVwEzf0GZAiOA3v7qRShWEqoRNMrrQ0Ld9EZkDOPTXqYYz\/U0I\/SC+HAlACKylcNORMjkiI8OEYrbS\/uvrFsRUJm7gb3AATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0dyUAay5vcmcsIDViMjJhNzhjL2aqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":214,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528997777328}
00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":218,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997778442}
00562{"packet_event_id":1,"packet_event_name":"packet","packet_id":218,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528997778376,"pkt":"ABRP+4rqcNuYVcUnCABVAADABUNAAPwRTqjG4hk1CgxAHgcUchAArF9UA3cApCAevq4tL8m2+S5T0IZH68wBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE3ODYvZTA6NWY6NDU6OTA6MDk6NWYvMjMwEiIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92aXNpb25lZE8HBAEABwBQEqtx8kLAbqN4aRfnk10cKJs="}
00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":218,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997778442}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":219,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528997780932}
01282{"packet_event_id":1,"packet_event_name":"packet","packet_id":219,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997778376,"pkt":"hQAMB6xAchRP+4rqCABFAALbISpAbP8RAAAKDEAewuIZOHIQBxQCxwAAAXgCv4kwEW0JCeMao3TRk2O0OJUaCgAAV2QOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqeUATUwMzExNDgwMDczNjM4MDclAHdsYW4ubW5jNE8wLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZEwtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjAAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzg4Y2E3MjI1YiwgNWIyMmE3OGMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjMxBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgABAAIMBgAABRQ9BgAAACUABgAAAA1BBgAAAAZRBDU2TzoCAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":219,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528997780932}
00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":221,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997781425}
01254{"packet_event_id":1,"packet_event_name":"packet","packet_id":221,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997781139,"pkt":"AAAMB6xAABRPU4rqCAAXAALHIStAAP8RAAAKDEAexuIZNXIQBxQCswAAAXkCq1Vl1UpA6lxXEhEbxa4HRw8aCgAAV8gOBFVTmgwAAFfIDQZ3oGZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqeVATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZjEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzAgYAAAAIGjEAAAAJASthdWRpdC1zZXMlAG9uLWlkPTFlZmYxMGFjMDAwMDAwYzg4Y2E3MjI1YiwgNWIyMmE3OGMlADA6Nzk6NjA6ZDE6N2Q6MzcvMjMxBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAABKHBPmGtNtIJzGpfhqB3eGdAIAIFrsFJ8aFAAAV8gHDlZaV0MyVGVzdExhYlUKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaJQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADgh8hc0sS44MDQ4ODJOLTc0LjEwMjgzqlcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAI4NQAAOCEWJFN0YWRpdW1EaXJlY3QaDAAABYMHBtxQSplQEsG70Fu7iBnc6ge0pZ5Q5mQ="}
00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":221,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997781425}
00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":223,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997826378}
01282{"packet_event_id":1,"packet_event_name":"packet","packet_id":223,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997781611,"pkt":"AAAMB6xAABRP+4rqCADLAALbISxAAP8RAAAKDEAexuIZNXIQBxQCxwAAAXoCv21LVaoOFlJlDTVaO4Jse+QaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMyNwZbIqfCCTUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jrzgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLXkwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWl2PTEwZmYxMGFjMDAwMDAwYzljMmE3MjI1YiwgNWIyMmE3YzIvZTA6NWY6NDU6OTA6MDk6NWYvMjMyBAasFAEQIA5WWldDMvxlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAA8yESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDhvMk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IR0GAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASlj6j0uJ92nAXwxDVWGMfUg=="}
00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":223,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997826378}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997829855,"flow_last_seen":1528997829855,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997829855,"l3_proto":"ip4","src_ip":"10.12.64.37","dst_ip":"0.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1528997829855,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997829855,"pkt":"AAAMB6xAABRd+4rqCABFAALbIS5AAP8RAAAKDEAlAOIZNXIQBxQCxwAAAXwCv4IsSQM3nR8wY02\/WtSNjVsaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAF\/ICQlXSVNQUjEwOgkAADghDQMyNwZbIqfFATVRMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vc2dZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzZG9uLWlkPTEwZmYxMGFjMDAwMDAwYzljMmE3MjI1YiwgNWIyMmE3YzIvZTA6NWY6NDU6OTA6MDk6NWYvMjMyBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgC7AAZRBDU2TzoCAQA4ATAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLkVyZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFahoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgYzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWUgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMeQA4IRQGAAABAhoMAAA4IRUzAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASDRiCmnK8XecKtcjM1khyyg=="}
00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997829855,"flow_last_seen":1528997829855,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997829855,"l3_proto":"ip4","src_ip":"10.12.64.37","dst_ip":"0.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -283,15 +283,15 @@
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997659473,"flow_last_seen":1528997659473,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997833703,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29295,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997833703,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00704{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":128,"flow_first_seen":1528996068129,"flow_last_seen":1528997833636,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":55818,"flow_avg_l4_payload_len":436,"midstream":0,"thread_ts_msec":1528997833703,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528997839248}
01282{"packet_event_id":1,"packet_event_name":"packet","packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997833703,"pkt":"AAAMB6xAABRP+4rqCABFAALbITKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528997839248}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997839322,"flow_last_seen":1528997839322,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1528997839322,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528997839322,"pkt":"ABRP+4rqcNuYVcUnCABFAAClBj5AAPwRTcjG4hk1CgxAHgcVchAAkSN5C4AAiYCfkZP9IDJyM93m2y+NtRUBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0MDAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE3Y2YvYjA6OWY6YmE6NGE6MGU6N2UvMjMzTw4BAAAMFwwAAAwBf\/xQEl7YRWPdxCp7KxkigG7kdUs="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997839322,"flow_last_seen":1528997839322,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":237,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997839449}
01219{"packet_event_id":1,"packet_event_name":"packet","packet_id":237,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_msec":1528997839322,"pkt":"AAAMB6xAVRRP+4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":237,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997839449}
00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":238,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997839511}
00562{"packet_event_id":1,"packet_event_name":"packet","packet_id":238,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528997839322,"pkt":"ABRP+4rqcNuYVcUnCABlAADABkJAAPwRTaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":238,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997839511}
00702{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1528997654780,"flow_last_seen":1528997660003,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":2365,"flow_avg_l4_payload_len":591,"midstream":0,"thread_ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997867612,"flow_last_seen":1528997867612,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997867612,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29204,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1528997867612,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528997867612,"pkt":"ABRP+4rqcNuYVcUnCABFAAClBqNAAPsRTmPG4hk1CgxAHgcUchQAkRggC4IAiUKdIcJOOZHCxHzP96o9900BNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZy4gNWIyMvo3Y2YvYjA6OWY64mE6NGE6MGU6N2UvMmgzTw4BAAAMFwwAAAwBf\/xQEmqru8HGcXlY8CXWo9RL+sk="}
@@ -306,12 +306,12 @@
00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997260021,"flow_last_seen":1528997260021,"flow_idle_time":600000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997260021,"flow_last_seen":1528997260021,"flow_idle_time":600000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"flow_datalink":1,"flow_max_packets":3}
00497{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":243,"packets-processed":199,"total-skipped-flows":0,"total-l4-data-len":85029,"total-not-detected-flows":11,"total-guessed-flows":2,"total-detected-flows":38,"total-detection-updates":0,"total-updates":10,"current-active-flows":14,"total-active-flows":54,"total-idle-flows":40,"total-events-serialized":308,"global_ts_msec":1528997988607}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":244,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2560,"global_ts_msec":1528997988838}
00608{"packet_event_id":1,"packet_event_name":"packet","packet_id":244,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2560,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528997988607,"pkt":"ABRP+4rqcNuYVcUnCgBFAADhCANAAPwRS8fG4hk1CgxAHgcUchAAzcqaC4QAxQGJ6Lj45v3l8O9jNbsTb\/MBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0T0oBAhBIFwEAAAEFAAD7NrjaxmMHv4vIE1TL2G1wAgUAANQK+SugcQAAjldODJoz\/yqLAQACCwUAAPFizAqNmvaDbjPlWgGZGZpQEuJJeKWQmKkvyDnGACXbYRU="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":244,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2560,"global_ts_msec":1528997988838}
00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":245,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":0,"global_ts_msec":1528997989240}
01252{"packet_event_id":1,"packet_event_name":"packet","packet_id":245,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":0,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997988607,"pkt":"AAAMB6xAABRP+4olAABFAALHITdAAP8RAAAKDEAexuIZNXIQBxQCswAAAYUCq1+INwexFZhfJQDfuQscp+waCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqhlATUwMzExNDgwMDczNjM4MDcyQHdsYW4QbW5jNDg2Lm1jYzMxMS5EZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAAGjEAAAAJASthdWRpdC1zZXNzae9uLWlkPTEwZmYxMGFjMDAwMDAwY2I2NGE4MjI1YiwgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABZU9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAAAqyk7MPy+\/53EGG8G21R64AwIAIEnDCioaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyEgERVSpEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0Q0xhYhoJAADXyA8DMRoKAABXsBAETkpHEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaNQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbCUAIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQElQJdBGjY0wxqxPERz7qHjo="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":245,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":0,"global_ts_msec":1528997989240}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":246,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528997989461}
00710{"packet_event_id":1,"packet_event_name":"packet","packet_id":246,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997988607,"pkt":"ABRP+4rqcNuYVcUnCABFqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":246,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528997989461}
01319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1528997997929,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":691,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":691,"pkt_l4_len":657,"thread_ts_msec":1528997997929,"pkt":"AAAMB6xAABRP+4rqCABFAAKlIThAAP8RAAAKDEAexuIZNXIQBxUCkQAABIYCiWTbrkYoE6dP3NRell25+W4aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzkBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWYRQAQP6AAAAAAAAAAAAAAAAAAAAgDlZaV0MyVGVzdExhYhoMAAA3YwEGAAAAAiwgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0PQYAAAATGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2I2NGE4MjI1Yi0GAAAAAUAGAAAADEEGAAAABlEENTY3BlsiqG0aFAAAV8gHDlZaV0MyVEMkdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExdHMC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUaAAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QoBgAVAAEfE2YwLTc5LTYwLWQxLTdkLTM3HiUlAC1hNy00Jaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1528997998006,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1528997998006,"pkt":"ABRP+4rqcNuYVcUnCABFAACF2NZAAPwRe0\/G4hk1CgxAHgcVchAAcWngBYYAafOBk\/MbbTEmOF2SETjhcxsBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0"}
00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":249,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997775762,"flow_last_seen":1528997775762,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997998006,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.112.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -348,8 +348,8 @@
01392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1528998257171,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528998257171,"pkt":"AAAMB6xAABRP+4rqCABFAALbtPNAAP8RAAAKDEAexuIZPnIQBxQCxwAAAZQCv\/QjF2fWlNBdxlblaWkTeyMaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM1NwZbIqlxATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2Y1YWE5MjI1YiwgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MDk6NWYvMjM4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2bzoCAQA4ATAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAlAEZjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGmwAAFfIEAROShoRAABXyE0LTHluZGh1cnN0GgwAAFfIEgYAAAjJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNjEaDAAAOCERBgAAAEIaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCFMFzQwLjgwNDg4Mk4tN3kuxzAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS4SWykyhQ3NEVyrk907GZpA=="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998257171,"flow_last_seen":1528998257171,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998257171,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1528998257238,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998257238,"pkt":"ABRP+4rqcNuYVcUnCABFAAClC51AAPwRSGDG4hk+CgxAHgcUchAAkfysC5QAiW3tOcJvsUMExQ3khIQf5JsBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MAI6NWYvMjM4Tw4BAAAMFwwAAAwBf\/xQEttbuyUYSqflHrLDivPrVrc="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":276,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":663,"global_ts_msec":1528998257392}
01219{"packet_event_id":1,"packet_event_name":"packet","packet_id":276,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_msec":1528998257238,"pkt":"AAAMB6xAABRP+4rqCABFAAKrtPRAZP8RAAAKLEAexuIZPnIQBxQClwAAAZUCj2QnnzQfo5ejlXtjb\/umlWwaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM1NwZbIqlxATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNib4OUAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTEwOlZlcml6b25XaTZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":276,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":663,"global_ts_msec":1528998257392}
00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1528998257456,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1528998257456,"pkt":"ABRP+4rqcNuYVcUnCABFAADAC6FAAPwRSEHG4hk+CgxAHgcUchAArH\/HA5UApDEA20uf1YbOtjZ3cBjhL8UBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjczExLjNncHBuZXR3b3JrLm9yZywwNWIyMmE5NWEvZTA6NWY6NDU6OTA6MDk6NWYvMjM4EiIzMjc2NCBTdWJzY3JpYmVyIG53dCBwcm92aXNpb25lZE8HBAEABwBQEiTxEJAlgr8Mmnu4S7XiSkM="}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260755,"flow_last_seen":1528998260755,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998260755,"l3_proto":"ip4","src_ip":"10.6.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1528998260755,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528998260755,"pkt":"AAAMB6xAABRO+4rqCABFAALbIUZAAP8RAAAKBkAexuIZNXIQBxQCxwAAAZYCv2ld+75N6br3Aseqn5DA044aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM2N2hbIql0ATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNVctNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2Y1YWE5MjI1YiwgNWIyMmE5NWEvZTA6NWY6NDU6ZTA6MDk6NWYvMjM4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1qBgAAAAZRBDU2TzoCAQA4AzAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjYjExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaQQAAV8gLClS8c3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAgFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQQAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS7YR7iU74FmJPxnRlVfzqUQ=="}
@@ -357,70 +357,70 @@
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260831,"flow_last_seen":1528998260831,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998260831,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1528998260831,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998260831,"pkt":"ABRP+4rqcNuYVcUnCABFAAClC7JAAPwRSFTG4hk1ClJAHgcUchAAkW2jC5YAiay3x5utrN9ef0\/5StJEFS4BNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NWUvZTA6NWY6NDU6OTA6MDk6NWYvMjM4Tw4BAAAMVwwAAAwBf\/xQEkJeR7D8c3a4+60+qxnUicM="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260831,"flow_last_seen":1528998260831,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998260831,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":280,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528998260959}
01219{"packet_event_id":1,"packet_event_name":"packet","packet_id":280,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_msec":1528998260831,"pkt":"AAAMB6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":280,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528998260959}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":281,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2056,"global_ts_msec":1528998261024}
00563{"packet_event_id":1,"packet_event_name":"packet","packet_id":281,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2056,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528998260831,"pkt":"ABRX+4rqcNuYVcUnCAhFAADAC7dAAPwRSDTG4hk1CgxAHgcUchAArEQCA5cApOyxS9lHKp\/iE8OGfXn5m7UBNTAzMTE0ODAwODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MDk6NWYvMjM4EiIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92aXNpb25lZE8HBAEABwBQEvCuKaRJ36jDL+AkcQNYHtM="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":281,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2056,"global_ts_msec":1528998261024}
00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":282,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997663992,"flow_last_seen":1528997663992,"flow_idle_time":600000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1528998260831,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":282,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997663992,"flow_last_seen":1528997663992,"flow_idle_time":600000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1528998260831,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"flow_datalink":1,"flow_max_packets":3}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":283,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_msec":1528998279670}
00528{"packet_event_id":1,"packet_event_name":"packet","packet_id":283,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_msec":1528998279600,"pkt":"gBRP+yUAcNuYVcUnCABFADClC+NAAPsRSSPG4hk1CgxAHgcUchAAkf3TC5gAiaqvlSxwmtnYRSbHVUGZo3ABNTAzMTE0ODA0MzI2MDg1ODabd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5ODcvNWM6MWQ6ZDk6NTM6MGM6OWIvMjM5Tw4BAAAMFwwAAAwBf\/xQEnv5mqy\/X1rSPl3U34VdPzc="}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":283,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_msec":1528998279670}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528998279797,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01329{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1528998279797,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528998279797,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIUlAAP8RAAAKDEAexuJQNXIQBxQClwAAAZkCj3rtQEtjvnzCegZr\/ks\/YsIaCgAAJQAOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIq2HATUwMzExNDgwNDMyNjA4NTg2QHNsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TNWMtMWQtZDktNTMtMGMtOWIeJTAwLWE3LTQyLWQwLWUwLTAwOlaNcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDA4N2E5MjI1YiwgNWIyMmE5ODcvFWM6MWQ6ZDk6NTM6MGM6OWIvMjM5BASsFAEQIA5WWldDMlRlc3RMYWIaDPYAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TwoCAAAIFwwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyCoKU3RhbmRhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528998279797,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998285403,"flow_last_seen":1528998285403,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998285403,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"14.12.64.30","src_port":3860,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1528998285403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998285403,"pkt":"ABRP+4rqcNuYVcUnCABFAAClDBBAAPwRR\/bG4hk1DgxAHg8UchAAkVlTC5wAid6Vm2Prh8ff1igjujrPQY0BNTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWPjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmELODcvNWM6MWQ6ZDk6NTM6MGM6OWIvMjM5Tw4BAAAMFwwAAAwBf\/xQEvWoCrn3KdnMpOYKRlABwJ8="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":293,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528998285592}
00562{"packet_event_id":1,"packet_event_name":"packet","packet_id":293,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528998285529,"pkt":"ABRP+4rqcNuYVcUnCABFAADADBdAEPwRR9TG4hlFCgxAHgcUchAArDMCA50ApI8fGqCVnysbmexp5ciWlfwBJTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5ODcvNWM6MWQ6ZDk6NTM6MGM6OWIvMjM5EiIzMjc2NCBTqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":293,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528998285592}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998307737,"flow_last_seen":1528998307737,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998307737,"l3_proto":"ip4","src_ip":"198.7.9.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1528998307737,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528998307737,"pkt":"ABRP+4rqcNuYVcUnCABFAADhDH5AAPsRSEzGBwk1CgxAHgcUchAAzRApC54AxbiGAVeQd4nw9IQcbiUA5zoBNTAzMTM0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3T0oBAnZIFwEAAAEFAAD4l2tdy6yk\/88l9cpE8l40DAUAACRoRug2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998307737,"flow_last_seen":1528998307737,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998307737,"l3_proto":"ip4","src_ip":"198.7.9.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998308061,"flow_last_seen":1528998308061,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998308061,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29232,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1528998308061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528998308061,"pkt":"AAAMB3BAABRP+4rqCABFAALHIU9AAP8RAAAKDEAexuIZNXIwBxRDswAAAZ8Cq9PofZmSNOhQyNOgaRsyJ1QaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNYUjEwGgkAADghDQMwNxZbIqmjATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yaS5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b243aUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkczEwZmYxMGFjMDAwMDAwY2U1MmE5MjI1YiwgNWIyMmE5NTIvZjA6Nzk6JQA6ZDE6N2Q6MzcvMjM3BAasFAEQIA5WWldDhFRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAADqGOBIENmf79hbM4GZs1ZYAwIAIJdiOR0aFAC4V8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhBhAFfICwpUZXN0IExhYhoJAABXyA8DMRoKpwBXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaHJlY3QaDAAABYNHBsBQSplQEuURqTNatQDGcJFc00xUIbY="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998308061,"flow_last_seen":1528998308061,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998308061,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29232,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":297,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":16640,"global_ts_msec":1528998308249}
00713{"packet_event_id":1,"packet_event_name":"packet","packet_id":297,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":16640,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998308061,"pkt":"ABRP+4rqcNu2VcUnQQBFAAEwDINAAPsRR\/jG4hk1CgwlAAcUchABHKZIAp8BFMKP3L7bmNggOPWkTIavpgoaCwAAV8gbBVNQQxpuAAABNxA0723Z5fHoC0l+gadvadgzfaSzCz27rPwxopk71TEDK1VIm8mW\/vsFxUsHy2TxysAjZO8RNM3E07NOswLZR1Yjduj2RuApthb0mlkqWQZZpjfg4Vd1eYt2TqpojJTwm8thaNHCskFYATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLiUAYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhOTUyL2YwOjc5OlAwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFeVBDTwYDAgAEUBIoTJCJ2HxVvdUlAOn56UH9"}
00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":297,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":16640,"global_ts_msec":1528998308249}
00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":298,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528998308483}
01284{"packet_event_id":1,"packet_event_name":"packet","packet_id":298,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528998308061,"pkt":"AAAMB6xAABRP+4rqCAAkAALbIVBAAP8RAAAKDEAexuIZNXIQBxQCxwAAAaACv\/i0glgkXqR4abyMOyu1FuUaCgAAV8gOBFVTGgwAAFfIDSUAaWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqmkATUwMzExNDgwNDMyNjA4NTg2QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TNWMtMWQtZDktNTMtMGMtOWIeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpLi1zZXNzaW9uLWl0PTEwZmYxMGFjMDAwMDAwZDFhNGE5MjI1YiwgNWIyMmE5YTQvNWM6MWQ6ZDE6NTM6MGM6OWIvMjQwBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABFABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODA0MzJoMDg1ODbWd2xhbi5tbkM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhdWQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZCUAbURpcmVjdBoMAAAFgwdbwFBKmVAS3DaqxzVlY8YVdJMYTWA\/Jw=="}
00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":298,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528998308483}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314309,"flow_last_seen":1528998314309,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998314309,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.81.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1528998314309,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998314309,"pkt":"ABRP+4pIcNuYVcUnCABFAAClDKJAAPwRR2TG4hk1ClFAHgcUchAAkVZiC6QAiXXtUkUY2UEpsUhCUrecX98BNTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5YTQvNWM6MWQ6ZDk6NTM6MGM6OWIvMjQwTw4BAAAMFwwAAAwBf\/xQEi8FyNCyWjoJnDm8uRInVVc="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314309,"flow_last_seen":1528998314309,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998314309,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.81.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314512,"flow_last_seen":1528998314512,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528998314512,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":43028,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1528998314512,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1528998314512,"pkt":"ABRP+4rqcNuYVcUnCABFAADADKZAAPwRR0XG4hk1CgxAHqgUchAArLr7A6UApAJ1Pjz8JGCwuo5GIgtQcZwBNTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm5yZywgNWIyMmE5YTQvNWM6MWQ6ZDk6QjM6MGM6OWIvMjQwEiIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92a3Npa25lZE8HBAEABwBQEil3cnDy8\/cVSnBQY7FdIyI="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":312,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528998315379}
01254{"packet_event_id":1,"packet_event_name":"packet","packet_id":312,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528998315061,"pkt":"AAAMB6xAABRPC4rqCABFAHfHIVdAAP8RAAAKDEAexuIZNXIQBxQCswAAAXcCq7birWrbSCR0XX2ECsyLDxcaCgAAVcgOBFVTGgwAAFfIDQZ3aWZp7g8AEFfICQlXSVNQUjEwGgkAADghDQMxNwZbIqmrATUwMzExNDgwMDczNlA4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtN6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":312,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528998315379}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":313,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":17152,"global_ts_msec":1528998315564}
00714{"packet_event_id":1,"packet_event_name":"packet","packet_id":313,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":17152,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998315061,"pkt":"ABRU+4rqcNuYVcUnQwBFAAEwDOpAAPwRRszG4hk1CgxAHgcUchABHIc+AicBFAVYRP7z9BnlCK2x3nMNu9caCwAAV8gbBVNQQ\/1uAAABNxA0lSfZbnfLLhoh4+5ALjW4bpaGB\/F5lLUmaXWeOTpERaZCygHBXW8G5d8wRSUAsOoyXuERNO7GEB2l9DfyYkq5gsPl9gYDdVKWsTzavhi3cpWL4d4hWImwBdGLigMB9OjFS4NJg5i2ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29iay5vcmcsIDViMjJhOTUyL2YwOjc5OjYwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBKDY\/Qv9KooB2GY4bCH4+IC"}
00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":313,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":17152,"global_ts_msec":1528998315564}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":315,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":205,"global_ts_msec":1528998323044}
00606{"packet_event_id":1,"packet_event_name":"packet","packet_id":315,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528998322857,"pkt":"ABRP+0zqcNuYVcUnCABFAAAlAL1AEPwRRw3G4hk1CgxAHgcUchAAzTbHC6gAxWfYqv2MMmfQQQEjLJV5MYwBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjA3T0oBAgBIFwEAAAEFAAASnKqRiXtNkJ7pl81Lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":315,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":205,"global_ts_msec":1528998323044}
00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":317,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528998323568}
00711{"packet_event_id":1,"packet_event_name":"packet","packet_id":317,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998323340,"pkt":"ABRP+4rqcNsYVcUnCACOAAEwDMFAAPwRRrrG4hk1CgxAHgcUchABHN46AqkBFC7XsmGo9thH1H39z75ZofsaCwAAV8gbBVNQQxpuAAABNxA01fgke7cAxvNUQc8fbhbu8Vj1f4ydqDyFV6zE3SwbdURor5DaN1W5275SM8SlmfBSLKIRNMdp\/4Zs6S04Xowx3iRvmA3n8taa5E4m8wpB3etCd2VzmAkdeZLlem0oTIzBlWNTWH1RATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jSzgwLm1jYzMxMS4zZ3BwbmV0d2Vyay5vc04sIDViMjJhOTUyL2YwOjc5OjYwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBLs7b4ERJr4qPbI12xbGqC0"}
00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":317,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528998323568}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":318,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528998338204}
01282{"packet_event_id":1,"packet_event_name":"packet","packet_id":318,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528998323340,"pkt":"AAAMB6xAABRP+4rqCABFAALbIVpEAP8RAAAKDEAexuIZNXIQBxQCxwAAAaoCv2Uj1+ujspK2VyIvdisE+iUaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":318,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528998338204}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":319,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998338382,"flow_last_seen":1528998338382,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998338382,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1528998338382,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528998338382,"pkt":"ABQlAIrqcNuYVcUnCABFAADhDOxAAPwRRt7G4hk1CgxASQcUchAAzQ2+C6oAxV4x6AhgYl+1t\/7aBLDTkJgBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Y6MzcvMjM3T0oBAgBIFwEAAAEFAAD9ndZ8FHhsyj5jhEswY1t0AgUAABpKKGv5SQAALFBpvDseP8KLAQACCwUAAC1HLAQoI0jpYeW4fPFsl+tQEgCJjyegSbpAOXlBuPG4l8E="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998338382,"flow_last_seen":1528998338382,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998338382,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":321,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528998338865}
00713{"packet_event_id":1,"packet_event_name":"packet","packet_id":321,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998338669,"pkt":"ABRP+4rq8NuYVcUnCABFAAEwDPCkAPwRRos14hk1CgxAHgcUchABHImMAqsBFPNe2aGl6LP5y1u\/scR1o3AaCwAAV8gbBVNQOBpuAAABNxA0yJ0HwRo2kUg5GkMLWv3LIW9bZ\/+pjZx0CoGr7LPlqjfgOPOLXgeADm9RiTIaXTD+uAsRNK2vP2ZsGXahxC9sjBUhoGJOMJlzjqJyAyTjvpVvse28Qg5S9JgwmD8p+ZaQYnYBaM5xATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0JQByay5vcmcsIDViMjJhOTUyL2YwOjc5OjYwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBIrffGqrk1JHmvfqoB\/bRcD"}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":321,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528998338865}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":322,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528998342492}
01282{"packet_event_id":1,"packet_event_name":"packet","packet_id":322,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528998338669,"pkt":"AAAMB6xAABRP+4rqCABFAMrbIVxAAP8RAAAKDEAexuIZNXIQBxQCxwAAAawCvx+brty2uhj+WwEK9jJ7XPQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICSUASVNQUjEwGgkAADghDQM0NwZbIqnGATUwMzExNDgwMDczNjM4WTcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vciUAAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlQml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2U1MmE5MjI1YiwgNWIycmE5NTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAgAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm8lABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgXGVZdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":322,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528998342492}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":324,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528998342974}
01254{"packet_event_id":1,"packet_event_name":"packet","packet_id":324,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528998342683,"pkt":"AAAMB6xAABRP+4rqCABFACUAIV1AAP8RAAAKDEAexuIZNXIQBxQCswAAAa0Cqyd5am7x7at665a6XdQ818IaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADhEDQM0NwZbIqnGATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZiAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkSzEwZmYxMGFjMDAwMDAwY2U1MmE5MjI1YiwgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3BAasFGYQIA5WSldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAIAsFAACkCLiSdrciiCUA2Lhjf5WeAwIAIFh8yjsaFAAAV8gHDlZaV0My1GVzdExhYhoKAABXyAgERSUAEEYAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":324,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528998342974}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998346991,"flow_last_seen":1528998346991,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998346991,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29208,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1528998346991,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528998346991,"pkt":"ABRP+4rqcNuTVcUnCABFAADhDRdAAPwRRrPG4hk1CgxAHgcUchgAzQnPC64AxTy6++0fAX35UVXUpCEgeNcBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjAlADk6QTA6ZCUAN2Q6MzcvMjM3T0oBAgBIFwEAAAEFAAB+LhDHIi3oCVbmy0rSchdaAgUAAJdIOUyErgAA73piWKcgvT+LAQACCwUAAEZfsVUxfYxGJMfW\/6iCQHdQEgwvQS2NfxbBCfFadP4Rx2E="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998346991,"flow_last_seen":1528998346991,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998346991,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29208,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998347284,"flow_last_seen":1528998347284,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998347284,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29289,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1528998347284,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528998347284,"pkt":"AAAMB6xAABRP+4rqCABFAALHIV9AAP8RAAAKDEAexuIZNXJpBxQCswAAAa8Cq915o4ky+NTjcjv0F1wXmegaCgAAV8gOBFVTGgwAADHIDQZ3aWZpGg8AAFfICRlXSVNQUjEwGgkAADghDQM0NwZbIqnLATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDEjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQw72UwLTAwOlYlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjaTAwMDAwY2U1MmE5MjI1YiwgNWIyMmE5NSUAZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3UwasFAEQIA5WWldDMlRlc3SHYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAAA+8R0Z7LSWHOP9VffmhYCuAwIAIG5bieAaFAAAV8gHDlZaV0MyVGVzdExhahoKAABXyAgERVQaEAAA+8gKClN0YW5kYXJkGhAAAFfICwhUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkpiEQAAV8gRC055bmRodXJzdBoMACU4yKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998347284,"flow_last_seen":1528998347284,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998347284,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29289,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":329,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528998347461}
00711{"packet_event_id":1,"packet_event_name":"packet","packet_id":329,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998347284,"pkt":"ABRP+4rqcNuYVcUnqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":329,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528998347461}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998372930,"flow_last_seen":1528998372930,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.21","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1528998372930,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528998372930,"pkt":"AAAMB6xAABRP+4rqCABFAALbIWBAAP8RAAAKDEAexuIZFXIQBxQCxwAAAbACvzQe93K2s3Upjyh7NVxn+MAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIqnkATUwMzExNDgwMjMyNTY4NjMxkHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGggAAAR8TOTAtYjAtZWQtNGUtNzctYTMeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDDyMDAw\/jJtNGE5MjI1YiwgNWIyMmE5ZTQvOTA6YjA6ZWQ6NGU6Nzc6YTMvMjQxBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAQAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzcCAQA4ATAzMTE0ODAyMzI1Njg2MzFAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAclAFpXQzJUZXN0TGEiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGlAAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWld0QzIgVGVzdCBMYWIaCwAAV8klBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOG4RBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bbJpcmVjdBoMAAAFgwcGwFBKmVASj8JRxOD8ARCA2Tk5GozLCQ=="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998372930,"flow_last_seen":1528998372930,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.21","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997764910,"flow_last_seen":1528997764910,"flow_idle_time":600000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":663,"midstream":0,"thread_ts_msec":1528998376770,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":0,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997764910,"flow_last_seen":1528997764910,"flow_idle_time":600000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":663,"midstream":0,"thread_ts_msec":1528998376770,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":0,"flow_datalink":1,"flow_max_packets":3}
00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":339,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528998557316}
00526{"packet_event_id":1,"packet_event_name":"packet","packet_id":339,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_msec":1528998557233,"pkt":"ABRP+4rqcNuYVcUnCAAlAAClD1JAAPwRRKvG4hk+CgxAHgcUchAAkYCWC7QAiR2+QwBH7d0zmbIWMmGskGYBNTAzMTE0ODAwNzEzqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":339,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528998557316}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998338382,"flow_last_seen":1528998338382,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998226700,"flow_last_seen":1528998226700,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.66","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -447,16 +447,16 @@
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998576181,"flow_last_seen":1528998576181,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998576181,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1814,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1528998576181,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998576181,"pkt":"ABRP+4rqcNuYVcUnCABFAAClD7RAAPsRRVLG4hk1CgxAHgcWchAAkUUeC7YAjbHF+KxzM1jmiRGRdJnwnSQBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmFhOTAvYjA6OWY6YmE6NGE6MGU6N2UvMjQzTw4BAAAMFwwAAAwBf\/xQEmpMlHIe9v0pkoCIcMRZLH4="}
01328{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1528998576307,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528998576307,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIWVAAP8RAAAKDEAexuIZNXIQBxQClwAAAbcCj0ICRJPAa6Qqmxpo\/C0gFa8aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIqqwAWEwMzExNDgwMDdhMzk0MzA0QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TYjAtOWYtYmEtNGEtMGUtN2UeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDQ5MGFhMjI1YiwgNWIyMmFhOTAvYjA6OWQ6YmE6NGE6MGU6N2Uvqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":344,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528998576381}
00564{"packet_event_id":1,"packet_event_name":"packet","packet_id":344,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528998576307,"pkt":"ABRP+4rqcNuYVcUnCABFAADAD7hAAfwRRDPG4hk1CgxAHgcUchAArCnlA7cApDiN+d11wTNhp6tcCWDiFuUBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmFhOTAvYjA6OWY6YmE6NGE6MGU6N2UvMjQzEiIzMjc2NCBTdWJzYydpYmVyIG5vdCBwcm92aXNpb25lZEcHBAEABwBQEmSUFMWhON8\/wqCGcP\/+Ta0="}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":344,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528998576381}
00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998584808,"flow_last_seen":1528998584808,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998584808,"l3_proto":"ip4","src_ip":"57.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":28948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1528998584808,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528998584808,"pkt":"AAAMB6xAABRP+4rqCABFAALbIWZAAP8RAO05DEAexuIZNXIQcRQCxwAAAbgCv9zxrJZG2dsJ+s9nZZp6aFsaCgAAV8gOBFVTGgwAAFfIDQYlAGZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqq4ATUwMzExNDgwMjUwODY0NjI4AXdsYW4ubW5jNDgwDm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TMDAtNTYtY2QtNmQtNDItNTkeJTZjLWIyLWFlLThlLTMxLTgwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPbEwZmYxMGFjMDAwMDAwY2M3OGE4MjI1YiwgNWIyMmE4NzgvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjM1BAasFAEQIKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998585019,"flow_last_seen":1528998585019,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998585019,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1528998585019,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528998585019,"pkt":"ABRP+4rqcNuYVcUnCABFAADhD9lAAPwRdvHG4hk1CgxAHgcUWBAAzQh\/C7gAxWTiZLZdO+cme7xhCKfM6MYBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NzgvMDA6NTY6Y2Q6d2Q6NDI6NTkvMjM1T0oBAgBIFwEAAAEFAADyCxcI7XkaT0UFvUk8tJ2YAgUAAMJakSoc8QAAT38LtnrvLnGLAQACCwUAADQNzAWg+MfiRgxSS6PGeYdQEs5faleq8GPWzRgEVPv2RUo="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998585019,"flow_last_seen":1528998585019,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998585019,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
01364{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1528998585268,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528998585268,"pkt":"AAAMB6xAABRP+4rqCABFAALHIWdAAP8RAAAKDEAexuIZNXIQBxQCswAAAbkCqwwIsTK62hmv9RZW9\/f12AIaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqq5ATUwMzExNDgwMjUwODY0NjKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":348,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528998585453}
00711{"packet_event_id":1,"packet_event_name":"packet","packet_id":348,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998585268,"pkt":"ABRP+4rqcNuYVcUnCABFADUwD91AAPwRQ57G4hk1CgxAHgcUchABHJkzArkBFPuMuhZj3jbkVosdPxLeAO4aCwAAV8gbBVNQQxpuAAABNxA0w9JZoXWsZGeHUoYiJ9p40yJPEfSCC1VPuzQcz\/tcT9Zniiv93vAfl8Sqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":348,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528998585453}
00497{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":349,"packets-processed":283,"total-skipped-flows":0,"total-l4-data-len":122535,"total-not-detected-flows":16,"total-guessed-flows":3,"total-detected-flows":55,"total-detection-updates":0,"total-updates":13,"current-active-flows":5,"total-active-flows":76,"total-idle-flows":71,"total-events-serialized":460,"global_ts_msec":1528998601376}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605741,"flow_last_seen":1528998605741,"flow_idle_time":180000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1528998605741,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1528998605741,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":671,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":671,"pkt_l4_len":637,"thread_ts_msec":1528998605741,"pkt":"AAAMB6xAABRP+4rqCABFAAKRIWpAAP8RAAAKDEAexuIZNXIQBxUCfQAABLwCddn+cEnhcqnQe5pr1rrJmHQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzABNTAzMTE0ODgwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIsIDViMjJhYWM5L2YwOjc5OjYwOmQxOjdkOjM3LzI0NDEGAAAAExoxAAAACQErYXVkaXQtc2Vzc2lvbi1pZD0xMGZmMTBhWTAwMPowMGQ1YzlhYTIyNWItBgAAAAFABgAAAA1BBl4AAAZRBDU2NwZbIqrNGhQAAFfIBw5WWldDMlRlc3RMYWIaCgAAV8gIBEVUGhAAAFfICgpTdGFuZGFyZBoQAABXyAsKVGVzdCBMYWIaCQAAV8gPAzEaCgAAV8gQBE5KGhEAAFfIEQtMeW5kaHVyc3QaDAAAV8gSBgAAAMkaFwAAV8gdEVZaVyBDMiBUZXN0IExhYhoLAABXyCUFVnpXGg2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
@@ -466,10 +466,10 @@
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605816,"flow_last_seen":1528998605816,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528998605816,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":21008,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998636010,"flow_last_seen":1528998636010,"flow_idle_time":600000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1528998636010,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"flow_datalink":1,"flow_max_packets":3}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1528998636010,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998636010,"pkt":"ABRP+4rqcNuYVcUnCABFAAClEJJAAPslAHTG4hk1CgxAHgcUchAAkT3yC70AiXLX5bK1bcbjOxq4bylP028BNTAzMTE0ODAyMxg1Njg2MzFAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZyxiNWIyMmFhZWIvOTA6YjA6ZWQ6NGU6Nzc6YTMvMjQ1Tw4BAAAMFwwAAAxRf\/xQEvTT2\/+5xTPwYXYdoAWLt9A="}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":357,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2064,"global_ts_msec":1528998636143}
01218{"packet_event_id":1,"packet_event_name":"packet","packet_id":357,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":2064,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_msec":1528998636010,"pkt":"AAAMB6xAABRP+4rqCBBFAAKrIWxAAP8RAAAKDEAexuIZNXIQBxQClwAAAb4Cj8yIFnOZ6cZavy+ov11X2XMaCgAAV8gOBKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":357,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2064,"global_ts_msec":1528998636143}
00200{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":361,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":22528,"global_ts_msec":1528998639586}
01219{"packet_event_id":1,"packet_event_name":"packet","packet_id":361,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":22528,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_msec":1528998639447,"pkt":"AAAMB6xAABRP+4rqWABFAAKrIW5AAP8RAAAKCEAexuIZNXIQBxQClwAAAcACj3BXfw4b3GMlZswG9bQoL7gaCgAAV8gOBFVTGgwAAFfIDQZXaWZpJQAAAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqrvATUwMzExNDgwMjMyNTY4NjMxQHdsYW4ubW5jNDkwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TOTAtYjAtZWQtNGUtNzctYTMeJTAwLWE3LTQyLWQwLWUwLXAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJESthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDZlYmFhMjI1YiwgNWIybWFhZWIvOTA6YjA6ZWQ6NGU6Nzc6YTMvMjQ1BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2T2cCAAAIbQwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhdWAFfIHRFWWlcgQzIgVGVzdDdMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERcAAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASZHVbxXaB7Y4HBclkU5O1hA=="}
00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":361,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":22528,"global_ts_msec":1528998639586}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1528998576080,"flow_last_seen":1528998643334,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":7430,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1528998257171,"flow_last_seen":1528998557443,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":2362,"flow_avg_l4_payload_len":472,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998605816,"flow_last_seen":1528998605816,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":21008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}

6
test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out
View File

@@ -1,9 +1,9 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00488{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":18448697704865147}
00259{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","size":48,"expected":4093509168,"global_ts_msec":18448697704865147}
00342{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":48,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"}
00259{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","size":48,"expected":4093509168,"global_ts_msec":18448697704865147}
00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","l4_data_len":14,"global_ts_msec":18448697704865147}
00342{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":48,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","l4_data_len":14,"global_ts_msec":18448697704865147}
00490{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":7,"global_ts_msec":18448697704865147}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/0
@@ -19,4 +19,4 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 229 chars
~~ json string max len.......: 495 chars
~~ json string avg len.......: 366 chars
~~ json string avg len.......: 363 chars

4
test/results/fuzz-2021-10-13.pcap.out
View File

@@ -1,7 +1,7 @@
00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":980658803882}
00203{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","datalink":0,"packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","layer_type":3080300,"global_ts_msec":980658803882}
00532{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":197,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":197,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AC8AbGXLAAAAlQZ\/NAA6MDA1L3VwbG8yZD9sPTAuAAAAAAAAAAA9AAAAgAGtAAAAPAEAADUAMMkAAFsEMjk5oIBtrTHFxwpdEDIAAQBGAAAAaXAAc+dXAAAAAAAIAAoAAAD\/MvsABgAAAAAAAAAAAAAAAAAAAAAkABAAAAAAAAA8AQAAAAAACJcFAAAA\/zL7AAYAAP9NPLKhAgAAAI8NOwAAAH8AAhwAAQAAAAAAECA\/BeIoAAAAACA9eC75+f\/\/xQAAAAA="}
00203{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","datalink":0,"packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","layer_type":3080300,"global_ts_msec":980658803882}
00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":5,"global_ts_msec":980658803882}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/0
@@ -17,4 +17,4 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 208 chars
~~ json string max len.......: 537 chars
~~ json string avg len.......: 386 chars
~~ json string avg len.......: 366 chars

20
test/results/http-crash-content-disposition.pcap.out
View File

@@ -1,23 +1,23 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00488{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1492518365663}
00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365663}
00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPNS7QABABvZlwKgAZ66BAArH4wBQe0WpbgAAAACgAjkINI0AAAIEBbQEAggKABR91QAAAAABAwMG"}
00196{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365663}
00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":2,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365767}
00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPAAAQAAtBt4hroEACsCoAGcAUMfjkVcfantFqW+gEjiQ\/PYAAAIEBawEAggKK6FboQAUfdUBAwMH"}
00196{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"packet_id":2,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365767}
00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":3,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365789}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANNS8QABABvZswKgAZ66BAArH4wBQe0Wpb5FXH2uAEADlY08AAAEBCAoAFH3sK6FboQ=="}
00196{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"packet_id":3,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365789}
00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":4,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365809}
00919{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":480,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":480,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAB4NS9QABABvS\/wKgAZ66BAArH4wBQe0Wpb5FXH2uAGADlVxoAAAEBCAoAFH3uK6FboVBPU1QgL2ltZXNzYWdlcy5waHA\/c29uZ2lmeV9hPTNoMjQ4Zklid0ombmV3IEhUVFAvMS4xDQpDb250ZW50LUxlbmd0aDogMjIwDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9mb3JtLWRhdGE7IGJvdW5kYXJ5PTV2N0xoYm5hMnJld0hyajBlX0Y4d3IwV0FWVHBZOTNFVDlpUUhEeQ0KSG9zdDoga2h1LnNoDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQoNCi0tNXY3TGhibmEycmV3SHJqMGVfRjh3cjBXQVZUcFk5M0VUOWlRSER5DQpDb250ZW50LURpc3Bvc2l0aW9uOiBmb3JtLWRhdGE7IG5hbWU9ImlzYW5kcm9pZCINCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD1VUy1BU0NJSQ0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogOGJpdA0KDQox"}
00196{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"packet_id":4,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365809}
00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":5,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365809}
00407{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":99,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":99,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAY9S+QABABvY7wKgAZ66BAArH4wBQe0WrG5FXH2uAGADlbXAAAAEBCAoAFH3uK6FboQ0KLS01djdMaGJuYTJyZXdIcmowZV9GOHdyMFdBVlRwWTkzRVQ5aVFIRHktLQ0K"}
00196{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"packet_id":5,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365809}
00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":6,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365913}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANEN0QAAtBpq1roEACsCoAGcAUMfjkVcfa3tFqxuAEAB6YXsAAAEBCAoroVwyABR97g=="}
00196{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"packet_id":6,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365913}
00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":7,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365913}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANEN1QAAtBpq0roEACsCoAGcAUMfjkVcfa3tFq0qAEAB6YUsAAAEBCAoroVwzABR97g=="}
00196{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"packet_id":7,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365913}
00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":8,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365968}
02271{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1492,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1492,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAF1EN2QAAtBpUTroEACsCoAGcAUMfjkVcfa3tFq0qAEAB6GowAAAEBCAoroVxpABR97khUVFAvMS4xIDIwMCBPSw0KU2VydmVyOiBuZ2lueA0KRGF0ZTogVHVlLCAxOCBBcHIgMjAxNyAxMjoxOToyNSBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PVVURi04DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpYLVBvd2VyZWQtQnk6IFBIUC81LjMuMw0KQ29udGVudC1MZW5ndGg6IDIxODcNCg0KPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPGltc2dzPgo8dGltZXN0YW1wPjEzNTgyNzg0NTA8L3RpbWVzdGFtcD4KPGZyZXF1ZW50bHlfc2hvdz4zPC9mcmVxdWVudGx5X3Nob3c+CjxmcmVxdWVudGx5X3Nob3dfZmlyc3Q+MzwvZnJlcXVlbnRseV9zaG93X2ZpcnN0Pgo8bWVzc2FnZV9saXN0PgoJPG1lc3NhZ2U+CgkJPGlkPjE4PC9pZD4KCQk8dGl0bGU+RnJvbSBCcnVubyBNYXJzIHRvIFJpaGFubmE8L3RpdGxlPgoJCTxkZXNjcmlwdGlvbj5QbGF5IHRoZSBob3R0ZXN0IHNvbmdzIGVmZm9ydGxlc3NseSBvbiB0aGUgIzEgcGlhbm8gYXBwITwvZGVzY3JpcHRpb24+CgkJPHVybD5odHRwOi8vYXBpLnNtdWxlLmNvbS92Mi9yZWRpcmVjdC9leUozWldKVmNtd2lPaUpvZEhSd09pOHZjR3hoZVM1bmIyOW5iR1V1WTI5dEwzTjBiM0psTDJGd2NITXZaR1YwWVdsc2N6OXBaRngxTURBelpHTnZiUzV6YlhWc1pTNXRZV2RwWTNCcFlXNXZJaXdpYlc5aWFXeGxWWEpzSWpvaWJXRnlhMlYwT2k4dlpHVjBZV2xzY3o5cFpGeDFNREF6WkdOdmJTNXpiWFZzWlM1dFlXZHBZM0JwWVc1dklpd2lZMkZ0Y0dGcFoyNUpaQ0k2TVRReU1pd2lZWEJ3SWpvaVRVbE9TVkJKUVU1UFgwRk9SRkpQU1VRaWZRPT08L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4zPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjIxNDUxMzc2MzQ8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KCTxtZXNzYWdlPgoJCTxpZD4xNzwvaWQ+CgkJPHRpdGxlPkRvd25sb2FkIFNpbmchIEthcmFva2UgZm9yIEZSRUU8L3RpdGxlPgoJCTxkZXNjcmlwdGlvbj5TaW5nIHNvbmdzIGJ5IDFELCBDYXJseSBSYWUgSmVwc2VuLCBCaWViZXIgJmFtcDsgbW9yZSE8L2Rlc2NyaXB0aW9uPgoJCTx1cmw+aHR0cDovL2FwaS5zbXVsZS5jb20vdjIvcmVkaXJlY3QvZXlKM1pXSlZjbXdpT2lKb2RIUndjem92TDNCc1lYa3VaMjl2WjJ4bExtTnZiUzl6ZEc5eVpTOWhjSEJ6TDJSbGRHRnBiSE0vYVdSY2RUQXdNMlJqYjIwdWMyMTFiR1V1YzJsdVoyRnVaSEp2YVdRaUxDSnRiMkpwYkdWVmNtd2lPaUp0WVhKclpYUTZMeTlrWlhSaGFXeHpQMmxrWEhVd01ETmtZMjl0TG5OdGRXeGxMbk5wYm1kaGJtUnliMmxrSWl3aVkyRnRjR0ZwWjI1SlpDSTZNVEV4T0N3aVlYQndJam9pVTBsT1IxOUhUMDlIVEVVaWZRPT08L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4xPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjY3NzM5MA=="}
00196{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"packet_id":8,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365968}
00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365968}
01585{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":981,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":981,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAD1UN3QAAtBpcRroEACsCoAGcAUMfjkVclC3tFq0qAGAB6wJEAAAEBCAoroVxpABR97jQ8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KCTxtZXNzYWdlPgoJCTxpZD4yMDwvaWQ+CgkJPHRpdGxlPkEgUGVwIFRhbGsgZnJvbSBLaWQgUHJlc2lkZW50ITwvdGl0bGU+CgkJPGRlc2NyaXB0aW9uPldhdGNoIHRoZSBuZXdlc3QgdmlkZW8gZnJvbSBUaGUgR3JlZ29yeSBCcm90aGVycywgYW5kIHBlcmZvcm0geW91ciBvd24gcmVuZGl0aW9uITwvZGVzY3JpcHRpb24+CgkJPHVybD5odHRwOi8vd3d3LnlvdXR1YmUuY29tL3dhdGNoP3Y9bkZHY3JZUGRySlU8L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4xPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjIxNDYzNTQyNDg8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KCTxtZXNzYWdlPgoJCTxpZD4yMTwvaWQ+CgkJPHRpdGxlPlJhcCBsaWtlIEVtaW5lbSE8L3RpdGxlPgoJCTxkZXNjcmlwdGlvbj5BdXRvUmFwIHR1cm5zIHNwZWVjaCBpbnRvIHJhcCAoYW5kIGNvcnJlY3RzIGJhZCByYXBwaW5nKS48L2Rlc2NyaXB0aW9uPgoJCTx1cmw+aHR0cDovL2FwaS5zbXVsZS5jb20vdjIvcmVkaXJlY3QvZXlKM1pXSlZjbXdpT2lKb2RIUndjem92TDNCc1lYa3VaMjl2WjJ4bExtTnZiUzl6ZEc5eVpTOWhjSEJ6TDJSbGRHRnBiSE0vYVdSY2RUQXdNMlJqYjIwdWMyMTFiR1V1WVhWMGIzSmhjQ0lzSW0xdlltbHNaVlZ5YkNJNkltMWhjbXRsZERvdkwyUmxkR0ZwYkhNL2FXUmNkVEF3TTJSamIyMHVjMjExYkdVdVlYVjBiM0poY0NJc0ltTmhiWEJoYVdkdVNXUWlPakUxTVRNc0ltRndjQ0k2SWtGVlZFOVNRVkJmUjA5UFJ5Sjk8L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4zPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjIxNDYwNzU0MDI8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KPC9tZXNzYWdlX2xpc3Q+CjwvaW1zZ3M+"}
00196{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365968}
00491{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":21,"global_ts_msec":1492518365968}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 9/0
@@ -33,4 +33,4 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 201 chars
~~ json string max len.......: 2276 chars
~~ json string avg len.......: 1216 chars
~~ json string avg len.......: 1195 chars

18096
test/results/ip_fragmented_garbage.pcap.out
View File

File diff suppressed because it is too large Load Diff

6
test/results/ipv6_in_gtp.pcap.out
View File

@@ -1,10 +1,10 @@
00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1536839120404}
00188{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1536839120404}
00468{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":150,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":150,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAACNLNUB8pWgQAMoYEAYAUIAEVoAIBoSQAA\/xHueQruUBoK7v5LCGgIaABsAAAw\/wBcEoCPuGAIuFIANBFAJgf8IEBSA55JCupNF\/7gnP0Al2q8Zxk+AAAAAAAAAAe\/4GQ6ADQ3SIBuFZfDWsIvMrWrNfP4Fx5OYe4CUCXgPs5ziPlz8hT\/27dLl2xtqJbPLkrE"}
00188{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1536839120404}
00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":5,"global_ts_msec":1536840494424}
00188{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1536840494424}
00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":166,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":166,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABNLNUB8pVgQAMn4EAQAIIAEVYAJD2QgAA\/xGMPAruJFwK7v5NCGgIaAB8AAAw\/wBsB0wVsGANtkgARDJAKgEEyMAUFE4AAQAClFtnYSoBBMjwAA9JAAAAAAAAAAT\/O2YDAAAAQhlm1OFxgeTba50SyREjm3lFbPc9lgrLUcRYebJHYlYzSCeWv2L\/IjSAXfS1U+Rh4DDxR7yVXb8kOaI3Xg=="}
00188{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1536840494424}
00471{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1536840494424}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2/0
@@ -20,4 +20,4 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 193 chars
~~ json string max len.......: 496 chars
~~ json string avg len.......: 345 chars
~~ json string avg len.......: 341 chars

22
test/results/ja3_lots_of_cipher_suites.pcap.out
View File

@@ -1,27 +1,27 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00483{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1557818846743}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846743}
00375{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAADTDSUAAPwad0wrOgxIKzkH55SEBu84u1gAAAAAAgAJyEJdSAAACBAW0AQEEAgEDAwI="}
00202{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846743}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846744}
00375{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAADQAAEAAPQZjHQrOQfkKzoMSAbvlIcEFrEzOLtYBgBI5CGLyAAACBAW0AQEEAgEDAwc="}
00202{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846744}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846771}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAACjDSkAAPwad3grOgxIKzkH55SEBu84u1gHBBaxNUBAchMBIAAAAAAAAAAA="}
00202{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846771}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846773}
01439{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":866,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":866,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAA0zDS0AAPwaauQrOgxIKzkH55SEBu84u1gHBBaxNUBgchP+6AAAWAwMDHwEAAxsDA7MBwRcglDZhL6NP+OfprwtR2a2+EN2bALWxOtNOmOORAAK8AA8AxQCVwJHADcCrwH8AEQDDACXAhwCPAKvABMCZwEoAO8wU5BQAwcCbACbAaQCzALHAJACUAEMARcBlAD3AosBXAI3AEwAZABcAaeQbAGTACswV5BkApQApwD7AW8B0zBPAXAASwBfAhQAnABMAnQCZAAsAiQABACLAlcCBwAvAOcBmwCPkEwCHAG3AGMBjABrkEAA1wDAAKMB+wCAAOMCfACwAMcAvALUALsBfwG\/ALsCYAAMAmwACAC\/AP8AcAJfAKgC3AD7AgwCgwAcAhsAtwFIAkgAGwCEANABqADnAZAAMAGAAgMAdwIrAdsARwKUAhABBAAgArsAywHzARcCcALvATgA2ALwAYgC4AKjAfQAUAJYAkcBgwKfAVcBw5BYAQgBhwAXAPcBZwAkAaAC5wB8AZ8CeAGbAcsA2AKYAhQCwwFEAgsCQwDzkHsCgwBQAjgCT5B\/AqgCpAIHAqMBHAAQAEMADwFjApMAxAEvAFeQVAIgAvgCawAIArMA1wGcAScA4AAkALQC9wGHkHcBPAGvAOwBHABsAp8BQwJLAG8BaAEDAegAgAIMAo8BewEbAFsASAJDAEACfAK3AYsBtwIDAe8CIACsAnAANwCUAMMCWwCzAhMBsAAXATcBqwKHAGQCY5BfAVAAWAB7AKMB5wIbAmgBjwFbAjwBMwEzAncAzACPAa8ABAKrAdwCkAKHAeADEwCLAjsA6AD8AbABKwAgAMsCpADrAQAAHAMLANMCmwHHAGsCLAEYAPAAzAL\/AK8AnAKLAS8BTACTADsBIAETAHsBEAB\/kGMCNALoAtgC05BrABsBCwEnAQwCK5BIASAAKAIsANwAVAMAAnsCCwIzAJsAPAGUAjMCJwKPAcwAqwG7AXcBoACHAlwCywDfkHMApwJMAr8B1wEEAAAAOwAzAlOQRABgA\/wEAADYACgAGAAQAFwAYAA0AIAAeAgEDAQQBBQEGAQICAwIEAgUCBgICAwMDBAMFAwYDAAsABAMAAQI="}
00202{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846773}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846773}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAACjoA0AAPQZ7JQrOQfkKzoMSAbvlIcEFrE3OLtklUBAAf9kpAAAAAAAAAAA="}
00202{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846773}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":6,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846909}
02320{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1522,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":1522,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUABdzoBEAAPQZ1cArOQfkKzoMSAbvlIcEFrE3OLtklUBAAf4KWAAAWAwMAMQIAAC0DA6eY8O1X3X3mQxpK5jBthKXbggXTdMEwSebU\/C3eGyaMAABFAAAF\/wEAAQAWAwMKsAsACqwACqkABa0wggWpMIIEkaADAgECAgRcADaSMA0GCSqGSIb3DQEBCwUAMIGwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxEjAQBgNVBAcMCVJvY2hlc3RlcjEaMBgGA1UECgwRWGVyb3ggQ29ycG9yYXRpb24xKzApBgNVBAsMIkdlbmVyaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxMTAvBgNVBAMMKFhlcm94IEdlbmVyaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTgxMTI5MTg1NzIyWhcNMjMxMTI5MTg1NzIyWjCBsjELMAkGA1UEBhMCVVMxFDASBgNVBAgMC0Nvbm5lY3RpY3V0MRAwDgYDVQQHDAdOb3J3YWxrMRowGAYDVQQKDBFYZXJveCBDb3Jwb3JhdGlvbjEmMCQGA1UECwwdR2xvYmFsIFByb2R1Y3QgRGVsaXZlcnkgR3JvdXAxGDAWBgNVBAMMD1hSWDlDOTM0RTk0OUZFRjEdMBsGCSqGSIb3DQEJARYOdXNlckB4ZXJveC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzOO4XBzGAsvXAUZCvKlNS0ZkTg4CPeXJP+nJVRYA6XFVgcCBzykrSHCu0Y5U7SEcAp8qNsaTFqksYnK\/LydYXDbB8hopOYrLt9CybGPHIgOHFLqHcR7AQGMPPsqNseCPbVxC9MxESLkuuP6C+psPTMgU3We8QQepVTiTwRPkjbRt2ckXJmlv9RVwBZJw5H9Kj67ioINRaF7pzZa8+WXvRU7yezlug0Rzfp5ecju0QBU4VVZe3xUzfdZWz\/fJSPmAHkTaC2YSiwkocYvBT4zICg1P1PoEDtqIqZeii6N1m0v6iOX9IqiHmzg62Idlf1UVl5TDJNOjjpoWiNOg8STnRAgMBAAGjggHFMIIBwTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwID6DARBglghkgBhvhCAQEEBAMCBeAwJwYJYIZIAYb4QgENBBoWGFhlcm94IERldmljZSBDZXJ0aWZpY2F0ZTBFBgNVHSUEPjA8BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHMIHgBgNVHREEgdgwgdWkgbUwgbIxCzAJBgNVBAYTAlVTMRQwEgYDVQQIDAtDb25uZWN0aWN1dDEQMA4GA1UEBwwHTm9yd2FsazEaMBgGA1UECgwRWGVyb3ggQ29ycG9yYXRpb24xJjAkBgNVBAsMHUdsb2JhbCBQcm9kdWN0IERlbGl2ZXJ5IEdyb3VwMRgwFgYDVQQDDA9YUlg5QzkzNEU5NDlGRUYxHTAbBgkqhkiG9w0BCQEWDnVzZXJAeGVyb3guY29tghVYUlg5QzkzNEU5NDlGRUYubG9jYWyHBArOQfkwHQYDVR0OBBYEFMmJGzBJIOsjLFdZLeXCDp3CSY16MB8GA1UdIwQYMBaAFA5YSZ0ji1KMbT2VVkZ5iGGFcfkbMA0GCSqGSIb3DQEBCwUAA4IBAQB80KwxdBQ2CUwzB3yhxrGfnJ\/+Rn876RYYjG9vMongwqLQxzoMeih5ZYXUzZli4hz+h1LK1v\/Ege\/lnGMJWs5DzyRepcrJfNJyE84fIaiM7ydc4mgf4KSu\/x7gt5qX9YMDRXEHpueX87MCCsZd9AQjFk4qZRY0WhjFRvbThA5GqkFpCqA0X55jQpF7OHcvidnEDSSGJOscxoaULh4nHZ+rmU8zNBk1ygIMcR6kn+pbP+1LRFxtmg9WILz8X+C22fbQoA=="}
00202{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":6,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846909}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":7,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846909}
02323{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1522,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":1522,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUABdzoBUAAPQZ1bwrOQfkKzoMSAbvlIcEFsgHOLtklUBAAf385AAALxoVe5\/5I\/GDx\/TXFQSvGZzZlkxxeY6r7JfvE1MO5kSqJIylcqtI3CgZidU7wxPplCb4PCKG\/MIidVTuxRwAE9jCCBPIwggPaoAMCAQICAQIwDQYJKoZIhvcNAQELBQAwgbAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazESMBAGA1UEBwwJUm9jaGVzdGVyMRowGAYDVQQKDBFYZXJveCBDb3Jwb3JhdGlvbjErMCkGA1UECwwiR2VuZXJpYyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTExMC8GA1UEAwwoWGVyb3ggR2VuZXJpYyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTAgFw0xNTExMTIyMzUyNDBaGA8yMDI0MDQxNTIzNTk1OVowgbAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazESMBAGA1UEBwwJUm9jaGVzdGVyMRowGAYDVQQKDBFYZXJveCBDb3Jwb3JhdGlvbjErMCkGA1UECwwiR2VuZXJpYyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTExMC8GA1UEAwwoWGVyb3ggR2VuZXJpYyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKt8bDMRhnfwJSIitgDFLpGuBprC4tMhmkGTeBAp8D9tAJoRmr+CQlMBB0pRzAN3w\/GP1z48MoOiOUPMjA0yAQqbt15H+uMuVo4oC0Zl\/CXAy2wCEdlvlnWBzsZx+on5aArVYHxCe638JGA7+LhPXCM+346VJRtjkNd9d11824SziT\/ygbTCBgVVvBQfxWREr4m3OIDTRnRYod7st+aMcTs4X8iIywZyrHXM2eAOP\/xODdJcpVCW5vx+mk6jJj73WVq\/XPDe0cXAxYE8sy6qGWTHvht48XMNGGpEESimKhn1YJiWKYBNbsKu1nbfEzD687rWbkrNMW0Sc\/MsgRTOAUcCAwEAAaOCAREwggENMB0GA1UdDgQWBBQOWEmdI4tSjG09lVZGeYhhhXH5GzCB3QYDVR0jBIHVMIHSgBQOWEmdI4tSjG09lVZGeYhhhXH5G6GBtqSBszCBsDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRIwEAYDVQQHDAlSb2NoZXN0ZXIxGjAYBgNVBAoMEVhlcm94IENvcnBvcmF0aW9uMSswKQYDVQQLDCJHZW5lcmljIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MTEwLwYDVQQDDChYZXJveCBHZW5lcmljIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ggECMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFzBoKpnLrmCU34LZVg1dmsGoHKRK8ICHad1WmoTf8tebjslNeQND+QJaTFr3pX+k42\/n0u56QcCuzaiFTXHUV9FwQBXBhJRCC1Gw8JtD3KZTYD9IBg4q76pwMV3oYIc7yX0hApuPlis99BtrQ9uAJVJiqY61RayEgUpVpo+CewQOmF5JFd9ewI7lhRF\/1idFtJtNnVamFRvVESZUI+qwjibTBflOWhLITGcO7Wiztv2SGGWMWBXMEA04kzRXHZBKwPrVxAN4fFTRFJV+ONyDQcmGWoouPJiF2sv+h4P7L2o+Dy0iFjKIFY9A5Cg99pRDDKSRMAvCINP6g5IjDcjgJUWAwMDDwwAAwsBAMNj2BphFRDNLN7J8e1RH+Su2MMVc1DB3hpn71wBz6BtmNgWp4+Y2p9CQiEHz4mR1ejIQBfdfvytF2PniPCskclZXrLgsDC4r0hI53ROCdv4P1SZUaFs3carINdEGB1bHf8sdFbtL9NWvyl+LVW75HzWLA=="}
00202{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":7,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846909}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":8,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846910}
01276{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":734,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":734,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAAsjoBkAAPQZ4ggrOQfkKzoMSAbvlIcEFt7XOLtklUBgAf3btAAArP3r0rVe0Aym6JLwpOw\/ARwhTpY9aS7jceyqxacIXzRspfll0u1\/NkXDZNHalNI0jifA02VmOaSzhsGzJ03fuqKyyLCUPurWOZCj\/m+yOkMFwArOo4uIOxsENzfQIgKhMCW3YH1KAEc\/D52lgcc5dEHoPQCigIQjo2dWhtfY\/oG4sKNF1rHdnRmXJwxczAAECAQCB0DPstOMfM5F8X5MwgsDlsx2xgwVyLIjRqp9YCi1KiPDkTsRRNZ9DD6t\/ryiWXZAQh9BkHB6TFnEabzzd3ZV133DGDkbN8ivrZ\/z57itpt2v72s73UcOj834+OvBHQFis\/1RjFZ7mfCgZRE7PIBkRRL\/Gn9PLQP0KlGyVBXaYBJTPMozKF3QO3V\/4LEH3gpTFO8WY5zmgwf\/CrWjV7llloR3tiNBaPGJTsW2xi2J6BP1sZieM89wnWuVbN6GqAOFNenvYif3wSlXllxAZenbfAoFQylIORWBw38yjKf3qIiHxBJU4ZxexUo\/O3\/t3hKHDSjcp4a7NNUxFPMsCxeC4AgEBAC3kckI79wHr9Jdk4qPrAuTCIIeE\/qBxvLET0Ua\/Ah37Jo0oIdRWbuCV7ge6meATSbHe7FqMhYpMG23Q4uSTupEwX5lZxUqx\/xIwzx\/AfDOL16722QUiKA21ChDMHjmqP5t7YWazRTsOuyLB6n0u9314zm7LNLRLxx5EGml4HiX5zxmVQR\/KEVEeOD+pMCY0IxlT35RaHC0aLunpBP\/ttxpaC85IzJ+shFeD9zYmMngnHXqhjgcuDFtGQMpQpLUFpMeo2O0rVIMdLlN1ZFuVyYVT661Vjz7ZgC7FvbaJEi5940Vlycu+kXQRVfxPb6IwVbYoX8euxN9GS2WsUJxqmpEWAwMABA4AAAA="}
00202{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":8,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846910}
00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":9,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846937}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAACjDTEAAPwad3ArOgxIKzkH55SEBu84u2SXBBbIBUBAfXrSWAAAAAAAAAAA="}
00202{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":9,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846937}
00203{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":10,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846938}
00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAACjoB0AAPQZ7IQrOQfkKzoMSAbvlIcEFulXOLtksUBAAf8saAAAAAAAAAAA="}
00203{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":10,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846938}
00203{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":11,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846965}
00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAACifbEAAPwbBvArOgxIKzkH55SEBu84u2SwAAAAAUAQAAEcBAAAAAAAAAAA="}
00203{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":11,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846965}
00488{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","packets-captured":11,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":25,"global_ts_msec":1557818846965}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 11/0

28
test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out
View File

@@ -1,36 +1,36 @@
00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00490{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1505724520744}
00255{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1505724520744}
00437{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1505724520744}
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505724520744,"flow_last_seen":1505724520744,"flow_idle_time":180000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1505724520744,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1505724520744,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_msec":1505724520744,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"}
00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505724520744,"flow_last_seen":1505724520744,"flow_idle_time":180000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1505724520744,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1505724520947,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1505724520947,"pkt":"MNF+EIYg\/Ejv6KgaCABFAABgHZ4AAD0Rln6XebkshL70DAhoCGgATAAAMP8APEGxP1xFAAA8AABAADIGm0iXecGgwKiTsQG75IBV2gFiQsba5qAScSDmyQAAAgQFeAQCCAoxbvx\/AAu5rwEDAwc="}
00255{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724521281}
00441{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1505724520947,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcNCoAAEARfD6EvvQMl3m5LAhoCGgASAAAMv8AOAE8W3RxUAAARQAANGNLQABABioFwKiTsZd5waDkgAG7Qsba5lXaAWOAEAHJhFMAAAEBCAoAC7oNMW78fw=="}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724521281}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1505724521281,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1505724521281,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcNCoAAEARfD6EvvQMl3m5LAhoCGgASAAAMv8AOAE8W3RxUAAARQAANGNLQABABioFwKiTsZd5waDkgAG7Qsba5lXaAWOAEAHJhFMAAAEBCAoAC7oNMW78fw=="}
00255{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":4,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":513,"expected":517,"global_ts_msec":1505724521624}
00987{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":513,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":513,"pkt_l4_len":0,"thread_ts_msec":1505724521281,"pkt":"\/Ejvopo\/MNF+D2w+CABFuAHzPsUAAEARcAyEvvQMl3m5LAhoCGgB3wAAMv8BzwE8W3RzUAAARQABy2NMQABABihtwKiTsZd5waDkgAG7Qsba5lXaAWOAGAHJpLIAAAEBCAoAC7oOMW78fxYDAQGSAQABjgMDWb+IaLIesQWIv6YFz4XWzGx5xL0th24F2at6CJidHk8AAQbALMAwAJ\/ArcCfwCTAKABrwArAFAA5wK\/Ao8CHwIvAfcBzwHcAxACIwCvALwCewKzAnsAjwCcAZ8AJwBMAM8CuwKLAhsCKwHzAcsB2AL4ARcAIwBIAFgCrwKfAOACzwDYAkcCRwJvAl8CrAKrApsA3ALLANQCQwJDAlsCawKrANACPAJ3AnQA9ADXAMsAqwA\/ALsAmwAXAocB7AMAAhMCNwHnAicB1AJzAnAA8AC\/AMcApwA7ALcAlwATAoMB6ALoAQcCMwHjAiMB0AArADcADAK0AtwCVwJPAmQCsALYAlMCSwJgAkwCpwKUArwCNwI\/AlcCpAKjApACuAIzAjsCUwKgAiwD\/AQAAXwAAABMAEQAADjE5Mi42OS4xMzYuMTc5AA0AFgAUBgMGAQUDBQEEAwQBAwMDAQIDAgEACgAYABYAGQAcABgAGwAXABYAGgAVABQAEwASAAsAAgEAABYAAAAXAAAAIwAA"}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":4,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":513,"expected":517,"global_ts_msec":1505724521624}
00255{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":9,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724523243}
00442{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1505724522900,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABccWEAAEARPweEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3R4UAAARQAANGNNQABABioDwKiTsZd5waDkgAG7QsbcfVXaBs+AEAIjeMYAAAEBCAoAC7rNMW7\/7w=="}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":9,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724523243}
00256{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":10,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724523425}
00443{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1505724523243,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcdugAAEAROYCEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3R5UAAARQAANGNOQABABioCwKiTsZd5waDkgAG7QsbcfVXaB5OAEAIjeAIAAAEBCAoAC7rNMW7\/7w=="}
00256{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":10,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724523425}
00256{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":11,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":118,"expected":122,"global_ts_msec":1505724523784}
00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_msec":1505724523425,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABogi4AAEARLi6EvvQMl3m5LAhoCGgAVAAAMv8ARAE8W3R6UAAARQAAQGNPQABABin1wKiTsZd5waDkgAG7QsbcfVXaB5OwEAIjg6MAAAEBCAoAC7rNMW8EIAEBBQpV2gbPVdoHkw=="}
00256{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":11,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":118,"expected":122,"global_ts_msec":1505724523784}
00256{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":12,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":629,"expected":633,"global_ts_msec":1505724525364}
01146{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":629,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":629,"pkt_l4_len":0,"thread_ts_msec":1505724523784,"pkt":"\/Ejvopo\/MNF+D2w+CABFuAJnsccAAEAR\/JWEvvQMl3m5LAhoCGgCUwAAMv8CQwE8W3R7UAAARQACP2NQQABABif1wKiTsZd5waDkgAG7QsbcfVXaB5OAGAIjv8IAAAEBCAoAC7rRMW8EIBYDAwIGEAACAgIAmOi+GN3N8UwFIOyGgG7fRoYqddIen6fJLfOoMdGcgjC7EXRuMLo4ueRPzuPNKTKsd0rXjIh8nF1luCtj74M6hLMrC8RgUQ8NtWnU+VyJ5ocLdxtzZF0gGB+1NhUGr48PAz8CyV8iWtZ4r5z1HdzPAjUZcbzNDe0GFdLkO0mrmT1V\/fADZpMXfOis2u6uwZpitz8p9IosL8QiH6+IqUMckXifdvysezYp9tH9I18YsH7HyCm46xkjwyg7bNLoY89xVSe+3KoGnCgNymiAS0DFirvRnfEhZ55M6aVqDHyopcrpE\/p7Ra+JZESNmMF2sYfinmGSLWypwRK8tqaU\/ff99MtBg4KsFRNdp7dUOalIiR2j+\/gLC7fy\/B8rinO1aEkQfPwupPH+TOkI6kU7p6ZpEMlgYUAeUCVVdw2kpGnwan1lhC7pX4eYGUKHCcYnb9WwWjN9kb1rdtJu6KJWHsmxhkqn+5IJXszwezV7EVVZplgJPkRBwWsUatOWpjd9GuEZrUofu+2zRAWb37O45WXULSMfnimMKJd4Xwqcyx7tqMpzzTK7dWYdIkVZW9y5jVbcfrEnX0PFjjBobFRt6z81tve44yNzWQLg\/BhIGmKgyP4ZWrM3REf0v0GIj8wfwr+jHsMczvQifNTnUyyug\/Xc6cQyMh8qaav4EhHbL4l4yFg="}
00256{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":12,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":629,"expected":633,"global_ts_msec":1505724525364}
00256{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":13,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":112,"expected":116,"global_ts_msec":1505724525422}
00451{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":112,"pkt_l4_len":0,"thread_ts_msec":1505724525364,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABis2MAAEAR\/P6EvvQMl3m5LAhoCGgATgAAMv8APgE8W3R8UAAARQAAOmNRQABABin5wKiTsZd5waDkgAG7QsbeiFXaB5OAGAIjWbAAAAEBCAoAC7rRMW8EIBQDAwABAQ=="}
00256{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":13,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":112,"expected":116,"global_ts_msec":1505724525422}
00256{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":14,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":151,"expected":155,"global_ts_msec":1505724525500}
00502{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":151,"pkt_l4_len":0,"thread_ts_msec":1505724525422,"pkt":"\/Ejvopo\/MNF+D2w+CABFuACJtcMAAEAR+neEvvQMl3m5LAhoCGgAdQAAMv8AZQE8W3R9UAAARQAAYWNSQABABinRwKiTsZd5waDkgAG7QsbejlXaB5OAGAIj3G8AAAEBCAoAC7rRMW8EIBYDAwAoAAAAAAAAAADM1WLZBbPlOmD9XANW49sO0tmduGTuSuv4J+SEqWJkSA=="}
00256{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":14,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":151,"expected":155,"global_ts_msec":1505724525500}
00256{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":21,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":151,"expected":155,"global_ts_msec":1505724526101}
00502{"packet_event_id":1,"packet_event_name":"packet","packet_id":21,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":151,"pkt_l4_len":0,"thread_ts_msec":1505724525702,"pkt":"\/Ejvopo\/MNF+D2w+CABFuACJx48AAEAR6KuEvvQMl3m5LAhoCGgAdQAAMv8AZQE8W3SBUAAARQAAYWNTQABABinQwKiTsZd5waDkgAG7QsbejlXaB5OAGAIj26cAAAEBCAoAC7uZMW8EIBYDAwAoAAAAAAAAAADM1WLZBbPlOmD9XANW49sO0tmduGTuSuv4J+SEqWJkSA=="}
00256{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":21,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":151,"expected":155,"global_ts_msec":1505724526101}
00256{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":22,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724526161}
00442{"packet_event_id":1,"packet_event_name":"packet","packet_id":22,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1505724526101,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcySMAAEAR50SEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3SDUAAARQAANGNUQABABin8wKiTsZd5waDkgAG7Qsbeu1XaCFKAEAIjZNIAAAEBCAoAC7vdMW8PEg=="}
00256{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":22,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724526161}
00258{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":24,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":1202,"expected":1206,"global_ts_msec":1505724526501}
01923{"packet_event_id":1,"packet_event_name":"packet","packet_id":24,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1202,"pkt_l4_len":0,"thread_ts_msec":1505724526302,"pkt":"\/Ejvopo\/MNF+D2w+CABFuASk0zUAAEAR2OqEvvQMl3m5LAhoCGgEkAAAMv8EgAE8W3SEUAAARQAEfGNVQABABiWzwKiTsZd5waDkgAG7Qsbeu1XaCIaAGAIjjQIAAAEBCAoAC7viMW8PEhcDAwRDAAAAAAAAAAFJqZsr2XFOAWwXDu0+7Y9vPaXF6QBuCgzG25Q\/KbgqYu88jDq040h3tvc+aLu+DTcTspkgI5XvLXRFxqBxdvTufQDpaiPCYyECwSJhep14pGbJr74Zfc\/j6Av4+JPM7XoLFlKyk030dBFrQrGR3OC0pR3zpNnKaUQjB+tTd4nLUXzWv2mjrWj7pce\/bPzpfedXtz8tcxLvi8SEHscHZsArZDwdeUf5QLLvVFDZNU4ZEQaimEyX15KzM6G5ToQIrvIFXEhAF3dG5oXfA+Ae4WLPSnyb5NwMMF4kDDNIe1ZVjNBxSABFaYjPPiJg0gQg\/+QEqg1CX23cpDZyJxz7smWB9h7xs7H9AygfzY9wASIaEq6DqGATMfMsN3dYWATzH3hum27SvUyhZ75L0k5HqqsoGIfu+LYC1hNDONFV6+lkufq4BpitkoCYAzdbmomEw05OzNlTrWr0XPFYwgNz7thDeUGqO\/xKaUFeEC4Y7Xy1Gc41hkWo54xuUrmAxO9X1\/+gkn+c3MHGrRESux79pmus577Y7Fo4U\/4oJ6luI0bGV303za2qj4yCdXLeQWjtrOGdBBkw\/wBHF5IbYMOF9bJFx68HeOrrn4nYFgmVhrWXDxyY1xWgLDIjRY5UDtLoQjMcM03rPMf1Z8L76UZ2YHFgGbBPU1OGctMjFUx+R73JxaqxVRw4ymshyrqvP9+E3HE7UquBR2x9EQISSgDorx56T92cLWOMHjn+ek1JnoCiwSF6nQ5wDmyw72RptvWz6AU0FUnuqURBs\/Yt3PJfdurGsJxYBs+wDZGPNy41Qf5bJwUyIKMkYqmgYULqkbNWOZxFV99s4+BV262g1PDKETuLCv2a\/bmZ\/xolpL0HSIF0vX2xBElZHZ+hd84KVa1Y1XFdDw8mr7TyDNVUiL3tNunlmrQfdQETgjFhKIaQn6XGF8V1kH05Pfc52o2vbYUaSnIDJWt30SPlvtzw5ruQY4AYjS9\/zvW4ADabvEgwiTZjb2txs6oHyKnVCekE0WjVDCEceBK1aQn6rKOOPXvKdj3iDTl1Ep2O3m+u3pqEIGzMPxhnKMpUTUMR5vH5kQ6XVO3\/\/O3Fv4Gs+QXjMNEsaI4CKiHU5k1Q0MbXxbrvkqD7nzLmoRz\/kTcbg2\/gjB1KRUMXAi27pqag38iFL5LdNl02Bk8czI\/JMSOpzjzmaW1x5HQLihorbExEU6gi6LG\/RLyN0wdxLAEVfUuvGwMzSO969\/mxBBfNydqDsDV4YQiFLRSJTGt9vGEn+QmnSkfZdl3aM1n9v1oUbRwSanCl2G5YkrCo8NVoEuKsjRybURkxyp7cEy1T38EAeIr7HE3lwdlheQG63MqfDiIz7ld4f9Q0nYgQa1Und43tDU8iH72YEZe9PfwwG1sJOBUaECdibU9+goippYdBUnHF+Q41lhVnISz+74wOY0LMuM8="}
00258{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":24,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":1202,"expected":1206,"global_ts_msec":1505724526501}
00256{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":25,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724526501}
00442{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1505724526501,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABc0zYAAEAR3TGEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3SFUAAARQAANGNWQABABin6wKiTsZd5waDkgAG7QsbjA1XaCIaAEQIjYE4AAAEBCAoAC7vkMW8PEg=="}
00256{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":25,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724526501}
00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1505724520744,"flow_last_seen":1505724526702,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5832,"flow_avg_l4_payload_len":216,"midstream":0,"thread_ts_msec":1505724526702,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}}
00499{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-data-len":5832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":35,"global_ts_msec":1505724526702}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -47,4 +47,4 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 260 chars
~~ json string max len.......: 1928 chars
~~ json string avg len.......: 1087 chars
~~ json string avg len.......: 1081 chars

8
test/results/log4j-webapp-exploit.pcap.out
View File

@@ -5,10 +5,10 @@
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1639425815407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815407,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADwAAEAAQAYGj6wQ7gqsEO4BH5AHwIo9\/lB5loKyoBJxIDRcAAACBAW0BAIICmhBAYSt+LIaAQMDBw=="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1639425815408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815408,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADRjYUAAPQamNawQ7gGsEO4KB8AfkHmWgrKKPf5RgBAB9sqWAAABAQgKrfiyHGhBAYQ="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815407,"flow_last_seen":1639425815415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":646,"flow_tot_l4_payload_len":646,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1639425815415,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"192.168.13.31","url":"192.168.13.31:8080\/log4shell\/login","code":0,"content_type":"","user_agent":"jndi:ldap:\/\/172.16.238.11:1389\/a"}}
00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"packet_id":6,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425815682}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815415,"pkt":"AAQAAQAGAkKsEO4KAAAIBgABCAAGBAABAkKsEO4KrBDuCgAAAAAAAKwQ7gs="}
00196{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":113,"packet_id":6,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425815682}
00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"packet_id":7,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425815682}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815415,"pkt":"AAAAAQAGAkKsEO4LAAAIBgABCAAGBAACAkKsEO4LrBDuCwJCrBDuCqwQ7go="}
00196{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":113,"packet_id":7,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425815682}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815682,"flow_last_seen":1639425815682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815682,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1639425815682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815682,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADycRUAAQAZqP6wQ7gqsEO4L4TIFbQLNSvsAAAAAoAJyEDRmAAACBAW0BAIICvIpEmgAAAAAAQMDBw=="}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1639425815683,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815683,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KBW3hMnt33KkCzUr8oBJxIDRmAAACBAW0BAIICingw2TyKRJoAQMDBw=="}
@@ -24,10 +24,10 @@
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1639425815944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADw8h0AAQAZP8awQ7goKCgof2HAjKVh5kSAAAAAAoAJyEK5yAAACBAW0BAIICq5YAo8AAAAAAQMDBw=="}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1639425815944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815944,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADwAAEAAQAaMeAoKCh+sEO4KIynYcLp2lFRYeZEhoBJxIK5yAAACBAW0BAIICiCvi5+uWAKPAQMDBw=="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1639425815944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADQ8iEAAQAZP+KwQ7goKCgof2HAjKVh5kSG6dpRVgBAA5a5qAAABAQgKrlgCjyCvi58="}
00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"packet_id":35,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425820869}
00342{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815944,"pkt":"AAAAAQAGAkJ2jzQWAAAIBgABCAAGBAABAkJ2jzQWrBDuAQAAAAAAAKwQ7go="}
00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":113,"packet_id":35,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425820869}
00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"packet_id":36,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425820869}
00342{"packet_event_id":1,"packet_event_name":"packet","packet_id":36,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIBgABCAAGBAACAkKsEO4KrBDuCgJCdo80FqwQ7gE="}
00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":113,"packet_id":36,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425820869}
00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":65,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1639425815944,"flow_last_seen":1639425823295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1639425823295,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425834628,"flow_last_seen":1639425834628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834628,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1639425834628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834628,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADxNdkAAQAa5DqwQ7gqsEO4L4Y4FbXfaWIQAAAAAoAJyEDRmAAACBAW0BAIICvIpXGkAAAAAAQMDBw=="}

4
test/results/ndpi_match_string_subprotocol__error.pcapng.out
View File

@@ -6,8 +6,8 @@
01082{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1258162014557,"flow_last_seen":1258162014576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1258162014576,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.68.137.118","url":"10.68.137.118:8091\/Apcn\/ApcRemoteService","code":0,"content_type":"","user_agent":"Jakarta Commons-HttpClient\/3.0.1"}}
00975{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1258162014582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"thread_ts_msec":1258162014582,"pkt":"AAAMB6wcAFBWmXinCABFAAGYOjtAAIAGGFUKRIl2CgMJEx+bnriXAiqLAq1VHlAY9oqoWgAASFRUUC8xLsUgMjAwIE9LDQpEYXRlOiBTYXQsIDE0IE5vdiAyMDA5IDAxOjJGOjI3IEdNVA0KU2VydmVyQiBTdW4gR2z6cnNGaXNoIEVudGVycHJpc2UgU2VydmVyIHYyLjENClgtUG93ZXJlZC1CeTogU2VydmxldC8yLjUNCkNvbnRlbnQtVHlw5TogdGV4dC94bWw7Y2hhcnNldD0idXRmLTgiDQpDb250ZW50LUxlbmd0aEwgMTc4DQoNCjw\/eG1sIHZlcnNpb249IjEuMCIgPz48UzpFbnZlbG9wZSB4bWxuczpTPSJodHRwOi8vc2NoZW9hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+PFM6Qm9keT48bnMyOmNvbmZpZ3VyZVJlSnBvbnNlIHhtbG5zOm5zJQAidXJpOi8vYWxjYXRlbC5jb20vYXBjLzIuMCIvPjwvUzpCb2R5PjwvUzpFbnZlbG9wZT4="}
00499{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-data-len":1494,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1258165452647}
00234{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":10,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","l4_data_len":542,"global_ts_msec":1258165452669}
01070{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":576,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":576,"pkt_l4_len":0,"thread_ts_msec":1258165452652,"pkt":"AFBWmXinAB9to6gACABFAAoyGs1AADwGeykKAwkTCkSJdp64H5sj28X747el5lAYwhBevQAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aVhlIEhUVFAvMS4xDQpTT09QQWN0aW9uOiANCkNvbnRlbnQtdHlwZTogQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogMzQ0DQoNCjxzb2FwZW52OkVudmVsb3BlIHhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zcmFwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpC8WR5PgogICAgPG5zOmdldENvbmZpZ3VyZWRUZW1wbGF0ZT4KICAgICAgPG9iamVjdE5hbWU+TldNOToxLTEtMS0xOTwvb2JqZWN0TmFtZT4KICAgICAgPHRlbXBsYXRlTmFtZT5YRFNMX0FUTV9QVE08L3RlbXBsYXRlTmFtZT4KICAgIDwvbnM6Z6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00234{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":10,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","l4_data_len":542,"global_ts_msec":1258165452669}
00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1258162014557,"flow_last_seen":1258165452688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":2179,"flow_avg_l4_payload_len":167,"midstream":0,"thread_ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00505{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-data-len":2179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":12,"global_ts_msec":1258165452688}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -24,4 +24,4 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 239 chars
~~ json string max len.......: 1994 chars
~~ json string avg len.......: 1129 chars
~~ json string avg len.......: 1121 chars

1892
test/results/ocs.pcap.out
View File

File diff suppressed because it is too large Load Diff

706
test/results/quic-mvfst-22_decryption_error.pcap.out
View File

File diff suppressed because it is too large Load Diff

18
test/results/reasm_crash_anon.pcapng.out
View File

@@ -4,27 +4,27 @@
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1410865705717,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1410865705717,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1410865705719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"thread_ts_msec":1410865705719,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAH6lHkAAQAYvuwrRCJTAqJGTVe\/IEt2R21o7+2QM0BgBxZZgqqoBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":15,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45,"global_ts_msec":1410865765918}
00388{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"thread_ts_msec":1410865735821,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAUEBk0AAQAbShMCokZMK0QiUyBJV7zv7ZBndkeFwgBghOxJYAAABAQgKPppBVDphzho8ZGV0YWlscyAvPg0K"}
00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":15,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45,"global_ts_msec":1410865765918}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":17,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":86,"global_ts_msec":1410865765920}
00447{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1410865765918,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAHqlIkAAQAYvvArRCJTAqJGTVe\/IEt2R4XA7+xsmgBgBxWJIAAABAQgKOmJDrj6aQVQ8ZGV0YWlscyBpZD0iIiA+Cgk8dXB0aW1lJQAyNzQ3ODY8L3VwdGltZT4KPC9kZXRhaWxzPgo="}
00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":17,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":86,"global_ts_msec":1410865765920}
00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":34,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1410865705717,"flow_last_seen":1410865856223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":3945,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1410865856223,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":45,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410865916424}
00372{"packet_event_id":1,"packet_event_name":"packet","packet_id":45,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":1410865916424,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAEDQBpEAAQAbDgMCokZMK0QiUyBJV7zv7ZGfdkfOygBAhO8pkAAABAQgKPpyNPTpkj5Y="}
00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":45,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410865916424}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":68,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410866097027}
00372{"packet_event_id":1,"packet_event_name":"packet","packet_id":68,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":1410866097026,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAIDQBtkAAQAazbsCokZMK0QiUyBJV7zv7ZLXdkgX0gBAhO3luAAABCApjn064OmdREwA="}
00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":68,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410866097027}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":81,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45,"global_ts_msec":1410866217426}
00388{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"thread_ts_msec":1410866187327,"pkt":"AAQAAQAGplhD8kgGAAAIAEUALkEBwEAAQAalV8CokZMK0QiUyBJV7zv7ZNzdkg8VgBghOxx4AAABAQgKPqElBzposdE8ZGV0YWlscyAvPg0K"}
00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":81,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45,"global_ts_msec":1410866217426}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":87,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1410866247530}
00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":56,"pkt_l4_len":0,"thread_ts_msec":1410866247528,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBxUAAQAbTXsCokZMK0QiUyBJV7zv7ZPbdkhUrgRAhO4yLAAA="}
00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":87,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1410866247530}
00483{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":94,"packets-processed":87,"total-skipped-flows":0,"total-l4-data-len":4999,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":20,"global_ts_msec":1410866307727}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":108,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45,"global_ts_msec":1410866428129}
00389{"packet_event_id":1,"packet_event_name":"packet","packet_id":108,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"thread_ts_msec":1410866398032,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAekEB1UAAQAZZQsCokZMK0QiUyBJV7zv7ZTfdkiRigBghO5ioAAABAQgKPqRcFzpr6OI8ZGV0YWlscyAvPg0K"}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":108,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45,"global_ts_msec":1410866428129}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":130,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410866578634}
00375{"packet_event_id":1,"packet_event_name":"packet","packet_id":130,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":1410866578634,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAHQB5UAAQAbS\/8CokZMK0QiUyBJV7zv7ZYXdkjPPgBAhO1OLAAABAQgKPqan\/zpuql4="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":130,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410866578634}
00486{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":170,"packets-processed":161,"total-skipped-flows":0,"total-l4-data-len":6132,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":25,"global_ts_msec":1410866909737}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410867060242}
00374{"packet_event_id":1,"packet_event_name":"packet","packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":1410867060242,"pkt":"AAQAAQAGplhD8kgGAAAIAEUARjQCFUAAQAaND8CokZMK0QiUyBJV7zv7ZlXdkmR\/gBAhO29pAAABAQgKPq4BRzp2A6k="}
00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410867060242}
00652{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1410865705717,"flow_last_seen":1410867180785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":6327,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1410867180785,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00488{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":209,"packets-processed":200,"total-skipped-flows":0,"total-l4-data-len":6327,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":29,"global_ts_msec":1410867180785}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~

56
test/results/reasm_segv_anon.pcapng.out
View File

@@ -1,66 +1,66 @@
00468{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00475{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1550422828553}
00240{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422828553}
00413{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="}
00240{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422828553}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1550422828553,"flow_last_seen":1550422828553,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1550422828553,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1550422828553,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1550422828553,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1550422828553,"flow_last_seen":1550422828553,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1550422828553,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}}
00240{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422828949}
00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422828553,"pkt":"AAAAcxs8EFFy5LtdCABFeABcLoEAAEARx6qRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPNcwAARQAANFkkQAB\/BgGQrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBcqsAAAEBBQo6qnTxOqqK0Q=="}
00240{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422828949}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1550422828949,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1550422828949,"pkt":"AAAAcxs8EFFy5LtdCABFeABcLoEAAEARx6qRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPNcwAARQAANFkkQAB\/BgGQrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBcqsAAAEBBQo6qnTxOqqK0Q=="}
00240{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":3,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422829033}
00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422828949,"pkt":"AAAAcxs8EFFy5LtdCABFeABcSu8AAEARqzyRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPOcwAARQAANFklQAB\/BgGPrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBbTMAAAEBBQo6qnTxOqqQSQ=="}
00240{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":3,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422829033}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1550422829033,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1550422829033,"pkt":"AAAAcxs8EFFy5LtdCABFeABcSu8AAEARqzyRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPOcwAARQAANFklQAB\/BgGPrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBbTMAAAEBBQo6qnTxOqqQSQ=="}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":14,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422830892}
00435{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422829930,"pkt":"AAAAcxs8EFFy5LtdCABFeABkrHMAAEARSbCRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPacwAARQAAPFkxQAB\/BgF7rBEkFT++kSvhEwBQ8LOPBjqqVCGgEAEB\/lMAAAEBBRI6qmoBOqpveTqqdPE6qpBJ"}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":14,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422830892}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":16,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422831332}
00434{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422830894,"pkt":"AAAAcxs8EFFy5LtdCABFeABkPGYAAEARub2RTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPbcwAARQAAPFkyQAB\/BgF6rBEkFT++kSvhEwBQ8LOPBjqqVCGgEAEBA8wAAAEBBRI6qmSJOqpveTqqdPE6qpBJ"}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":16,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422831332}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":24,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422831496}
00447{"packet_event_id":1,"packet_event_name":"packet","packet_id":24,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422831334,"pkt":"AAAAcxs8EFFy5LtdCABFeABsdA0AAEARgg6RTALsu2A0VQhoCGgAWAAAMv8ASAn8kEPccwAARQAARFkzQAB\/BgFxrBEkFT++kSvhEwBQ8LOPBjqqVCHAEAEBaSwAAAEBBRo6qn\/hOqqFWTqqdPE6qpBJOqpkiTqqb3k="}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":24,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422831496}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":25,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422831516}
00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422831496,"pkt":"AAAAcxs8EFFy5LtdCABFeABseqMAAEARe3iRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEPdcwAARQAARFk0QAB\/BgFwrBEkFT++kSvhEwBQ8LOPBjqqVCHAEAEBXjwAAAEBBRo6qoVZOqqK0TqqdPE6qpBJOqpkiTqqb3k="}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":25,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422831516}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":26,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422833131}
00435{"packet_event_id":1,"packet_event_name":"packet","packet_id":26,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422831516,"pkt":"AAAAcxs8EFFy5LtdCABFeABkmSIAAEARXQGRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPqcwAARQAAPFk9QAB\/BgFvrBEkFT++kSvhEwBQ8LOPBjqqWZmgEAEB\/lMAAAEBBRI6qnTxOqqQSTqqZIk6qm95"}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":26,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422833131}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":30,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422833287}
00434{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422833134,"pkt":"AAAAcxs8EFFy5LtdCABFeABkzGMAAEARKcCRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPrcwAARQAAPFk+QAB\/BgFurBEkFT++kSvhEwBQ8LOPBjqqXxGgEAEB+NsAAAEBBRI6qnTxOqqQSTqqZIk6qm95"}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":30,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422833287}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":34,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422833447}
00447{"packet_event_id":1,"packet_event_name":"packet","packet_id":34,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422833289,"pkt":"AAAAcxs8EFFy5LtdCABFeABsAdEAAEAR9EqRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEPscwAARQAARFk\/QAB\/BgFlrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBHQQAAAEBBRo6qqCxOqqlwTqqdPE6qpBJOqpkiTqqb3k="}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":34,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422833447}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":35,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422834706}
00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422833447,"pkt":"AAAAcxs8EFFy5LtdCABFeABspBUAAEARUgaRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP1cwAARQAARFlIQAB\/BgFcrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBG8wAAAEBBRo6qqCxOqqm+TqqdPE6qpBJOqpkiTqqb3k="}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":35,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422834706}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":36,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422834810}
00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":36,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422834706,"pkt":"AAAAcxs8EFFy5LtdCABFeABswggAAEARNBORTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP3cwAARQAARFlJQAB\/BgFbrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBF4wAAAEBBRo6qqCxOqqrOTqqdPE6qpBJOqpkiTqqb3k="}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":36,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422834810}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":37,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422834810}
00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":37,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422834810,"pkt":"AAAAcxs8EFFy5LtdCABFeABswgkAAEARNBKRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP4cwAARQAARFlKQAB\/BgFarBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBFlQAAAEBBRo6qqCxOqqscTqqdPE6qpBJOqpkiTqqb3k="}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":37,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422834810}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":38,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422834970}
00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":38,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422834810,"pkt":"AAAAcxs8EFFy5LtdCABFeABsCZYAAEAR7IWRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP6cwAARQAARFlLQAB\/BgFZrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBEhQAAAEBBRo6qqCxOqqwsTqqdPE6qpBJOqpkiTqqb3k="}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":38,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422834970}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":49,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":130,"expected":134,"global_ts_msec":1550422836805}
00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":49,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":130,"pkt_l4_len":0,"thread_ts_msec":1550422835423,"pkt":"AAAAcxs8EFFy5LtdCABFeAB0ec4AAEARfEWRTALsu2A0VQhoCGgAYAAAMv8AUAn8kEMGdAAARQAATFlXQAB\/BgFFrBEkFT++kSvhEwBQ8LOPBjqqXxHgEAEBriQAAAEBBSI6qmSJOqpqATqqZIk6qm95OqqgsTqqsLE6qnTxOqqQSQ=="}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":49,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":130,"expected":134,"global_ts_msec":1550422836805}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":51,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422837968}
00434{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422836808,"pkt":"AAAAcxs8EFFy5LtdCABFeABkCt4AAEAR60WRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEMOdAAARQAAPFlfQAB\/BgFNrBEkFT++kSvhEwBQ8LOPBjqqb3mgEAEBaxMAAAEBBRI6qqCxOqqwsTqqdPE6qpBJ"}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":51,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422837968}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":54,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422838904}
00426{"packet_event_id":1,"packet_event_name":"packet","packet_id":54,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422837971,"pkt":"AAAAcxs8EFFy5LtdCABFeABcQ5AAAEARspuRTALsu2A0VQhoCGgASAAAMv8AOAn8kEMUdAAARQAANFllQAB\/BgFPrBEkFT++kSvhEwBQ8LOPBjqqkEmAEAEB5OIAAAEBBQo6qqCxOqqwsQ=="}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":54,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422838904}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":57,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422838960}
00426{"packet_event_id":1,"packet_event_name":"packet","packet_id":57,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422838907,"pkt":"AAAAcxs8EFFy5LtdCABFeABcVMgAAEARoWORTALsu2A0VQhoCGgASAAAMv8AOAn8kEMVdAAARQAANFlmQAB\/BgFOrBEkFT++kSvhEwBQ8LOPBjqqlcGAEAEB32oAAAEBBQo6qqCxOqqwsQ=="}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":57,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422838960}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":59,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422840104}
00426{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422838963,"pkt":"AAAAcxs8EFFy5LtdCABFeABc4ZkAAEARFJKRTALsu2A0VQhoCGgASAAAMv8AOAn8kEMfdAAARQAANFlvQAB\/BgFFrBEkFT++kSvhEwBQ8LOPBjqqlcGAEAEB5OIAAAEBBQo6qps5OqqwsQ=="}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":59,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422840104}
00239{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":60,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":94,"expected":98,"global_ts_msec":1550422840304}
00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":60,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1550422840104,"pkt":"AAAAcxs8EFFy5LtdCABFeABQIPEAAEAR1UaRTALsu2A0VQhoCGgAPAAAMv8ALAn8kEMgdAAARQAAKFlwQAB\/BgFQrBEkFT++kSvhEwBQ8LOPBjqqsLFQEAEBwUkAAA=="}
00239{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":60,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":94,"expected":98,"global_ts_msec":1550422840304}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":71,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422840464}
00426{"packet_event_id":1,"packet_event_name":"packet","packet_id":71,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422840306,"pkt":"AAAAcxs8EFFy5LtdCABFeABcV2kAAEARnsKRTALsu2A0VQhoCGgASAAAMv8AOAn8kEMhdAAARQAANFlxQAB\/BgFDrBEkFT++kSvhEwBQ8LOPBjqqsLGAEAEB5OIAAAEBBQo6qpXBOqqbOQ=="}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":71,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422840464}
00239{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":72,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":94,"expected":98,"global_ts_msec":1550422841363}
00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":72,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1550422840464,"pkt":"AAAAcxs8EFFy5LtdCABFeABQeDYAAEARfgGRTALsu2A0VQhoCGgAPAAAMv8ALAn8kEMndAAARQAAKFl3QAB\/BgFJrBEkFT++kSvhEwBQ8LOPBjqqtilQEAEBu9EAAA=="}
00239{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":72,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":94,"expected":98,"global_ts_msec":1550422841363}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":75,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422841387}
00426{"packet_event_id":1,"packet_event_name":"packet","packet_id":75,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422841366,"pkt":"AAAAcxs8EFFy5LtdCABFeABcgJcAAEARdZSRTALsu2A0VQhoCGgASAAAMv8AOAn8kEModAAARQAANFl4QAB\/BgE8rBEkFT++kSvhEwBQ8LOPBjqqtimAEAEBiLoAAAEBBQo6qsEZOqrGkQ=="}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":75,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422841387}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":76,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422841667}
00434{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422841387,"pkt":"AAAAcxs8EFFy5LtdCABFeABk3UcAAEARGNyRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEMpdAAARQAAPFl5QAB\/BgEzrBEkFT++kSvhEwBQ8LOPBjqqtimgEAEBStoAAAEBBRI6qtGBOqrW+TqqwRk6qsaR"}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":76,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422841667}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":77,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422841947}
00434{"packet_event_id":1,"packet_event_name":"packet","packet_id":77,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422841667,"pkt":"AAAAcxs8EFFy5LtdCABFeABkO3EAAEARurKRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEMqdAAARQAAPFl6QAB\/BgEyrBEkFT++kSvhEwBQ8LOPBjqqtimgEAEBRWIAAAEBBRI6qsEZOqrMCTqq0YE6qtb5"}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":77,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422841947}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":78,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422842802}
00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":78,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422841947,"pkt":"AAAAcxs8EFFy5LtdCABFeABsXowAAEARl4+RTALsu2A0VQhoCGgAWAAAMv8ASAn8kEMydAAARQAARFmBQAB\/BgEjrBEkFT++kSvhEwBQ8LOPBjqqtinAEAEB0NEAAAEBBRo6quzZOqryUTqqwRk6qswJOqrRgTqq1vk="}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":78,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422842802}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":79,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422842862}
00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":79,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422842802,"pkt":"AAAAcxs8EFFy5LtdCABFeABsdGMAAEARgbiRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEMzdAAARQAARFmCQAB\/BgEirBEkFT++kSvhEwBQ8LOPBjqqtinAEAEB1kkAAAEBBRo6qudhOqryUTqqwRk6qswJOqrRgTqq1vk="}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":79,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422842862}
00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":81,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422844222}
00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422842865,"pkt":"AAAAcxs8EFFy5LtdCABFeABsUeoAAEARpDGRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEM8dAAARQAARFmLQAB\/BgEZrBEkFT++kSvhEwBQ8LOPBjqqu6HAEAEB0NEAAAEBBRo6qudhOqryUTqqwRk6qswJOqrRgTqq1vk="}
00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":81,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422844222}
00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":82,"flow_first_seen":1550422828553,"flow_last_seen":1550422844224,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74496,"flow_avg_l4_payload_len":908,"midstream":0,"thread_ts_msec":1550422844224,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}}
00485{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","packets-captured":82,"packets-processed":82,"total-skipped-flows":0,"total-l4-data-len":74496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":65,"global_ts_msec":1550422844224}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~

2
test/results/skype_no_unknown.pcap.out
View File

@@ -502,8 +502,8 @@
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1431970665893,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431970665893,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9lmMAAEARmbbAqAEinTfrlDLdnGEAKXtSe2sCw7Vy\/6hHK2XTagfLmixWAHOAd\/loE1p\/EyV7QPa1"}
00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00192{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":897,"source":"skype_no_unknown.pcap","alias":"nDPId-test","layer_type":94,"global_ts_msec":1431970666370}
00417{"packet_event_id":1,"packet_event_name":"packet","packet_id":897,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":100,"pkt_type":94,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":100,"pkt_l4_len":0,"thread_ts_msec":1431970666274,"pkt":"AQAMzMzMJKQ8\/kzXAF6qqgMAAAwgAAF4S2kAAQAOQWlyR2F0ZXdheQACABEAAAABAQHMAATAqAHbAAQACAAAAAIABQAQQWlyR1cudjEuMC4zAAYAB0FHVwADAAdicjAA\/wAFLg=="}
00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":897,"source":"skype_no_unknown.pcap","alias":"nDPId-test","layer_type":94,"global_ts_msec":1431970666370}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":899,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666902,"flow_last_seen":1431970666902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970666902,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1431970666902,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970666902,"pkt":"0NQSxnP1PBXCt3IOCABFAABAb9VAAEAG6VLAqAEinTeCjsg3nEXoG0e9AAAAALAC\/\/9+tAAAAgQFtAEDAwUBAQgKPjIEMAAAAAAEAgAA"}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666902,"flow_last_seen":1431970666902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970666902,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51256,"dst_port":40013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}

2
test/results/starcraft_battle.pcap.out
View File

@@ -47,8 +47,8 @@
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389961548,"flow_last_seen":1437389961548,"flow_idle_time":7440000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"thread_ts_msec":1437389961548,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1437389961548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1437389961548,"pkt":"hCYVPnXEIImEa8W6CABFAAApPndAAIAGAKbAqAFkQOm4vArHFGzE+CH9edXaGlAQAPyZDAAAAA=="}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1437389961598,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389961598,"pkt":"IImEa8W6hCYVPnXECABFAAA0aJ8AACgGbnNA6bi8wKgBZBRsCsd51doaxPgh\/oAQAXGUkwAAAQEFCsT4If3E+CH+"}
00194{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":28,"source":"starcraft_battle.pcap","alias":"nDPId-test","layer_type":35020,"global_ts_msec":1437389962628}
00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":28,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":58,"pkt_type":35020,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_msec":1437389961598,"pkt":"AYDCAAAOIImEa8W6iMwCBwQgiYRrxboEBwMgiYRrxboGAg4R\/gkAEg8BAwABAAD+BwASuwEAAQEAAA=="}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":28,"source":"starcraft_battle.pcap","alias":"nDPId-test","layer_type":35020,"global_ts_msec":1437389962628}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389963466,"flow_last_seen":1437389963466,"flow_idle_time":180000,"flow_min_l4_payload_len":381,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":381,"midstream":0,"thread_ts_msec":1437389963466,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1437389963466,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"thread_ts_msec":1437389963466,"pkt":"AQBef\/\/6hCYVPnXECABFAAGZAABAAAERxbPAqAH+7\/\/\/+pbNB2wBhW9zTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTYwDQpsT0NBVElPTjogaHR0cDovLzE5Mi4xNjguMS4yNTQ6NTcwNTIvcm9vdERlc2MwLnhtbA0KU0VSVkVSOiBFUElDRU5UUk8gVVBuUC8xLjAgTWluaVVQblBkLzEuNg0KTlQ6IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpVU046IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpOVFM6IHNzZHA6YWxpdmUNCk9QVDogImh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7DQowMS1OTFM6IDENCkJPT1RJRC5VUE5QLk9SRzogMQ0KQ09ORklHSUQuVVBOUC5PUkc6IDEzMzcNCg0K"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389963466,"flow_last_seen":1437389963466,"flow_idle_time":180000,"flow_min_l4_payload_len":381,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":381,"midstream":0,"thread_ts_msec":1437389963466,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}

78
test/results/teams.pcap.out
View File

@@ -3,21 +3,21 @@
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041672419,"flow_last_seen":1587041672419,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1587041672419,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1587041672419,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1587041672419,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
00715{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041672419,"flow_last_seen":1587041672419,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1587041672419,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041672611}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041672419,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041672611}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041673094,"flow_last_seen":1587041673094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1587041673094,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1587041673094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041673094,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPCDAqAEGlZqnW+SlAbsZTPC7DAoX94ARECZ4MwAAAQEICjCEirAtAPMf"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041673412}
00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041673094,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041673412}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041673611}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041673094,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041673611}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":6,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041674611}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041673094,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":6,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041674611}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1587041675216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041675216,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPCDAqAEGlZqnW+SlAbsZTPC7DAoX94ARECZv6wAAAQEICjCEkvgtAPMf"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":8,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041675409}
00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041675216,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":8,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041675409}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":9,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041675611}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041675216,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":9,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041675611}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041675997,"flow_last_seen":1587041675997,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041675997,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1587041675997,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1587041675997,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPKfkAAP8RDk3AqAEGwKgBAe2NADUAO4czzp0BAAABAAAAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAAQAB"}
00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041675997,"flow_last_seen":1587041675997,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041675997,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -35,8 +35,8 @@
01171{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041676435,"flow_last_seen":1587041676464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6235,"flow_avg_l4_payload_len":519,"midstream":0,"thread_ts_msec":1587041676464,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}
00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676362,"flow_last_seen":1587041676499,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1587041676499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01499{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041676362,"flow_last_seen":1587041676545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4377,"flow_avg_l4_payload_len":547,"midstream":0,"thread_ts_msec":1587041676545,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":64,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041676611}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041676592,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":64,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041676611}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041676612,"flow_last_seen":1587041676612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041676612,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1587041676612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041676612,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4fAqAEGKH4JBex2AbukS07pAAAAALAC\/\/+ZfQAAAgQFtAEDAwUBAQgKMISYYwAAAAAEAgAA"}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1587041676642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041676642,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8LqNAAG0G6+cofgkFwKgBBgG77HaiQxrbpEtO6qASIAC6gQAAAgQFoAEDAwgEAggKVQC94TCEmGM="}
@@ -55,19 +55,19 @@
00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041677243,"flow_last_seen":1587041677255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041677255,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
01172{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041677243,"flow_last_seen":1587041677269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6239,"flow_avg_l4_payload_len":519,"midstream":0,"thread_ts_msec":1587041677269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1587041677380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041677380,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGPCzAqAEGlZqnW+SlAbsZTPC8DAoX91AUECaMmwAA"}
00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":607,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041677408}
00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":607,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041677401,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00184{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":607,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041677408}
00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1587041677422,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1587041677422,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES5AAEARZ+PAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGADtdrMEAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":617,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041677611}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":617,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041677424,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":617,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041677611}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041678029,"flow_last_seen":1587041678029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041678029,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1587041678029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041678029,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex5Abv0H+uOAAAAALAC\/\/9XkAAAAgQFtAEDAwUBAQgKMISdwwAAAAAEAgAA"}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1587041678074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041678074,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8KlZAAGwGoSQ0ck0hwKgBBgG77Hk7ZXhQ9B\/rj6ASIAAz8QAAAgQFoAEDAwgEAggKYRL\/2zCEncM="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1587041678074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041678074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+uPO2V4UYAQEAlydQAAAQEICjCEne9hEv\/b"}
00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041678029,"flow_last_seen":1587041678074,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041678074,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01500{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":625,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041678029,"flow_last_seen":1587041678120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041678120,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":644,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041678611}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":644,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041678303,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":644,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041678611}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679059,"flow_last_seen":1587041679059,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041679059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1587041679059,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1587041679059,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFmxQAAP8RnTvAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679059,"flow_last_seen":1587041679059,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041679059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -77,10 +77,10 @@
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1587041679280,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01092{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1587041679280,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_msec":1587041679280,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAIBMegAAEARwq7AqAEGwKgB\/0RcRFwB7bcHeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxMzMzNTg3NDkxMjE4NDQ1MzM1NDE0MzUyMjUyODU2OTU0NjIxMiwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzI3NTAzNzA1NjAsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCA0MDU2NDYyNTkyLCA3MDUzNjI3MTg0LCAxNTIyMTc3NTg3LCAxNDIxMTE0Mzk5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1587041679280,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":648,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041679406}
00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":648,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041679280,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00184{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":648,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041679406}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":649,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041679611}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":649,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041679280,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":649,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041679611}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1587041680062,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1587041680062,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFhq8AAP8RsaDAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1587041680074,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_msec":1587041680074,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB61LQAAEARImfAqAEBwKgBBgA1+i4AZgAAp0uBgwABAAAAAQAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAHAGwAGAAEAAAA7ACkFZG5zZG\/AGwpwb3N0bWFzdGVywBt4ZvNkAACowAAAHCAAJOoAAAACWA=="}
00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":651,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1587041679059,"flow_last_seen":1587041680074,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041680074,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -91,17 +91,17 @@
00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1587041680294,"pkt":"KDc3AG3IEBMx8Tl2CABFAABYCTNAAHEGSuNdPpadwKgBBgG77GBJd2ZkkI5L3oAY\/\/uUpgAAAQEICsJ1bW4wg\/kbFwMDAB8AAAAAAAAABVYf48xkHJTZ\/YMO7dmv4tC6Gofi60hR"}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041680294,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGhUbAqAEGXT6WnexgAbuQjkveAAAAAFAEAAAvzgAA"}
01944{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1156,"pkt_l4_len":1122,"thread_ts_msec":1587041680294,"pkt":"KDc3AG3IEBMx8Tl2CABFAAR2CTRAAHEGRsRdPpadwKgBBgG77GBJd2aIkI5L3oAY\/\/v9PwAAAQEICsJ1bW4wg\/kbFwMDBD0AAAAAAAAABm9iu+t9XgqZR4s0F3BUPHh3OFodjBrwIjhJ5jzUDrtlDVli1SVxk270m+gEbse5EGdXD2tQPqX+uNfx4B7otIIyfqifH2S\/KFxGyKDkumEYrUX2hsTy4AvsIXg77ggsd77nUCYIUkr9Dcu1K8XBBisxPpHT+zWCDZADIu9GEbXV2\/9sowiGe8yrlpVrokOfQ1DpsHmZowwlG7Bi36UFm+L5Z6cwifqjKB8bGHxJp5qTVRJD\/elikR43sBRzkZfcKqYDSp7JYzhK3QKUfc6m5GUQ5dfnLhv5nlfAs74UtmJ5EyjXuAHe9YxanSSvzzG4JMTWGAY5tTjjtYwpZihFAGx52HToq2O+CpcbwPHV1TLQUDbT2yGJc7gM1GLG5aFGzYu4CebCnnBl2NsUqq80dM5DZBgWZFtSy9z2NYnNFnXM\/L50k82dbGP\/hbFfCNFMS6BvXhwvqUQidPN2cRmVwTsWXaFgKlMTAFoatWZ\/LRmGoWBdnNparAnK8NJzgtzGWejWpNSxsXZQ1NSy\/4QwWmZ1aiyH3lAZfsyIjqYBH478mZLwQeLwCsFzK39ybhvc8awbkRiAIoeLHCDrqRPBNhP62oMKfuuybYfQO5cgeLBcoVWj4YmTHvVqXUaiIJM0ecCweYrE28c1bMOuRYrnD6X5H1vOaut8zUARe+SwmWED1FAd9+LaLocuQm5mzrdNkB6aXE4s0lhsnmXfrvdjFstoXCwJT0nh7ITIpoT2HCapxHTDXopSW+f6iqr0aTti5yh8nUUMgZZ++9jn1o3T3lmRclm9+mgQdUUmHkA3dQCgvlVHN9ZAWzkNyqS56Hs+VXyhIUgDoTONh43ut\/yBnqLWJ6HXKcI6qe1ntdtXyoQyjYZpSOnm2uYp+6WFP8eztjtGexEu6hDqMx2fyQv\/mVl0auJxOvVANURsh9C6cu1LRWqw8SukcmJhO9ptW5iUNYclFK0BRMa7HDoqgqFCccb2WkU4sxDCVFF52CIMR33VkffteHiI9\/NgTNgZERM3tobFzsdXrDpRRXLWDage6O7fLzs8m9hERZCv46Exgndu8ho3VvbFCaZyMsnBpC0\/L6igC1xzLSs2ksZSkx5L9Q7VhMaHlPusEBUMQJ5uA6CkdGrw0a3GiTrkSUGJIGKC7WyL+yh36GZcaflqIrfqPpArwHS0O6hsLRU\/2t+Pwt19umaYcC7QuLOwfSwEr1PxrFtzW1mzlNCKarl0LmPBlPWyV5JfN4y4C1aRVZ7yV7\/4iclnIrddqAkiXdgSc+ai4OnXQhk4fgmfh+Ar5gfpmM8U2v\/X345bEZszWOszb+cdvmzW47cwiYheg59HkuZ4TWUwEFRrPkd047noDz+bhfvXLMYNCStN2XWEGpRFtvI8rpdiTmvHc7+aKDQSaaH8jzVNbso1cSOHqJjXtpeD+vrVfOMXgQ=="}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":669,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041680611}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":669,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041680294,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":669,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041680611}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681218,"flow_last_seen":1587041681218,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1587041681218,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1587041681218,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1587041681218,"pkt":"EBMx8Tl2KDc3AG3ICABFAABLUFkAAP8R5\/DAqAEGwKgBAd06ADUANyl9Kf0BAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAE="}
00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681218,"flow_last_seen":1587041681218,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1587041681218,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com.edgekey.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1587041681248,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1587041681248,"pkt":"KDc3AG3IEBMx8Tl2CABFAACAqEJAADkRFdPAqAEBwKgBBgA13ToAbAAAKf2BgAABAAIAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAHADAAFAAEAAADSABkFZTcyNzkFZHNjZTkKYWthbWFpZWRnZcAmwDsAAQABAAAAFAAEFzKeWA=="}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041681218,"flow_last_seen":1587041681248,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1587041681248,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com.edgekey.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.50.158.88"}}
00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":853,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041681407}
00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":853,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041681401,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00184{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":853,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041681407}
00181{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":864,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041681611}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":864,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041681458,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":864,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041681611}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681714,"flow_last_seen":1587041681714,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1587041681714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1587041681714,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1587041681714,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCnaYAAP8RmqzAqAEGwKgBAcdZADUALvSsiC0BAAABAAAAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAE="}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681714,"flow_last_seen":1587041681714,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1587041681714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"VoIP"},"dns": {"query":"eu-api.asm.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -161,8 +161,8 @@
00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1158,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682376,"flow_last_seen":1587041682423,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":236,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041682423,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"northeurope.notifications.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1587041682440,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1587041682440,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES9AAEARZ+LAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAHT\/ICoAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1185,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1587041682369,"flow_last_seen":1587041682557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":489,"midstream":0,"thread_ts_msec":1587041682557,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041682611}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041682598,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041682611}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682668,"flow_last_seen":1587041682668,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041682668,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1587041682668,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1587041682668,"pkt":"EBMx8Tl2KDc3AG3ICABFAABW2rQAAP8RXYrAqAEGwKgBAeC6ADUAQqKILzcBAAABAAAAAAAACHByZXNlbmNlCHNlcnZpY2VzA3NmYg50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682668,"flow_last_seen":1587041682668,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041682668,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"presence.services.sfb.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -199,12 +199,12 @@
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1587041683378,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041683378,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VAJAAGwGd3g0ck0hwKgBBgG77IQbiSB\/F+H6CKASIABpjQAAAgQFoAEDAwgEAggKYR77TDCEshI="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1494,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1587041683379,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041683379,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4foIG4kggIAQEAmoEAAAAQEICjCEsj9hHvtM"}
00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1495,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041683333,"flow_last_seen":1587041683379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041683379,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1499,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041683406}
00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":1499,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041683396,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00185{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1499,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041683406}
01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1503,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041683333,"flow_last_seen":1587041683431,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041683431,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
00876{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1516,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041683186,"flow_last_seen":1587041683511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10374,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1587041683511,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"chatsvcagg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1533,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041683611}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":1533,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041683605,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1533,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041683611}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041684291,"flow_last_seen":1587041684291,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1587041684291,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1587041684291,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1587041684291,"pkt":"EBMx8Tl2KDc3AG3ICABFAABC19sAAP8RYHfAqAEGwKgBAegLADUALnZLN+4BAAABAAAAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAE="}
00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041684291,"flow_last_seen":1587041684291,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1587041684291,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"substrate.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -216,8 +216,8 @@
00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1698,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1587041684317,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041684317,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGWazAqAEGDWsSC+yFAbvNnLiaNd4cNVAQIADoJAAA"}
00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1699,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041684306,"flow_last_seen":1587041684317,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1587041684317,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
01688{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1722,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041684306,"flow_last_seen":1587041684362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4607,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":1587041684362,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","alpn":"h2,http\/1.1","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2"}}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1753,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041684611}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":1753,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041684501,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1753,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041684611}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685090,"flow_last_seen":1587041685090,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1587041685090,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1587041685090,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1587041685090,"pkt":"EBMx8Tl2KDc3AG3ICABFAABJHhYAAP8RGjbAqAEGwKgBAe89ADUANcKVVKoBAAABAAAAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQAB"}
00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685090,"flow_last_seen":1587041685090,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1587041685090,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"euaz.tr.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -276,11 +276,11 @@
00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1843,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685248,"flow_last_seen":1587041685294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1587041685294,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1864,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041685232,"flow_last_seen":1587041685327,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041685327,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
01503{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1874,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1587041685248,"flow_last_seen":1587041685350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6269,"flow_avg_l4_payload_len":569,"midstream":0,"thread_ts_msec":1587041685350,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1897,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041685406}
00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":1897,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041685403,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00185{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1897,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041685406}
01378{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1908,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1587041685106,"flow_last_seen":1587041685420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6165,"flow_avg_l4_payload_len":560,"midstream":0,"thread_ts_msec":1587041685420,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"trouter2-asse-a.trouter.teams.microsoft.com","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4"}}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1979,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041685611}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":1979,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041685546,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1979,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041685611}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685984,"flow_last_seen":1587041685984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685984,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1587041685984,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685984,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyNAbtKVk3bAAAAALAC\/\/8LQAAAAgQFtAEDAwUBAQgKMIS8GgAAAAAEAgAA"}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2019,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1587041685996,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685996,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TQBAAHUGACA0ccKEwKgBBgG77I3LqgPISlZN3IAS\/\/9gggAAAgQFoAEDAwgBAQQC"}
@@ -293,8 +293,8 @@
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1587041686288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041686288,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyPAbtgh2e+U\/RRNYAQEAkdGQAAAQEICjCEvUBhH1u7"}
00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041686239,"flow_last_seen":1587041686288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041686288,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00986{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2074,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041686239,"flow_last_seen":1587041686542,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18814,"flow_avg_l4_payload_len":587,"midstream":0,"thread_ts_msec":1587041686542,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2076,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041686611}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2076,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041686589,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2076,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041686611}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686659,"flow_last_seen":1587041686659,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1587041686659,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1587041686659,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1587041686659,"pkt":"\/\/\/\/\/\/\/\/jP5XIzfkCABFAABE9p0AAEAR\/0vAqAFwwKgB\/+EV4RUAME6OU3BvdFVkcDBE2bWZ25IvowABAADKIN8ICP0NzlEBuCwq6R7jWIhweQ=="}
00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686659,"flow_last_seen":1587041686659,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1587041686659,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
@@ -312,8 +312,8 @@
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687370,"flow_last_seen":1587041687370,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041687370,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1587041687370,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1587041687370,"pkt":"EBMx8Tl2KDc3AG3ICABFAABF06EAAP8RZK7AqAEGwKgBAdM1ADUAMUK+cAQBAAABAAAAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAE="}
00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687370,"flow_last_seen":1587041687370,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041687370,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2198,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041687412}
00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2198,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041687382,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00185{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2198,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041687412}
00733{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1587041687435,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1587041687435,"pkt":"KDc3AG3IEBMx8Tl2CABFAAD6rblAADkRD+LAqAEBwKgBBgA10zUA5gAAcASBgAABAAYAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAHADAAFAAEAAAe+AB8DYXBpBnN0cmVhbQ50cmFmZmljbWFuYWdlcgNuZXQAwDUABQABAAAAPAAJBmV1d2UtMcAMwGAABQABAAAEVQANCmV1d2UtMS1hcGnAQMB1AAUAAQAAACkACwhldXdlLTEtMcAMwI4ABQABAAAAwQApHWFtcy1ldXdlLTEtaG9zLWFwaWdhdGV3YXktMS0xCGNsb3VkYXBwwE\/ApQABAAEAAAANAARoKLuX"}
00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041687370,"flow_last_seen":1587041687435,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1587041687435,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.40.187.151"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2202,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687436,"flow_last_seen":1587041687436,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041687436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -322,8 +322,8 @@
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2204,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1587041687466,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041687466,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVVbAqAEGaCi7l+ySAbtvi5oJgZblB4AQEAkTrwAAAQEICjCEwbkBuRsf"}
00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2205,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687436,"flow_last_seen":1587041687466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041687466,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
01503{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2226,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041687245,"flow_last_seen":1587041687544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4615,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":1587041687544,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2238,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041687611}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2238,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041687600,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2238,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041687611}
00868{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2258,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041687436,"flow_last_seen":1587041687725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9349,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1587041687725,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687731,"flow_last_seen":1587041687731,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1587041687731,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1587041687731,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1587041687731,"pkt":"EBMx8Tl2KDc3AG3ICABFAABM83AAAP8RRNjAqAEGwKgBAfUPADUAOAAFY+UBAAABAAAAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQAB"}
@@ -335,14 +335,14 @@
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2265,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1587041687789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041687789,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GLFAAGwGRTw0qbp3wKgBBgG77JMQ1B2QYdMMyKASIACACgAAAgQFoAEDAwgEAggKASJ3bTCEwsc="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2266,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1587041687789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041687789,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGifXAqAEGNKm6d+yTAbth0wzIENQdkYAQEAm+kQAAAQEICjCEwvABIndt"}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2267,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687745,"flow_last_seen":1587041687789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1587041687789,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euno-1.api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2311,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041688611}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2311,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041688190,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2311,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041688611}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2313,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041689410}
00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2313,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041688190,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00185{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2313,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041689410}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2314,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041689611}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2314,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041688190,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2314,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041689611}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2316,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041690611}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2316,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041688190,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2316,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041690611}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041690880,"flow_last_seen":1587041690880,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1587041690880,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1587041690880,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1587041690880,"pkt":"EBMx8Tl2KDc3AG3ICABFAABSJv0AAP8REUbAqAEGwKgBAfm6ADUAPoc2eGoBAAABAAAAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQAB"}
00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041690880,"flow_last_seen":1587041690880,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1587041690880,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -363,26 +363,26 @@
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1587041691168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041691168,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PCRAAHEGa280cmwIwKgBBgG77JWud4Fgpm4cPqASIABnNAAAAgQFoAEDAwgEAggKUqoqrDCEz\/U="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2354,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1587041691169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041691169,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2JvAqAEGNHJsCOyVAbumbhw+rneBYYAQEAml0QAAAQEICjCE0AhSqiqs"}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041691149,"flow_last_seen":1587041691169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1587041691169,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emea.ng.msg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2416,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041691410}
00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2416,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041691399,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00185{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2416,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041691410}
00877{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2417,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041691149,"flow_last_seen":1587041691582,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10149,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1587041691582,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emea.ng.msg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2419,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041691611}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2419,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041691582,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2419,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041691611}
00890{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2430,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041682376,"flow_last_seen":1587041692001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9509,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1587041692001,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"northeurope.notifications.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041692528,"flow_last_seen":1587041692528,"flow_idle_time":7440000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":1,"thread_ts_msec":1587041692528,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1587041692528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1587041692528,"pkt":"KDc3AG3IEBMx8Tl2CABFAACscMtAADIGTDyXCzKLwKgBBgiu1d6yibcLw8sjj4AYAfWSMAAAAQEICnMgXuAwhCbwdBDZH1X2LNSHenV0XPT5UOuNQPq3DAtDODIIsZ4L3xE8W9ceOtMh\/taRn1i3oYCG\/lk5DiXu3JH7RFT8gb0ANFHp9LfVVHPD+A0sB0\/WJaUdO\/QQPvH9sYa9nCylNS5SUfWnuhHHtKPL+2Ql1DSrQI\/KjFfe6Sr3"}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2439,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1587041692528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041692528,"pkt":"EBMx8Tl2KDc3AG3ICABFSAA0AABAAEAGrzfAqAEGlwsyi9XeCK7DyyOPsom3g4AQD\/zTvAAAAQEICjCE1UVzIF7g"}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2440,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1587041692528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1587041692528,"pkt":"EBMx8Tl2KDc3AG3ICABFSAB8AABAAEAGru\/AqAEGlwsyi9XeCK7DyyOPsom3g4AYEADukgAAAQEICjCE1UVzIF7g5AplDBJ5jEkO1U2Mpra9\/PbG6UC\/FVXGQ5pEnr4zSbP3LnLXhdyZOGgH9qsJLTZHLgDXKr5t+q9K3Mvbm5JFapBhK16BH5zD"}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2442,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041692611}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2442,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041692578,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2442,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041692611}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041692808,"flow_last_seen":1587041692808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041692808,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1587041692808,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041692808,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyWEVIVrX6QAAAAALAC\/\/9dQAAAAgQFtAEDAwUBAQgKMITWWwAAAAAEAgAA"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2444,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1587041692880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041692880,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7JY0lYWJFa1+kaAS\/ohhIwAAAgQFrAQCCAoTeUD2MITWWwEDAwc="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2445,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1587041692880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041692880,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrX6RNJWFioAQECx9\/QAAAQEICjCE1qITeUD2"}
01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2446,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041692808,"flow_last_seen":1587041692881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1587041692881,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01094{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2448,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1587041692808,"flow_last_seen":1587041692953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1587041692953,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2463,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041693412}
00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2463,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041693383,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00185{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2463,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041693412}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2464,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693428,"flow_last_seen":1587041693428,"flow_idle_time":180000,"flow_min_l4_payload_len":977,"flow_max_l4_payload_len":977,"flow_tot_l4_payload_len":977,"flow_avg_l4_payload_len":977,"midstream":0,"thread_ts_msec":1587041693428,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2464,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1587041693428,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1019,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1019,"pkt_l4_len":985,"thread_ts_msec":1587041693428,"pkt":"EBMx8Tl2KDc3AG3ICABFAAPt48gAAEART4\/AqAEGNHJNiMnhDZYD2eNwBl3+t6o2WT+OKw\/oTFMopoursiGTBsvvLvg3wuBfZT1pBB1vO2396s1T+U1VujmCqj4L5tMtU2F\/1TQzFXSUlw7M8VMfNQQRkYM68GVjRmInITISf9xExqdFNNQs5RQE95Yd7wUQ0WB34xO5EY6WIo8x\/N\/uDXPR3dWPSffY9Pjxt3AuIhSE\/33TPi9IZfwvBkn0Ytl+OD1doGxH0KzkYpDzBS9hB1dBsT+zr8uYQ4OitShMofb6WewMwiNNfNExsV6iWN3hyOrqzEPoHJ8xMa7bW1q9BLkbd5BDoIOv\/MoJUwfM2rHFjSZuGzr\/wQ6fSJlA+ga+XWQ5cCOxemM862mQg5uhFhBag2VuzDKpysLY0ZCqnKz91R2yhrxoXReoN9yIxCUIquc7SAW\/92cRId8y07O6L1X8x\/aDl3FC0Al6caV7h\/r8ddpLTlDH6yLNlYfOWE7QuJLs4lty891N9hHky+P7SbB6VN0+eXLlpdIKbixmAmCZ1p6\/DFecrkQrfBusU7fCQ0m5UtC7A9xyYw8qrbidfp8KJduef6Xu3BA4D0YD6FFqNyrfEvkjpJ+3rNXlm\/vqN6+pA7Pyjrxbc8hNlLHZHBWyirKyjtN28dUXzlP+LsRPGNdQvqJFK3pV96V25LmYF5yiAGBc2dVjL3CV3I8BZIc1iv9PSXq8u5cmF3NAvFW+ejj0aUJys0KqSuB+SsBchm0XJNdD1T31o3cnzHzdRkPqsYgQxN+TMH4xz2ipnYwRm5mpiVbDbtght4DZhZkINSjZm+P+w6KJ1sJkRZyTcItShxjipY0pc0YcI\/iPO8Kihnfm0h7aZYr8JbNTXfrRfggxMyqgTWxlobhHKsiboGB5nz9mqNXgN5f2w6aCT8Ygr4J\/d\/M8CNiCRT+CKMTqRpDBqIcnsL3KBgSmI2li51fHmCYLknW2Aw3F82bIDyzOvtteFfeZxum8+GIS5JvJh64JDL9hUaT9FEJ6txlWLszG+bg1use4IiVMiF2jfKWFA1eFZRDjiQXrMStv0vPT1Ma73OvVsZAHSptss39ti+ltbCNxC0S+MDiB1jQrFVUZ5nHLM44PsanYQ\/0cpyVO6zbbzjzXTUfs+tAIMkUNPFZtCs1rFpKhkI3NcGs+yvSb4SV1GxhoDHVRpRNuKqFbFinCHp\/37lAaE9HGUTnfhxGhnCIfOfHIUUAT3eHul9H3b0Z8OnLYIK1ZDLQGkd0pzOUxUVHtQtXMulhXsHz7fr\/A21yG\/8b8NgTEX+gU6e+h1l0XisCpHYMfVCMz3mHn3ia\/HdLRjG51YnI="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2480,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1587041693474,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1587041693474,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJIAAGwR1nE0ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="}
@@ -409,8 +409,8 @@
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693597,"flow_last_seen":1587041693597,"flow_idle_time":180000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"thread_ts_msec":1587041693597,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1587041693597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_msec":1587041693597,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693597,"flow_last_seen":1587041693597,"flow_idle_time":180000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"thread_ts_msec":1587041693597,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2510,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041693611}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2510,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041693609,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2510,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041693611}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693611,"flow_last_seen":1587041693611,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693611,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1587041693611,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1587041693611,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgfyMAAEARCrzAqAEGNHL6jcNhDZYATBjuAAMAMCESpELalY8VcoE3uJ+0vVMADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693611,"flow_last_seen":1587041693611,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693611,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
@@ -452,8 +452,8 @@
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2637,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1587041694262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041694262,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0VplAAGwGdII0ck2IwKgBBgG77Jdw4z8APJqWp4AS\/\/+58wAAAgQFoAEDAwgBAQQC"}
00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2638,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1587041694262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041694262,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG9yfAqAEGNHJNiOyXAbs8mpancOM\/AVAQIADasgAA"}
00983{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2639,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041694219,"flow_last_seen":1587041694263,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1587041694263,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.flightproxy.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2658,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041694611}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2658,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041694571,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2658,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041694611}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695278,"flow_last_seen":1587041695278,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041695278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1587041695278,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695278,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMhisAAEARcdvAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695278,"flow_last_seen":1587041695278,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041695278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
@@ -474,8 +474,8 @@
00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2675,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1587041695381,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1587041695381,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsXTYAAEARK+HAqAEGNHL6icN0DZYBGMK2AAQA\/CESpEIeamDBSEqcaMKGtFYADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAguGTqGqFZLfExfohAPRW3NYW9D0LDg15vdpj82BiyuIs="}
00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2677,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1587041695389,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1587041695389,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4fJgAAGwR4O40cvqNwKgBBg2Ww2AApNd+ARUAiMLWdk9T8dgTMFhVlH2+EmsADwAEcsZLxgASAAgAAT\/MXUduzQATAHAAAQBcIRKkQpOT7iqoT5owckEG1gAGAAlGWTMyOm81L0kAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQwsyB\/3AcVNGFmgIYtfHOO0Vm54oAoAAR90b9H"}
00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2678,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1587041695389,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1587041695389,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4VxkAAGwRBnI0cvqJwKgBBg2Ww3QApCdjARUAiE\/LrilDXPJWtp6yDikzcPIADwAEcsZLxgASAAgAAT\/NXUduzQATAHAAAQBcIRKkQlPk9TFAsI2GK+OZoAAGAAkrbUl2OkpGd2oAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQqoNaJl5j6Qph3wmShySpejyG1ZYAoAAR\/OzfK"}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2681,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041695413}
00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2681,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041695407,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00185{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2681,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041695413}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695421,"flow_last_seen":1587041695421,"flow_idle_time":180000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1587041695421,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1587041695421,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1587041695421,"pkt":"KDc3AG3IEBMx8Tl2CABFAACYUPwAAGwRCyM0cvwVwKgBBg2Yw3QAhCaSAAEAaCESpEK59F1PLtIJs2rQCYoABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACGUfNM4ueRX8gDcABAAAAAIACAAUDNg3puCxSSnyiCvs+zLb4wfWy9WAKAAEDuovdw=="}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695421,"flow_last_seen":1587041695421,"flow_idle_time":180000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1587041695421,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
@@ -487,21 +487,21 @@
00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2690,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041693516,"flow_last_seen":1587041695435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1587041695435,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2696,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1587041695586,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695586,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZh4AAEARkejAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2697,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1587041695586,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695586,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMyucAAEARLR\/AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2699,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041695611}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2699,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041695591,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2699,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041695611}
00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2701,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":1587041695890,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695890,"pkt":"EBMx8Tl2KDc3AG3ICABFAACM6boAAEARDkzAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2702,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":1587041695890,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695890,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMMbQAAEARxlLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2715,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041696611}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2715,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041696574,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2715,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041696611}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041697061,"flow_last_seen":1587041697061,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041697061,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1587041697061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041697061,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyYAbtVmTcwAAAAALAC\/\/8wcwAAAgQFtAEDAwUBAQgKMITmwQAAAAAEAgAA"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2731,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1587041697091,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041697091,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8X+VAAG4GOLAoT4opwKgBBgG77Jhhqm+9VZk3MaASIADeAQAAAgQFoAEDAwgEAggKC\/ZmGDCE5sE="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2732,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":1587041697091,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041697091,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyYAbtVmTcxYapvvoAQEAkclQAAAQEICjCE5t4L9mYY"}
00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041697061,"flow_last_seen":1587041697092,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041697092,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00185{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2753,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041697412}
00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2753,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041697244,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00185{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2753,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041697412}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2761,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041697611}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2761,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041697604,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2761,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041697611}
00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041697660,"flow_last_seen":1587041697660,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1587041697660,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1587041697660,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1587041697660,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA40fgAADUBJWpdR27NwKgBBgMDcCsAAAAARQAASh2AAAAyEd1gwKgBBl1Hbs3DdD\/NADaJWQ=="}
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041697660,"flow_last_seen":1587041697660,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1587041697660,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.321296}

8
test/results/tls_invalid_reads.pcap.out
View File

@@ -2,8 +2,8 @@
00475{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1252380859868}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1252380859868,"flow_last_seen":1252380859868,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1252380859868,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1252380859868,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1252380859868,"pkt":"ABTRQblQABy\/OaVJCABFAAA0MFlAAIAG8ynAqAplziE9cQ9\/AbtzVLVxAAAAAIAC+vBjhwAAAgQFtAEDAwABAQQC"}
00211{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1252380859884}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":66,"pkt_l4_len":0,"thread_ts_msec":1252380859868,"pkt":"ABy\/OaUlABTRQblQCABFIBA0ZLoAADYGSUrOIT1xwKgKZQG7D3++yAIvc1S1coASFtCGmAAAAgQFtAEBBAIBAwMx"}
00211{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1252380859884}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1252380859884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1252380859884,"pkt":"ABTRQblQABy\/PaVxCABFAAAoMP9AAIAG8zDAqAplziE9cQ9\/AbtzVLVyvsgCMFAQ+vDjSQAA"}
00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1252380859885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_msec":1252380859885,"pkt":"ABTRQblQABy\/OaVxCABFAACOMQBAAIAG8snAqAplziE9cQ9\/AbtzVLVyvsgCMFAY+vBuTgAAFgMBAGEBAABdAwFKpdC7WffXCrqul0rRyqlV7PYgfbDHC7SZ1YAJU4BSeiCCetHfydzbddwggCw2Ef4Y\/Wcmum3i+DV+RW7iw5bCGwAWAAQABQAKAAkAZABiAAMABgATABIAJQAA"}
00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1252380859868,"flow_last_seen":1252380859885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1252380859885,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
@@ -14,12 +14,12 @@
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7440000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1252380859868,"flow_last_seen":1252380859943,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":851,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":8,"total-skipped-flows":0,"total-l4-data-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-events-serialized":16,"global_ts_msec":1544035479538}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1544035479538}
00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_msec":1421985541772,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAGDVegAA\/xG3XAruJEAK7vQxCGgIaABMAAAw\/wA8B+zklkUAADyx3UAAQAbcAwq\/ixE23eAt5LgBu\/kVfJ4AAAAAoAL\/\/3GmAAACBAW0BAIICgAUzUMAAAAAAQMDBg=="}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1544035479538}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":11,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1544035479721}
00444{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_msec":1421985541772,"pkt":"AAAAAAAFYAgQGhx\/gQAMn4EAAAIIAEVoAGBxLwAAOxHfqAru9DEK7iRACGgIaABMAAAw\/wA8AABhskUAADwAAEAA5Abp4Dbd4C0Kv4sRAbvkuBpaSBv5FXyfoBJxILDEAAACBAV4BAIICh1e0BYAFM1DAQMDCA=="}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":11,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1544035479721}
00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1544035479768}
00723{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":324,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":324,"pkt_l4_len":0,"thread_ts_msec":1421985541772,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAS7V9AAA\/xG2FAruJEAK7vQxCGgIaAEaAAAw\/wEKB+zklkUAAOux30AAQAbbUgq\/ixE23eAt5LgBu\/kVfJ8aWkgcgBgFWRb9AAABAQgKABTNax1e0BYWAwEAsgEAAK4DA+Jfj3VZ7Se+llOF2hoK\/0SOWa4JB8kGoFPipHXr6zI3AAAowCvALMAvwDAAngCfwAnACsATwBQAMwA5wAfAEQCcAJ0ALwA1AAUA\/wEAAF0AAAAWABQAABFlLmNyYXNobHl0aWNzLmNvbQAXAAAAIwAAAA0AFgAUBgEGAwUBBQMEAQQDAwEDAwIBAgMAEAALuImlL1Y1GeVflD5H40\/GlDV3w0Q4eHATzs15UMvq3bDFbT9WBxf4WY7WsXHZhuEm\/fgNJZccyFnwUKMb"}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1544035479768}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7440000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":12,"packets-processed":8,"total-skipped-flows":0,"total-l4-data-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":24,"global_ts_msec":1544035479768}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~

282
test/results/tor.pcap.out
View File

@@ -1,167 +1,167 @@
00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tor.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00461{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1383821660212}
00177{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821660212}
00331{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00177{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821660212}
00177{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821662212}
00331{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00177{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821662212}
00177{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821664212}
00331{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00177{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821664212}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821665420,"flow_last_seen":1383821665420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383821665420,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1383821665420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821665420,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A15AAIAGe0DAqAH8W49d8semAbvp\/8nSAAAAAIACIABVtgAAAgQFtAEDAwgBAQQC"}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1383821665491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821665491,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x6b4Wbj86f\/J04ASOQiLRwAAAgQFtAEBBAIBAwMH"}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1383821665491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821665491,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA19AAIAGe0vAqAH8W49d8semAbvp\/8nT+Fm4\/VAQAQAEIgAAAAAAAAAA"}
00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821665420,"flow_last_seen":1383821665498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1383821665498,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01160{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821665420,"flow_last_seen":1383821665606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1383821665606,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}}
00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821666212}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821666164,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821666212}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821666407,"flow_last_seen":1383821666407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383821666407,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1383821666407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821666407,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A2hAAIAG0l3AqAH8Ljs0H8enAbvpjJYYAAAAAIACIADhCQAAAgQFtAEDAwgBAQQC"}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1383821666480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821666480,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAACwGKcYuOzQfwKgB\/AG7x6cxNPZ86YyWGYASchBnNQAAAgQFtAEBBAIBAwMK"}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1383821666481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821666481,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA2lAAIAG0mjAqAH8Ljs0H8enAbvpjJYZMTT2fVAQAQAZGwAAAAAAAAAA"}
01195{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821666407,"flow_last_seen":1383821666482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1383821666482,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01407{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821666407,"flow_last_seen":1383821666558,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":749,"flow_tot_l4_payload_len":971,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1383821666558,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.gmvuy6mtjbxevwo3w.com","subjectDN":"CN=www.bpcau5b3haif5els.net","fingerprint":"3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C"}}
00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821668212}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821668066,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821668212}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821668403,"flow_last_seen":1383821668403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383821668403,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1383821668403,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821668403,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A3VAAIAGx5DAqAH8JuVGNceoAbuUs9YxAAAAAIACIADrCAAAAgQFtAEDAwgBAQQC"}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1383821668547,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821668547,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x6iEDREglLPWMoASOQg8wAAAAgQFtAEBBAIBAwMK"}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1383821668548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821668548,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA3ZAAIAGx5vAqAH8JuVGNceoAbuUs9YyhA0RIVAQAQC1nQAAAAAAAAAA"}
01198{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821668403,"flow_last_seen":1383821668548,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1383821668548,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01404{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821668403,"flow_last_seen":1383821668700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1383821668700,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}}
00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":80,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821670213}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":80,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821669834,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":80,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821670213}
00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821672213}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821669834,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821672213}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821673254,"flow_last_seen":1383821673254,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383821673254,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1383821673254,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1383821673254,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821673254,"flow_last_seen":1383821673254,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383821673254,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821674212}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821674212}
00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":88,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821676212}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":88,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":88,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821676212}
00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":89,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821678212}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":89,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":89,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821678212}
00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":90,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821680212}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":90,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":90,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821680212}
00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821682212}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821682212}
00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":92,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821684212}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":92,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821684212}
00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":93,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821686212}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":93,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":93,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821686212}
00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":94,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821688212}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":94,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":94,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821688212}
00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":95,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821690212}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":95,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":95,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821690212}
00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":96,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821692212}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":96,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":96,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821692212}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1383821693159,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1383821693159,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_msec":1383821693159,"pkt":"\/\/\/\/\/\/\/\/UlQAWul3CABFAADuA4EAAIARsTLAqAH8wKgB\/wCKAIoA2itVEQLJT8CoAfwAigDEAAAgRUZFT0VFRUpFQkVPQ05GQUVEQ0FDQUNBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAKgAAAAAAAAAAAOgDAAAAAAAAAAAqAFYAAwABAAEAAgA7AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABFTkRJQU4tUEMA"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1383821693159,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821694212}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":98,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821694212}
00178{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":99,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821696212}
00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":99,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":99,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821696212}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":100,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821698212}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":100,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":100,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821698212}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":101,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821700216}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":101,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":101,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821700216}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":102,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821702213}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":102,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":102,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821702213}
00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1383821703288,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1383821703288,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":111,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821704212}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":111,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821703723,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":111,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821704212}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":156,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821706213}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":156,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821706194,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":156,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821706213}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":185,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821708213}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":185,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821708161,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":185,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821708213}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":202,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821710212}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":202,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821709736,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":202,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821710212}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":203,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821712212}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":203,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821709736,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":203,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821712212}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":214,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821714212}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":214,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821713855,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":214,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821714212}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":215,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821716213}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":215,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821713855,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":215,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821716213}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":220,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821718212}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":220,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821716551,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":220,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821718212}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":221,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821720213}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":221,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821716551,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":221,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821720213}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":222,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821722213}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":222,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821716551,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":222,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821722213}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":227,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821724212}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":227,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821723995,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":227,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821724212}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":232,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821726212}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":232,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821725008,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":232,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821726212}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":271,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821728213}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":271,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821728040,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":271,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821728213}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":356,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821730212}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":356,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821730181,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":356,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821730212}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":541,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821732212}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":541,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821732198,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":541,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821732212}
00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1383821733324,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1383821733324,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":671,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821734213}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":671,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821734087,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":671,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821734213}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1383821734359,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821734359,"pkt":"UlQA2EYhUlQAWul3CABFAAAoBE1AAIAGeHjAqAH8nTgeLsegAbuzcgvfGiCX\/lAUAAD2+QAAAAAAAAAA"}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":690,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821736213}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":690,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821736176,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":690,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821736213}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":755,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821738213}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":755,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821738213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":755,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821738213}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":806,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821740212}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":806,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821740176,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":806,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821740212}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":828,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821742213}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":828,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821741917,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":828,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821742213}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":848,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821744213}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":848,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821744083,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":848,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821744213}
00179{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":889,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821746213}
00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":889,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821746178,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":889,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821746213}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1027,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821748212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1027,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821748103,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1027,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821748212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1054,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821750212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1054,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821750028,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1054,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821750212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1069,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821752213}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1069,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821752032,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1069,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821752213}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1074,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821754213}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1074,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821752949,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1074,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821754213}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1093,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821756213}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1093,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821756147,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1093,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821756213}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1106,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821758213}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1106,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821757892,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1106,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821758213}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821760213}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821760056,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821760213}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821762212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821762157,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821762212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821764213}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821764094,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821764213}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821766213}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821766193,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821766213}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1709,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821768213}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1709,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821768150,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1709,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821768213}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1807,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821770213}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1807,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821770180,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1807,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821770213}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1817,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821772213}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1817,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821771201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1817,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821772213}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1818,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821774213}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1818,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821771201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1818,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821774213}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1828,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821776213}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1828,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1828,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821776213}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1829,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821778213}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1829,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1829,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821778213}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1830,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821780213}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1830,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1830,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821780213}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1831,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821782213}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1831,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1831,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821782213}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821784213}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821784213}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821786213}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821786213}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822124212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822123915,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822124212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822126212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822123915,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822126212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822128212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822123915,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822128212}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822129889,"flow_last_seen":1383822129889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822129889,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1383822129889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822129889,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CJdAAIAGvzrAqAH81FOb+sfmAbsbVwNmAAAAAIACIAAzvwAAAgQFtAEDAwgBAQQC"}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1841,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822129897,"flow_last_seen":1383822129897,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822129897,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -174,16 +174,16 @@
01190{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822129897,"flow_last_seen":1383822129972,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1383822129972,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01153{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822129889,"flow_last_seen":1383822130023,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":743,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1383822130023,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.wohgpas45j6ucw.com","subjectDN":"CN=www.7d43ah2kikrabj.net","fingerprint":"F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B"}}
01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822129897,"flow_last_seen":1383822130047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":961,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1383822130047,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822130216}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822130168,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822130216}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822130889,"flow_last_seen":1383822130889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822130889,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1383822130889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822130889,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CK1AAIAGwljAqAH8JuVGNcfoAbv0twffAAAAAIACIABZFwAAAgQFtAEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1383822131033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822131033,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x+hg0\/cE9LcH4IASOQjoIwAAAgQFtAEBBAIBAwMK"}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1892,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1383822131034,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383822131034,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCK9AAIAGwmLAqAH8JuVGNcfoAbv0twfgYNP3BVAQAQBhAQAAAAAAAAAA"}
00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822130889,"flow_last_seen":1383822131034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1383822131034,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01151{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822130889,"flow_last_seen":1383822131220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1139,"flow_avg_l4_payload_len":189,"midstream":0,"thread_ts_msec":1383822131220,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822132212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822132203,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822132212}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":141,"flow_first_seen":1383821665420,"flow_last_seen":1383821774457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60720,"flow_avg_l4_payload_len":430,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}}
@@ -191,162 +191,162 @@
01047{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1383821666407,"flow_last_seen":1383821774461,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9246,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}}
01053{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1576,"flow_first_seen":1383821668403,"flow_last_seen":1383821774532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1301150,"flow_avg_l4_payload_len":825,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}}
00683{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1383821673254,"flow_last_seen":1383822123915,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":720,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822134212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822133931,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822134212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822136212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822136212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1945,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822138212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1945,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1945,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822138212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1946,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822140212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1946,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1946,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822140212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1947,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822142212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1947,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1947,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822142212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1948,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822144212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1948,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1948,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822144212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1949,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822146212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1949,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1949,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822146212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1950,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822148212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1950,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1950,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822148212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822150212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822150212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822152212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822152212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822154212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822154212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822156212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822156212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822158212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822158212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1957,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822160212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1957,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1957,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822160212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1958,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822162212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1958,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1958,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822162212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1959,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822164212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1959,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1959,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822164212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1960,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822166212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1960,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1960,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822166212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1961,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822168212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1961,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1961,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822168212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1975,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822170212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1975,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822170108,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1975,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822170212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1986,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822172212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1986,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822172115,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1986,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822172212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2022,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822174212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2022,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822174148,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2022,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822174212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2042,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822176212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2042,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822175546,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2042,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822176212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2058,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822178212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2058,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822178103,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2058,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822178212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2061,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822180212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2061,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822179522,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2061,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822180212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822182212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822180832,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822182212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822184212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822184212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822186212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822186212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822188212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822188212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822190212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822190212}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822190886,"flow_last_seen":1383822190886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822190886,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1383822190886,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822190886,"pkt":"UlQA2EYhUlQAWul3CABFAAA0COtAAIAGZnzAqAH8PtKJ5sfxAbspsDzeAAAAAIACIACTeAAAAgQFtAEDAwgBAQQC"}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1383822190950,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822190950,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGvmc+0onmwKgB\/AG7x\/Gvhi1nKbA834ASOQidcgAAAgQFtAEBBAIBAwMH"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1383822190951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383822190951,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCOxAAIAGZofAqAH8PtKJ5sfxAbspsDzfr4YtaFAQAQAWTQAAAAAAAAAA"}
00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822190886,"flow_last_seen":1383822190951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1383822190951,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01159{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822190886,"flow_last_seen":1383822191037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":958,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1383822191037,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","subjectDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0"}}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822192212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822192034,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822192212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2107,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822194212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2107,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822193390,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2107,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822194212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2136,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822196212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2136,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822196160,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2136,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822196212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2193,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822198212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2193,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822198129,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2193,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822198212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2231,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822200212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2231,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822200128,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2231,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822200212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2318,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822202212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2318,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822202193,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2318,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822202212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2421,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822204212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2421,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822204195,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2421,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822204212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2544,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822206212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2544,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822206019,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2544,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822206212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2564,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822208213}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2564,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822207793,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2564,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822208213}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2577,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822210212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2577,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822209488,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2577,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822210212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822212212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822212140,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822212212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822214212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822214082,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822214212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822216212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822216211,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822216212}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822217531,"flow_last_seen":1383822217531,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1383822217531,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1383822217531,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_msec":1383822217531,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDIMBZjPcAAgAAgAAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822217531,"flow_last_seen":1383822217531,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1383822217531,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822218212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822218202,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822218212}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2800,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1383822218758,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_msec":1383822218758,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDB8BZjPcAAgAAgBkAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822220212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822220042,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822220212}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2863,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1383822220774,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_msec":1383822220774,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhC1cBZjPcAAgAAgEsAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822222212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822222154,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822222212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2936,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822224212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2936,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822224128,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2936,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822224212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2965,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822226212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2965,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822226175,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2965,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822226212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2976,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822228212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2976,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822227885,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2976,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822228212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2988,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822230212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2988,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822230193,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2988,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822230212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3004,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822232211}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3004,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822232017,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3004,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822232211}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3018,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822234211}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3018,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822233939,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3018,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822234211}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3036,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822236212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3036,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822236183,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3036,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822236212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3128,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822238212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3128,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822238164,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3128,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822238212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3234,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822240212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3234,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822240198,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3234,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822240212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822242212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822242141,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822242212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822244212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822244182,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822244212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3654,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822246212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3654,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822246194,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3654,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822246212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3712,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822248212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3712,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822248153,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3712,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822248212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822250211}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822248944,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822250211}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822252211}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822248944,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822252211}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3735,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822254212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3735,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822254127,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3735,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822254212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3752,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822256211}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3752,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822255869,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3752,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822256211}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3810,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822258212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3810,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822257040,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3810,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822258212}
00480{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","packets-captured":3821,"packets-processed":3664,"total-skipped-flows":0,"total-l4-data-len":2806614,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":1,"current-active-flows":6,"total-active-flows":11,"total-idle-flows":5,"total-events-serialized":331,"global_ts_msec":1383822260212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822260212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822259716,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822260212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3826,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822262211}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3826,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822262143,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3826,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822262211}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3833,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822264211}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3833,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822264155,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3833,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822264211}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3853,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822266211}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3853,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822265221,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3853,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822266211}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3854,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822268211}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822265221,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3854,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822268211}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3855,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822270212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3855,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822265221,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3855,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822270212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822272211}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822265221,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822272211}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822274212}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822274144,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822274212}
00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822276211}
00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822274144,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822276211}
01050{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1383822129897,"flow_last_seen":1383822265221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10408,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1383821673254,"flow_last_seen":1383822274144,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1383822217531,"flow_last_seen":1383822248944,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":534,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}

6
test/results/zoom.pcap.out
View File

@@ -12,8 +12,8 @@
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1569520466355,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520466355,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+Z7AqAF1p2PXpNZPEVI+PYNDfog2UoAQECx8vAAAAQEICiWcz4Xh63Ok"}
01079{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520466316,"flow_last_seen":1569520466355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520466355,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01133{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520466316,"flow_last_seen":1569520466392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":659,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1569520466392,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"dd4b012f7a008e741554bd0a4ed12920","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":16,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1569520467785}
00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1569520466531,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":16,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1569520467785}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520467811,"flow_last_seen":1569520467811,"flow_idle_time":7440000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":1,"thread_ts_msec":1569520467811,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1569520467811,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1569520467811,"pkt":"EBMx8Tl2KDc3AG3ICABFAABjAABAAEAGoUnAqAF1PpWYmdRFA+E5lpAkp\/QQcoAYEABEHgAAAQEICiWc1TCZh0dJFwMDACpAXTQxH2s8yyXvpDmREm16+\/VcNt\/x\/vlsIce1k7D8R+clMelpc+AJPCA="}
00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569520468207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_msec":1569520468207,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjTKAAAAQEICiWc1rxwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="}
@@ -75,8 +75,8 @@
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1569520469423,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569520469423,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4WycAAEABlHPAqAF1ov8mDgMDkd4AAAAARQAAPMGVQAAuEf\/wov8mDsCoAXUNl11fACgAAA=="}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469423,"flow_last_seen":1569520469423,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520469423,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.182005}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1569520469433,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569520469433,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4ZPoAAEABiqDAqAF1ov8mDgMDkd4AAAAARQAAPMGZQAAuEf\/sov8mDsCoAXUNl11fACgAAA=="}
00182{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":90,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1569520469782}
00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":90,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1569520469435,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":90,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1569520469782}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469797,"flow_last_seen":1569520469797,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1569520469797,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00819{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1569520469797,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1569520469797,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzBkxAAEARcsXAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABIog9sAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
00716{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469797,"flow_last_seen":1569520469797,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1569520469797,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}}
@@ -159,8 +159,8 @@
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471748,"flow_last_seen":1569520471748,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1569520471748,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1569520471780,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1569520471780,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA\/ukJAADURu4xtXqBjwKgBdSJh49cAK4mJAgABfUZNNf\/9ojRJXQ1tO1HolgBaDj4AegAqAAAAAAAAAAA="}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1569520471780,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_msec":1569520471780,"pkt":"KDc3AG3IEBMx8Tl2CABFAAApukNAADURu6FtXqBjwKgBdSJh49cAFe6ZAwAAAAF2Ko10AFoOPgAAAAAA"}
00183{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":398,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1569520471784}
00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":398,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1569520471780,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00183{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":398,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1569520471784}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471915,"flow_last_seen":1569520471915,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1569520471915,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1569520471915,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_msec":1569520471915,"pkt":"EBMx8Tl2KDc3AG3ICABFAACHOsEAAEARb8bAqAF1bV6gY+zMImEAcx+TAQACgEJ0mpHOZDa3wq7Yfnt8kAAAAAAAAAACAHoA0QB6ANEAAABAz+pIvn76v2yDYA2gAvW2g1TH36+BBcgmmBwGC4A2voI37csLDeuB1cbZ5dS3SDby7ZAjUH7\/6+f4krtKebNFkQAAAAA="}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471915,"flow_last_seen":1569520471915,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1569520471915,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}}