fix config header

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

test/results/default/WebattackXSS.pcap.out

@@ -1,4 +1,4 @@
-00614{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00617{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
 00838{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1499346935283859}
 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499346935283859,"flow_src_last_pkt_time":1499346935283859,"flow_dst_last_pkt_time":1499346935283859,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499346935283859,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1499346935283859,"flow_dst_last_pkt_time":1499346935283859,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346935283859,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wadAAD4GBCmsEAABwKgKMsuCAFAodgngAAAAAKACchCXWwAAAgQFtAQCCAoBOMhHAAAAAAEDAwc="}
@@ -701,8 +701,6 @@
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1532,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_src_last_pkt_time":1499347150236857,"flow_dst_last_pkt_time":1499347150236857,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347150236857,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ESlAAD4GtKesEAABwKgKMtN2AFB3vosbAAAAAKACchDs9wAAAgQFtAQCCAoBOZoyAAAAAAEDAwc="}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1533,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_src_last_pkt_time":1499347150236857,"flow_dst_last_pkt_time":1499347150236950,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347150236950,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ03aiL1kKd76LHKAScSCDEQAAAgQFtAQCCAoD42uoATmaMgEDAwc="}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1534,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_src_last_pkt_time":1499347150237732,"flow_dst_last_pkt_time":1499347150236950,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347150237732,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ESpAAD4GtK6sEAABwKgKMtN2AFB3voscoi9ZC4AQAOUiGQAAAQEICgE5mjID42uo"}
-00971{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347024196279,"flow_src_last_pkt_time":1499347029616275,"flow_dst_last_pkt_time":1499347029615745,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
-00779{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347024196279,"flow_src_last_pkt_time":1499347029616275,"flow_dst_last_pkt_time":1499347029615745,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00971{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347015165463,"flow_src_last_pkt_time":1499347020614237,"flow_dst_last_pkt_time":1499347020613531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
 00779{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347015165463,"flow_src_last_pkt_time":1499347020614237,"flow_dst_last_pkt_time":1499347020613531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00971{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347016455176,"flow_src_last_pkt_time":1499347021614454,"flow_dst_last_pkt_time":1499347021613682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
@@ -713,6 +711,8 @@
 00779{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347020329829,"flow_src_last_pkt_time":1499347025616173,"flow_dst_last_pkt_time":1499347025615446,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00971{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347021621411,"flow_src_last_pkt_time":1499347027616437,"flow_dst_last_pkt_time":1499347027615698,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
 00779{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347021621411,"flow_src_last_pkt_time":1499347027616437,"flow_dst_last_pkt_time":1499347027615698,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00971{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347024196279,"flow_src_last_pkt_time":1499347029616275,"flow_dst_last_pkt_time":1499347029615745,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
+00779{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347024196279,"flow_src_last_pkt_time":1499347029616275,"flow_dst_last_pkt_time":1499347029615745,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347150241666,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1541,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347151520310,"flow_src_last_pkt_time":1499347151520310,"flow_dst_last_pkt_time":1499347151520310,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347151520310,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1541,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_src_last_pkt_time":1499347151520310,"flow_dst_last_pkt_time":1499347151520310,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347151520310,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82ilAAD4G66asEAABwKgKMtOEAFDVpkFaAAAAAKACchDXgQAAAgQFtAQCCAoBOZtzAAAAAAEDAwc="}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1542,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_src_last_pkt_time":1499347151520310,"flow_dst_last_pkt_time":1499347151520436,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347151520436,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ04RMTDZ61aZBW6AScSDkzQAAAgQFtAQCCAoD42zpATmbcwEDAwc="}
@@ -749,6 +749,7 @@
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1615,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_src_last_pkt_time":1499347160582546,"flow_dst_last_pkt_time":1499347160581793,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347160582546,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eUBAAD4GTJisEAABwKgKMtPiAFBG+910dLpZdYAQAOUY7wAAAQEICgE5pEwD43XC"}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1619,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":4,"flow_src_last_pkt_time":1499347160657605,"flow_dst_last_pkt_time":1499347155346457,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347160657605,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bt5AAD4GVvqsEAABwKgKMtOsAFCnAfH0XJmXx4ARAOWDdQAAAQEICgE5pF8D43Cm"}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1620,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":5,"flow_src_last_pkt_time":1499347160657605,"flow_dst_last_pkt_time":1499347160657829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347160657829,"pkt":"AMGxFOsxABm5CmnxCABFAAA04hJAAEAG4cXAqAoyrBAAAQBQ06xcmZfHpwHx9YARAON+RwAAAQEICgPjddUBOaRf"}
+01250{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":208,"flow_dst_packets_processed":107,"flow_first_seen":1499346976603214,"flow_src_last_pkt_time":1499347036773535,"flow_dst_last_pkt_time":1499347036773581,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":4344,"flow_src_tot_l4_payload_len":47903,"flow_dst_tot_l4_payload_len":183657,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68"}}
 00971{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347025509874,"flow_src_last_pkt_time":1499347030616511,"flow_dst_last_pkt_time":1499347030615759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
 00779{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347025509874,"flow_src_last_pkt_time":1499347030616511,"flow_dst_last_pkt_time":1499347030615759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00971{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347028086164,"flow_src_last_pkt_time":1499347033617025,"flow_dst_last_pkt_time":1499347033616280,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
@@ -759,7 +760,6 @@
 00779{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347030639342,"flow_src_last_pkt_time":1499347036617620,"flow_dst_last_pkt_time":1499347036616905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00971{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347034467270,"flow_src_last_pkt_time":1499347039618164,"flow_dst_last_pkt_time":1499347039617602,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
 00779{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347034467270,"flow_src_last_pkt_time":1499347039618164,"flow_dst_last_pkt_time":1499347039617602,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01250{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":208,"flow_dst_packets_processed":107,"flow_first_seen":1499346976603214,"flow_src_last_pkt_time":1499347036773535,"flow_dst_last_pkt_time":1499347036773581,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":4344,"flow_src_tot_l4_payload_len":47903,"flow_dst_tot_l4_payload_len":183657,"midstream":0,"thread_ts_usec":1499347160658357,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68"}}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1625,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":4,"flow_src_last_pkt_time":1499347161657977,"flow_dst_last_pkt_time":1499347156630469,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347161657977,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OCpAAD4Gja6sEAABwKgKMtO6AFAdhZhZPg0DvoARAOUW2gAAAQEICgE5pVkD43Hn"}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1626,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":5,"flow_src_last_pkt_time":1499347161657977,"flow_dst_last_pkt_time":1499347161658201,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347161658201,"pkt":"AMGxFOsxABm5CmnxCABFAAA0dW5AAEAGTmrAqAoyrBAAAQBQ07o+DQO+HYWYWoARAOMR8gAAAQEICgPjdtABOaVZ"}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1635,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347163177633,"flow_src_last_pkt_time":1499347163177633,"flow_dst_last_pkt_time":1499347163177633,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347163177633,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -1650,6 +1650,7 @@
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3204,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":3,"flow_src_last_pkt_time":1499347352699665,"flow_dst_last_pkt_time":1499347352699146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347352699665,"pkt":"ABm5CmnxAMGxFOsxCABFAAA094hAAD4Gzk+sEAABwKgKMtvYAFB9d6huLEE\/4IAQAOX6UwAAAQEICgE6X+oD5DFg"}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3208,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":4,"flow_src_last_pkt_time":1499347352713119,"flow_dst_last_pkt_time":1499347347483667,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347352713119,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D8tAAD4Gtg2sEAABwKgKMtuiAFCZ3FUcYtOXTYARAOWoiwAAAQEICgE6X+0D5CxI"}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3209,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":5,"flow_src_last_pkt_time":1499347352713119,"flow_dst_last_pkt_time":1499347352713207,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347352713207,"pkt":"AMGxFOsxABm5CmnxCABFAAA0pi5AAEAGHarAqAoyrBAAAQBQ26Ji05dNmdxVHYARAOOjcQAAAQEICgPkMWMBOl\/t"}
+01348{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":105,"flow_first_seen":1499347163177633,"flow_src_last_pkt_time":1499347230695898,"flow_dst_last_pkt_time":1499347230695923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183673,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68"}}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347219208358,"flow_src_last_pkt_time":1499347224678056,"flow_dst_last_pkt_time":1499347224677345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347219208358,"flow_src_last_pkt_time":1499347224678056,"flow_dst_last_pkt_time":1499347224677345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347220447373,"flow_src_last_pkt_time":1499347225677535,"flow_dst_last_pkt_time":1499347225676984,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
@@ -1660,7 +1661,6 @@
 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347224338550,"flow_src_last_pkt_time":1499347229678983,"flow_dst_last_pkt_time":1499347229678445,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347225590247,"flow_src_last_pkt_time":1499347230679597,"flow_dst_last_pkt_time":1499347230678898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347225590247,"flow_src_last_pkt_time":1499347230679597,"flow_dst_last_pkt_time":1499347230678898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01348{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":105,"flow_first_seen":1499347163177633,"flow_src_last_pkt_time":1499347230695898,"flow_dst_last_pkt_time":1499347230695923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1869,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183673,"midstream":0,"thread_ts_usec":1499347353987009,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68"}}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3217,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":4,"flow_src_last_pkt_time":1499347354714108,"flow_dst_last_pkt_time":1499347348776752,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347354714108,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0P2tAAD4Ghm2sEAABwKgKMtuwAFBd3mN9I1Y0SoARAOV1YwAAAQEICgE6YeID5C2L"}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3218,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":5,"flow_src_last_pkt_time":1499347354714108,"flow_dst_last_pkt_time":1499347354714326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347354714326,"pkt":"AMGxFOsxABm5CmnxCABFAAA0BxJAAEAGvMbAqAoyrBAAAQBQ27AjVjRKXd5jfoARAONvlwAAAQEICgPkM1gBOmHi"}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3223,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347355229572,"flow_src_last_pkt_time":1499347355229572,"flow_dst_last_pkt_time":1499347355229572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347355229572,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -2570,6 +2570,7 @@
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4829,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":3,"flow_src_last_pkt_time":1499347546428846,"flow_dst_last_pkt_time":1499347546428110,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347546428846,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Q6xAAD4GgiysEAABwKgKMuPqAFBqhV6xjcYFyYAQAOWtIAAAAQEICgE7HRsD5O6Q"}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4833,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":4,"flow_src_last_pkt_time":1499347546762236,"flow_dst_last_pkt_time":1499347541398529,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347546762236,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WJlAAD4GbT+sEAABwKgKMuO0AFCKGUCnXcM2s4ARAOWvegAAAQEICgE7HW4D5Omn"}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4834,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":5,"flow_src_last_pkt_time":1499347546762236,"flow_dst_last_pkt_time":1499347546762530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347546762530,"pkt":"AMGxFOsxABm5CmnxCABFAAA02FdAAEAG64DAqAoyrBAAAQBQ47RdwzazihlAqIARAOOqPgAAAQEICgPk7uQBOx1u"}
+01252{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":115,"flow_first_seen":1499347355229572,"flow_src_last_pkt_time":1499347423381119,"flow_dst_last_pkt_time":1499347423381183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1870,"flow_src_tot_l4_payload_len":48783,"flow_dst_tot_l4_payload_len":183606,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68"}}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347412160466,"flow_src_last_pkt_time":1499347417729226,"flow_dst_last_pkt_time":1499347417728489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347412160466,"flow_src_last_pkt_time":1499347417729226,"flow_dst_last_pkt_time":1499347417728489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347413405117,"flow_src_last_pkt_time":1499347418729836,"flow_dst_last_pkt_time":1499347418729093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
@@ -2582,7 +2583,6 @@
 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347418519306,"flow_src_last_pkt_time":1499347423606384,"flow_dst_last_pkt_time":1499347423605908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347421069175,"flow_src_last_pkt_time":1499347426732103,"flow_dst_last_pkt_time":1499347426731330,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347421069175,"flow_src_last_pkt_time":1499347426732103,"flow_dst_last_pkt_time":1499347426731330,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01252{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":115,"flow_first_seen":1499347355229572,"flow_src_last_pkt_time":1499347423381119,"flow_dst_last_pkt_time":1499347423381183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1870,"flow_src_tot_l4_payload_len":48783,"flow_dst_tot_l4_payload_len":183606,"midstream":0,"thread_ts_usec":1499347546763246,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68"}}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4839,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347547687536,"flow_src_last_pkt_time":1499347547687536,"flow_dst_last_pkt_time":1499347547687536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347547687536,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4839,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_src_last_pkt_time":1499347547687536,"flow_dst_last_pkt_time":1499347547687536,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347547687536,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89IlAAD4G0UasEAABwKgKMuP4AFDYf+rfAAAAAKACchCXygAAAgQFtAQCCAoBOx5WAAAAAAEDAwc="}
 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4840,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":2,"flow_src_last_pkt_time":1499347547687536,"flow_dst_last_pkt_time":1499347547687660,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347547687660,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4\/gRtWE22H\/q4KAScSAyDgAAAgQFtAQCCAoD5O\/LATseVgEDAwc="}
@@ -3449,18 +3449,18 @@
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6365,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":3,"flow_src_last_pkt_time":1499347730502460,"flow_dst_last_pkt_time":1499347730501671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347730502460,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03utAAD4G5uysEAABwKgKMuuoAFBoeQ41xcIs7YAQAOUxRAAAAQEICgE70N4D5aJS"}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6369,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":4,"flow_src_last_pkt_time":1499347730817366,"flow_dst_last_pkt_time":1499347725356095,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347730817366,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jaJAAD4GODasEAABwKgKMutyAFBT4UZ4dePufYARAOWg0wAAAQEICgE70S0D5Z1M"}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6370,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":5,"flow_src_last_pkt_time":1499347730817366,"flow_dst_last_pkt_time":1499347730817612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347730817612,"pkt":"AMGxFOsxABm5CmnxCABFAAA0TNxAAEAGdvzAqAoyrBAAAQBQ63J14+59U+FGeYARAOObfwAAAQEICgPloqEBO9Et"}
-00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347602223242,"flow_src_last_pkt_time":1499347607783132,"flow_dst_last_pkt_time":1499347607782329,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
-00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347602223242,"flow_src_last_pkt_time":1499347607783132,"flow_dst_last_pkt_time":1499347607782329,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347603507258,"flow_src_last_pkt_time":1499347608786078,"flow_dst_last_pkt_time":1499347608783331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
-00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347603507258,"flow_src_last_pkt_time":1499347608786078,"flow_dst_last_pkt_time":1499347608783331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347604752176,"flow_src_last_pkt_time":1499347609784116,"flow_dst_last_pkt_time":1499347609783271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
-00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347604752176,"flow_src_last_pkt_time":1499347609784116,"flow_dst_last_pkt_time":1499347609783271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347597121690,"flow_src_last_pkt_time":1499347602781318,"flow_dst_last_pkt_time":1499347602779522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347597121690,"flow_src_last_pkt_time":1499347602781318,"flow_dst_last_pkt_time":1499347602779522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347598383395,"flow_src_last_pkt_time":1499347603782244,"flow_dst_last_pkt_time":1499347603780495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347598383395,"flow_src_last_pkt_time":1499347603782244,"flow_dst_last_pkt_time":1499347603780495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347599663313,"flow_src_last_pkt_time":1499347604783249,"flow_dst_last_pkt_time":1499347604781350,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347599663313,"flow_src_last_pkt_time":1499347604783249,"flow_dst_last_pkt_time":1499347604781350,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347602223242,"flow_src_last_pkt_time":1499347607783132,"flow_dst_last_pkt_time":1499347607782329,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
+00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347602223242,"flow_src_last_pkt_time":1499347607783132,"flow_dst_last_pkt_time":1499347607782329,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347603507258,"flow_src_last_pkt_time":1499347608786078,"flow_dst_last_pkt_time":1499347608783331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
+00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347603507258,"flow_src_last_pkt_time":1499347608786078,"flow_dst_last_pkt_time":1499347608783331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347604752176,"flow_src_last_pkt_time":1499347609784116,"flow_dst_last_pkt_time":1499347609783271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
+00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347604752176,"flow_src_last_pkt_time":1499347609784116,"flow_dst_last_pkt_time":1499347609783271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347730818343,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6375,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347731797840,"flow_src_last_pkt_time":1499347731797840,"flow_dst_last_pkt_time":1499347731797840,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347731797840,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6375,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_src_last_pkt_time":1499347731797840,"flow_dst_last_pkt_time":1499347731797840,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347731797840,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84K9AAD4G5SCsEAABwKgKMuu2AFCGTjKNAAAAAKACchDmwwAAAgQFtAQCCAoBO9IiAAAAAAEDAwc="}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6376,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":2,"flow_src_last_pkt_time":1499347731797840,"flow_dst_last_pkt_time":1499347731797935,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347731797935,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ67ZFR3+Dhk4yjqAScSB7XAAAAgQFtAQCCAoD5aOWATvSIgEDAwc="}
@@ -3503,6 +3503,7 @@
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6456,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":3,"flow_src_last_pkt_time":1499347740752516,"flow_dst_last_pkt_time":1499347740751958,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347740752516,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0V39AAD4GblmsEAABwKgKMuwWAFBKCo2f9bwHlYAQAOWxMwAAAQEICgE72uAD5axV"}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6460,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":4,"flow_src_last_pkt_time":1499347740820415,"flow_dst_last_pkt_time":1499347735664610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347740820415,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QgxAAD4Gg8ysEAABwKgKMuvgAFB2opfjzdSV2IARAOUZGAAAAQEICgE72vED5add"}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6461,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":5,"flow_src_last_pkt_time":1499347740820415,"flow_dst_last_pkt_time":1499347740820603,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347740820603,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Ob5AAEAGihrAqAoyrBAAAQBQ6+DN1JXYdqKX5IARAOMUEAAAAQEICgPlrGYBO9rx"}
+01348{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_src_packets_processed":210,"flow_dst_packets_processed":105,"flow_first_seen":1499347547687536,"flow_src_last_pkt_time":1499347614978921,"flow_dst_last_pkt_time":1499347614979004,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1870,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183697,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68"}}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347606078239,"flow_src_last_pkt_time":1499347611787086,"flow_dst_last_pkt_time":1499347611785240,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347606078239,"flow_src_last_pkt_time":1499347611787086,"flow_dst_last_pkt_time":1499347611785240,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347607344496,"flow_src_last_pkt_time":1499347612785000,"flow_dst_last_pkt_time":1499347612784293,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
@@ -3513,7 +3514,6 @@
 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347612465993,"flow_src_last_pkt_time":1499347617785866,"flow_dst_last_pkt_time":1499347617785117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347613718984,"flow_src_last_pkt_time":1499347618787857,"flow_dst_last_pkt_time":1499347618786046,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347613718984,"flow_src_last_pkt_time":1499347618787857,"flow_dst_last_pkt_time":1499347618786046,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01348{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"finished","flow_src_packets_processed":210,"flow_dst_packets_processed":105,"flow_first_seen":1499347547687536,"flow_src_last_pkt_time":1499347614978921,"flow_dst_last_pkt_time":1499347614979004,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1870,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183697,"midstream":0,"thread_ts_usec":1499347740821372,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68"}}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6472,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347743331813,"flow_src_last_pkt_time":1499347743331813,"flow_dst_last_pkt_time":1499347743331813,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347743331813,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6472,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_src_last_pkt_time":1499347743331813,"flow_dst_last_pkt_time":1499347743331813,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347743331813,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iytAAD4GOqWsEAABwKgKMuwwAFCeqlZOAAAAAKACchCe6QAAAgQFtAQCCAoBO91lAAAAAAEDAwc="}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6473,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":2,"flow_src_last_pkt_time":1499347743331813,"flow_dst_last_pkt_time":1499347743331943,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347743331943,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7DCbKjZEnqpWT6AScSAbmgAAAgQFtAQCCAoD5a7aATvdZQEDAwc="}
@@ -4354,6 +4354,8 @@
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7962,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":3,"flow_src_last_pkt_time":1499347926329410,"flow_dst_last_pkt_time":1499347926328679,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347926329410,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Y4lAAD4GYk+sEAABwKgKMoVgAFAOjvOUfNqs7YAQAOVWhAAAAQEICgE8kBsD5mGP"}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7966,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":4,"flow_src_last_pkt_time":1499347926878386,"flow_dst_last_pkt_time":1499347921170952,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347926878386,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rYRAAD4GGFSsEAABwKgKMoUqAFCWpCaU4YGl1YARAOVClAAAAQEICgE8kKQD5lyG"}
 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7967,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":5,"flow_src_last_pkt_time":1499347926878386,"flow_dst_last_pkt_time":1499347926879478,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347926879478,"pkt":"AMGxFOsxABm5CmnxCABFAAA0x8xAAEAG\/AvAqAoyrBAAAQBQhSrhgaXVlqQmlYARAOM9AgAAAQEICgPmYhkBPJCk"}
+00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347792291066,"flow_src_last_pkt_time":1499347797838297,"flow_dst_last_pkt_time":1499347797837778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
+00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347792291066,"flow_src_last_pkt_time":1499347797838297,"flow_dst_last_pkt_time":1499347797837778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347793575417,"flow_src_last_pkt_time":1499347798838630,"flow_dst_last_pkt_time":1499347798837872,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347793575417,"flow_src_last_pkt_time":1499347798838630,"flow_dst_last_pkt_time":1499347798837872,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347796130119,"flow_src_last_pkt_time":1499347801839620,"flow_dst_last_pkt_time":1499347801839100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
@@ -4364,8 +4366,6 @@
 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347798713386,"flow_src_last_pkt_time":1499347803840244,"flow_dst_last_pkt_time":1499347803839542,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347801271157,"flow_src_last_pkt_time":1499347806841224,"flow_dst_last_pkt_time":1499347806840676,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347801271157,"flow_src_last_pkt_time":1499347806841224,"flow_dst_last_pkt_time":1499347806840676,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347792291066,"flow_src_last_pkt_time":1499347797838297,"flow_dst_last_pkt_time":1499347797837778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
-00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347792291066,"flow_src_last_pkt_time":1499347797838297,"flow_dst_last_pkt_time":1499347797837778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347926880040,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7972,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347927657910,"flow_src_last_pkt_time":1499347927657910,"flow_dst_last_pkt_time":1499347927657910,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347927657910,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7972,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_src_last_pkt_time":1499347927657910,"flow_dst_last_pkt_time":1499347927657910,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347927657910,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NcxAAD4GkASsEAABwKgKMoVuAFCXD6SrAAAAAKACchAK5wAAAgQFtAQCCAoBPJFnAAAAAAEDAwc="}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7973,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":2,"flow_src_last_pkt_time":1499347927657910,"flow_dst_last_pkt_time":1499347927657999,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347927657999,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhW4waOSnlw+krKAScSCP9AAAAgQFtAQCCAoD5mLbATyRZwEDAwc="}
@@ -4402,6 +4402,7 @@
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8046,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":3,"flow_src_last_pkt_time":1499347936728282,"flow_dst_last_pkt_time":1499347936727763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347936728282,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IMNAAD4GpRWsEAABwKgKMoXMAFAQdrqCqMIPPYAQAOXqugAAAQEICgE8mkMD5mu3"}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8050,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":4,"flow_src_last_pkt_time":1499347936880623,"flow_dst_last_pkt_time":1499347931530027,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347936880623,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j8BAAD4GNhisEAABwKgKMoWWAFDyyRqSHS1uJYARAOXaJwAAAQEICgE8mmkD5maj"}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8051,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":5,"flow_src_last_pkt_time":1499347936880623,"flow_dst_last_pkt_time":1499347936880812,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347936880812,"pkt":"AMGxFOsxABm5CmnxCABFAAA0BfhAAEAGveDAqAoyrBAAAQBQhZYdLW4l8skak4ARAOPU7gAAAQEICgPma90BPJpp"}
+01252{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":106,"flow_first_seen":1499347743331813,"flow_src_last_pkt_time":1499347811268732,"flow_dst_last_pkt_time":1499347811268780,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1870,"flow_src_tot_l4_payload_len":48783,"flow_dst_tot_l4_payload_len":183592,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68"}}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347802549433,"flow_src_last_pkt_time":1499347807841718,"flow_dst_last_pkt_time":1499347807841171,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347802549433,"flow_src_last_pkt_time":1499347807841718,"flow_dst_last_pkt_time":1499347807841171,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347805119465,"flow_src_last_pkt_time":1499347810842466,"flow_dst_last_pkt_time":1499347810841768,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
@@ -4412,7 +4413,6 @@
 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347810243756,"flow_src_last_pkt_time":1499347815843256,"flow_dst_last_pkt_time":1499347815842474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347811525785,"flow_src_last_pkt_time":1499347816843891,"flow_dst_last_pkt_time":1499347816843100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347811525785,"flow_src_last_pkt_time":1499347816843891,"flow_dst_last_pkt_time":1499347816843100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01252{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"finished","flow_src_packets_processed":205,"flow_dst_packets_processed":106,"flow_first_seen":1499347743331813,"flow_src_last_pkt_time":1499347811268732,"flow_dst_last_pkt_time":1499347811268780,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1870,"flow_src_tot_l4_payload_len":48783,"flow_dst_tot_l4_payload_len":183592,"midstream":0,"thread_ts_usec":1499347936881389,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68"}}
 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8062,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347939286105,"flow_src_last_pkt_time":1499347939286105,"flow_dst_last_pkt_time":1499347939286105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347939286105,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8062,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_src_last_pkt_time":1499347939286105,"flow_dst_last_pkt_time":1499347939286105,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347939286105,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86O9AAD4G3OCsEAABwKgKMoXmAFBSpnQtAAAAAKACchBz+wAAAgQFtAQCCAoBPJzCAAAAAAEDAwc="}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8063,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":2,"flow_src_last_pkt_time":1499347939286105,"flow_dst_last_pkt_time":1499347939286276,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347939286276,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQheYnhiyyUqZ0LqAScSCuhQAAAgQFtAQCCAoD5m42ATycwgEDAwc="}
@@ -5151,6 +5151,7 @@
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9369,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_src_last_pkt_time":1499348099359601,"flow_dst_last_pkt_time":1499348099359601,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348099359601,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tSBAAD4GELCsEAABwKgKMoxuAFCNr4w1AAAAAKACchB+DgAAAgQFtAQCCAoBPTkVAAAAAAEDAwc="}
 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9370,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":2,"flow_src_last_pkt_time":1499348099359601,"flow_dst_last_pkt_time":1499348099359726,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348099359726,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjG7WE+F5ja+MNqAScSC47wAAAgQFtAQCCAoD5wqJAT05FQEDAwc="}
 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9371,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":3,"flow_src_last_pkt_time":1499348099360303,"flow_dst_last_pkt_time":1499348099359726,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499348099360303,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tSFAAD4GELesEAABwKgKMoxuAFCNr4w21hPheoAQAOVX9wAAAQEICgE9ORUD5wqJ"}
+01348{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"finished","flow_src_packets_processed":206,"flow_dst_packets_processed":105,"flow_first_seen":1499347939286105,"flow_src_last_pkt_time":1499348006339850,"flow_dst_last_pkt_time":1499348006339926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1870,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183687,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68"}}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347967724898,"flow_src_last_pkt_time":1499347972889665,"flow_dst_last_pkt_time":1499347972889121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347967724898,"flow_src_last_pkt_time":1499347972889665,"flow_dst_last_pkt_time":1499347972889121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1499347970267013,"flow_src_last_pkt_time":1499347975890795,"flow_dst_last_pkt_time":1499347975890284,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
@@ -5301,7 +5302,6 @@
 00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348096595051,"flow_src_last_pkt_time":1499348096595952,"flow_dst_last_pkt_time":1499348096595195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00972{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348099359601,"flow_src_last_pkt_time":1499348099360303,"flow_dst_last_pkt_time":1499348099359726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}}
 00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348099359601,"flow_src_last_pkt_time":1499348099360303,"flow_dst_last_pkt_time":1499348099359726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-01348{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"finished","flow_src_packets_processed":206,"flow_dst_packets_processed":105,"flow_first_seen":1499347939286105,"flow_src_last_pkt_time":1499348006339850,"flow_dst_last_pkt_time":1499348006339926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1870,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183687,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"205.174.165.68"}}
 00865{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":9374,"packets-processed":9374,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4091888,"total-not-detected-flows":0,"total-guessed-flows":639,"total-detected-flows":22,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":661,"total-idle-flows":661,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":5305,"global_ts_usec":1499348099366088}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 9374/9374
@@ -5311,8 +5311,8 @@
 ~~ total active/idle flows...: 661/661
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 8521534 bytes
-~~ total memory freed........: 8521534 bytes
+~~ total memory allocated....: 8774974 bytes
+~~ total memory freed........: 8774974 bytes
 ~~ total allocations/frees...: 131604/131604
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 550 chars