{"help": "https://natwork-data-portal.iti.gr:443/fa_IR/api/3/action/help_show?name=datastore_search", "success": true, "result": {"include_total": true, "limit": 100, "records_format": "objects", "resource_id": "97225c00-8851-4542-b4e0-e42bededdf68", "total_estimation_threshold": null, "records": [{"_id":1,"ip.session_id":1,"meta.direction":0,"ip.pkts_per_flow":1,"duration":0.02949690818786621,"ip.header_len":20,"ip.payload_len":32,"ip.avg_bytes_tot_len":114.0,"time_between_pkts_sum":29.49690818786621,"time_between_pkts_avg":29.49690818786621,"time_between_pkts_max":29.49690818786621,"time_between_pkts_min":29.49690818786621,"time_between_pkts_std":0.0,"(-0.001, 50.0]":1,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":1,"pkts_rate":33.901858243277104,"tcp_bytes_per_flow":0,"byte_rate":33.901858243277104,"tcp.tcp_session_payload_up_len":1,"tcp.tcp_session_payload_down_len":1,"(-0.001, 150.0]":1,"(150.0, 300.0]":0,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":0,"tcp.syn":0,"tcp.rst":0,"tcp.psh":0,"tcp.ack":1,"tcp.urg":0,"sport_g":1,"sport_le":0,"dport_g":0,"dport_le":1,"mean_tcp_pkts":43852,"std_tcp_pkts":0,"min_tcp_pkts":43852,"max_tcp_pkts":43852,"entropy_tcp_pkts":0,"mean_tcp_len":0.0,"std_tcp_len":0.0,"min_tcp_len":0,"max_tcp_len":0,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":2,"ip.session_id":1,"meta.direction":1,"ip.pkts_per_flow":1,"duration":0.0,"ip.header_len":20,"ip.payload_len":156,"ip.avg_bytes_tot_len":114.0,"time_between_pkts_sum":0.0,"time_between_pkts_avg":0.0,"time_between_pkts_max":0.0,"time_between_pkts_min":0.0,"time_between_pkts_std":0.0,"(-0.001, 50.0]":1,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":1,"pkts_rate":0.0,"tcp_bytes_per_flow":124,"byte_rate":0.0,"tcp.tcp_session_payload_up_len":1,"tcp.tcp_session_payload_down_len":1,"(-0.001, 150.0]":1,"(150.0, 300.0]":0,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":0,"tcp.syn":0,"tcp.rst":0,"tcp.psh":1,"tcp.ack":1,"tcp.urg":0,"sport_g":0,"sport_le":1,"dport_g":1,"dport_le":0,"mean_tcp_pkts":22,"std_tcp_pkts":0,"min_tcp_pkts":22,"max_tcp_pkts":22,"entropy_tcp_pkts":0,"mean_tcp_len":124.0,"std_tcp_len":0.0,"min_tcp_len":124,"max_tcp_len":124,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":3,"ip.session_id":2,"meta.direction":1,"ip.pkts_per_flow":123,"duration":122.73659992218018,"ip.header_len":2460,"ip.payload_len":2460,"ip.avg_bytes_tot_len":40.0,"time_between_pkts_sum":106365.53001403809,"time_between_pkts_avg":864.7604066181958,"time_between_pkts_max":1000.4539489746094,"time_between_pkts_min":7.863044738769531,"time_between_pkts_std":281.49645727348747,"(-0.001, 50.0]":5,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":1,"(200.0, 250.0]":2,"(250.0, 300.0]":3,"(300.0, 350.0]":3,"(350.0, 400.0]":2,"(400.0, 450.0]":2,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":0,"pkts_rate":0.0,"tcp_bytes_per_flow":0,"byte_rate":0.0,"tcp.tcp_session_payload_up_len":0,"tcp.tcp_session_payload_down_len":0,"(-0.001, 150.0]":0,"(150.0, 300.0]":0,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":0,"tcp.syn":0,"tcp.rst":0,"tcp.psh":0,"tcp.ack":0,"tcp.urg":0,"sport_g":0,"sport_le":0,"dport_g":0,"dport_le":0,"mean_tcp_pkts":0,"std_tcp_pkts":0,"min_tcp_pkts":0,"max_tcp_pkts":0,"entropy_tcp_pkts":0,"mean_tcp_len":0.0,"std_tcp_len":0.0,"min_tcp_len":0,"max_tcp_len":0,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":4,"ip.session_id":3,"meta.direction":0,"ip.pkts_per_flow":7,"duration":5.560498952865601,"ip.header_len":140,"ip.payload_len":407,"ip.avg_bytes_tot_len":84.76923076923077,"time_between_pkts_sum":641.1981582641602,"time_between_pkts_avg":91.59973689488002,"time_between_pkts_max":639.2149925231934,"time_between_pkts_min":0.05507469177246094,"time_between_pkts_std":241.4757112557656,"(-0.001, 50.0]":6,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":7,"pkts_rate":1.2588798342264866,"tcp_bytes_per_flow":175,"byte_rate":1.2588798342264866,"tcp.tcp_session_payload_up_len":7,"tcp.tcp_session_payload_down_len":7,"(-0.001, 150.0]":6,"(150.0, 300.0]":1,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":1,"tcp.ack":6,"tcp.urg":0,"sport_g":7,"sport_le":0,"dport_g":7,"dport_le":0,"mean_tcp_pkts":46181,"std_tcp_pkts":0,"min_tcp_pkts":46181,"max_tcp_pkts":46181,"entropy_tcp_pkts":0,"mean_tcp_len":25.0,"std_tcp_len":66.14378277661476,"min_tcp_len":0,"max_tcp_len":175,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":5,"ip.session_id":3,"meta.direction":1,"ip.pkts_per_flow":6,"duration":5.560443878173828,"ip.header_len":120,"ip.payload_len":435,"ip.avg_bytes_tot_len":84.76923076923077,"time_between_pkts_sum":194.99588012695312,"time_between_pkts_avg":32.49931335449219,"time_between_pkts_max":193.50695610046387,"time_between_pkts_min":0.010013580322265625,"time_between_pkts_std":78.87791927135538,"(-0.001, 50.0]":5,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":1,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":6,"pkts_rate":1.0790505455061856,"tcp_bytes_per_flow":235,"byte_rate":1.0790505455061856,"tcp.tcp_session_payload_up_len":6,"tcp.tcp_session_payload_down_len":6,"(-0.001, 150.0]":5,"(150.0, 300.0]":1,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":2,"tcp.ack":6,"tcp.urg":0,"sport_g":6,"sport_le":0,"dport_g":6,"dport_le":0,"mean_tcp_pkts":8080,"std_tcp_pkts":0,"min_tcp_pkts":8080,"max_tcp_pkts":8080,"entropy_tcp_pkts":0,"mean_tcp_len":39.166666666666664,"std_tcp_len":93.51024899264608,"min_tcp_len":0,"max_tcp_len":230,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":6,"ip.session_id":4,"meta.direction":0,"ip.pkts_per_flow":6,"duration":37.71916389465332,"ip.header_len":120,"ip.payload_len":494,"ip.avg_bytes_tot_len":95.7,"time_between_pkts_sum":42.42300987243652,"time_between_pkts_avg":7.070501645406087,"time_between_pkts_max":29.272079467773438,"time_between_pkts_min":0.32901763916015625,"time_between_pkts_std":11.740902824974015,"(-0.001, 50.0]":6,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":6,"pkts_rate":0.15907033402854664,"tcp_bytes_per_flow":294,"byte_rate":0.15907033402854664,"tcp.tcp_session_payload_up_len":6,"tcp.tcp_session_payload_down_len":6,"(-0.001, 150.0]":5,"(150.0, 300.0]":1,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":1,"tcp.ack":5,"tcp.urg":0,"sport_g":6,"sport_le":0,"dport_g":6,"dport_le":0,"mean_tcp_pkts":36945,"std_tcp_pkts":0,"min_tcp_pkts":36945,"max_tcp_pkts":36945,"entropy_tcp_pkts":0,"mean_tcp_len":49.0,"std_tcp_len":120.02499739637572,"min_tcp_len":0,"max_tcp_len":294,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":7,"ip.session_id":4,"meta.direction":1,"ip.pkts_per_flow":4,"duration":37.71860098838806,"ip.header_len":80,"ip.payload_len":263,"ip.avg_bytes_tot_len":95.7,"time_between_pkts_sum":5.609035491943359,"time_between_pkts_avg":1.4022588729858398,"time_between_pkts_max":4.354000091552734,"time_between_pkts_min":0.008106231689453125,"time_between_pkts_std":2.039419848401413,"(-0.001, 50.0]":4,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":4,"pkts_rate":0.10604847197888989,"tcp_bytes_per_flow":127,"byte_rate":0.10604847197888989,"tcp.tcp_session_payload_up_len":4,"tcp.tcp_session_payload_down_len":4,"(-0.001, 150.0]":4,"(150.0, 300.0]":0,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":1,"tcp.ack":4,"tcp.urg":0,"sport_g":4,"sport_le":0,"dport_g":4,"dport_le":0,"mean_tcp_pkts":8080,"std_tcp_pkts":0,"min_tcp_pkts":8080,"max_tcp_pkts":8080,"entropy_tcp_pkts":0,"mean_tcp_len":31.75,"std_tcp_len":63.5,"min_tcp_len":0,"max_tcp_len":127,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":8,"ip.session_id":5,"meta.direction":0,"ip.pkts_per_flow":6,"duration":5.648295879364014,"ip.header_len":120,"ip.payload_len":358,"ip.avg_bytes_tot_len":76.9375,"time_between_pkts_sum":5.658626556396484,"time_between_pkts_avg":0.9431044260660807,"time_between_pkts_max":2.3200511932373047,"time_between_pkts_min":0.21505355834960938,"time_between_pkts_std":0.7909765619904753,"(-0.001, 50.0]":6,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":6,"pkts_rate":1.062267297632359,"tcp_bytes_per_flow":158,"byte_rate":1.062267297632359,"tcp.tcp_session_payload_up_len":6,"tcp.tcp_session_payload_down_len":6,"(-0.001, 150.0]":6,"(150.0, 300.0]":0,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":3,"tcp.ack":6,"tcp.urg":0,"sport_g":6,"sport_le":0,"dport_g":6,"dport_le":0,"mean_tcp_pkts":1389,"std_tcp_pkts":0,"min_tcp_pkts":1389,"max_tcp_pkts":1389,"entropy_tcp_pkts":0,"mean_tcp_len":26.333333333333332,"std_tcp_len":45.332843134604595,"min_tcp_len":0,"max_tcp_len":116,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":9,"ip.session_id":5,"meta.direction":1,"ip.pkts_per_flow":10,"duration":5.648313045501709,"ip.header_len":200,"ip.payload_len":553,"ip.avg_bytes_tot_len":76.9375,"time_between_pkts_sum":69.81635093688965,"time_between_pkts_avg":6.981635093688965,"time_between_pkts_max":40.75908660888672,"time_between_pkts_min":0.0069141387939453125,"time_between_pkts_std":13.743688018729877,"(-0.001, 50.0]":10,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":10,"pkts_rate":1.7704401153834692,"tcp_bytes_per_flow":225,"byte_rate":1.7704401153834692,"tcp.tcp_session_payload_up_len":10,"tcp.tcp_session_payload_down_len":10,"(-0.001, 150.0]":9,"(150.0, 300.0]":1,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":3,"tcp.ack":9,"tcp.urg":0,"sport_g":10,"sport_le":0,"dport_g":10,"dport_le":0,"mean_tcp_pkts":49524,"std_tcp_pkts":0,"min_tcp_pkts":49524,"max_tcp_pkts":49524,"entropy_tcp_pkts":0,"mean_tcp_len":22.5,"std_tcp_len":54.82750728927548,"min_tcp_len":0,"max_tcp_len":175,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":10,"ip.session_id":6,"meta.direction":0,"ip.pkts_per_flow":6,"duration":5.702885866165161,"ip.header_len":120,"ip.payload_len":358,"ip.avg_bytes_tot_len":76.9375,"time_between_pkts_sum":2.6907920837402344,"time_between_pkts_avg":0.44846534729003906,"time_between_pkts_max":0.6737709045410156,"time_between_pkts_min":0.16999244689941406,"time_between_pkts_std":0.1723066098036956,"(-0.001, 50.0]":6,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":6,"pkts_rate":1.0520989093605393,"tcp_bytes_per_flow":158,"byte_rate":1.0520989093605393,"tcp.tcp_session_payload_up_len":6,"tcp.tcp_session_payload_down_len":6,"(-0.001, 150.0]":6,"(150.0, 300.0]":0,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":3,"tcp.ack":6,"tcp.urg":0,"sport_g":6,"sport_le":0,"dport_g":6,"dport_le":0,"mean_tcp_pkts":1389,"std_tcp_pkts":0,"min_tcp_pkts":1389,"max_tcp_pkts":1389,"entropy_tcp_pkts":0,"mean_tcp_len":26.333333333333332,"std_tcp_len":45.332843134604595,"min_tcp_len":0,"max_tcp_len":116,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":11,"ip.session_id":6,"meta.direction":1,"ip.pkts_per_flow":10,"duration":5.702898979187012,"ip.header_len":200,"ip.payload_len":553,"ip.avg_bytes_tot_len":76.9375,"time_between_pkts_sum":51.8951416015625,"time_between_pkts_avg":5.18951416015625,"time_between_pkts_max":42.5260066986084,"time_between_pkts_min":0.010967254638671875,"time_between_pkts_std":13.381491322322049,"(-0.001, 50.0]":10,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":10,"pkts_rate":1.7534941503427386,"tcp_bytes_per_flow":225,"byte_rate":1.7534941503427386,"tcp.tcp_session_payload_up_len":10,"tcp.tcp_session_payload_down_len":10,"(-0.001, 150.0]":9,"(150.0, 300.0]":1,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":3,"tcp.ack":9,"tcp.urg":0,"sport_g":10,"sport_le":0,"dport_g":10,"dport_le":0,"mean_tcp_pkts":49538,"std_tcp_pkts":0,"min_tcp_pkts":49538,"max_tcp_pkts":49538,"entropy_tcp_pkts":0,"mean_tcp_len":22.5,"std_tcp_len":54.82750728927548,"min_tcp_len":0,"max_tcp_len":175,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":12,"ip.session_id":7,"meta.direction":0,"ip.pkts_per_flow":6,"duration":5.751245975494385,"ip.header_len":120,"ip.payload_len":358,"ip.avg_bytes_tot_len":76.9375,"time_between_pkts_sum":3.0629634857177734,"time_between_pkts_avg":0.5104939142862955,"time_between_pkts_max":0.9510517120361328,"time_between_pkts_min":0.16689300537109375,"time_between_pkts_std":0.2825283869980548,"(-0.001, 50.0]":6,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":6,"pkts_rate":1.043252197100513,"tcp_bytes_per_flow":158,"byte_rate":1.043252197100513,"tcp.tcp_session_payload_up_len":6,"tcp.tcp_session_payload_down_len":6,"(-0.001, 150.0]":6,"(150.0, 300.0]":0,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":3,"tcp.ack":6,"tcp.urg":0,"sport_g":6,"sport_le":0,"dport_g":6,"dport_le":0,"mean_tcp_pkts":1389,"std_tcp_pkts":0,"min_tcp_pkts":1389,"max_tcp_pkts":1389,"entropy_tcp_pkts":0,"mean_tcp_len":26.333333333333332,"std_tcp_len":45.332843134604595,"min_tcp_len":0,"max_tcp_len":116,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":13,"ip.session_id":7,"meta.direction":1,"ip.pkts_per_flow":10,"duration":5.751263856887817,"ip.header_len":200,"ip.payload_len":553,"ip.avg_bytes_tot_len":76.9375,"time_between_pkts_sum":29.249906539916992,"time_between_pkts_avg":2.924990653991699,"time_between_pkts_max":25.09307861328125,"time_between_pkts_min":0.0040531158447265625,"time_between_pkts_std":7.84354381453893,"(-0.001, 50.0]":10,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":10,"pkts_rate":1.7387482558331626,"tcp_bytes_per_flow":225,"byte_rate":1.7387482558331626,"tcp.tcp_session_payload_up_len":10,"tcp.tcp_session_payload_down_len":10,"(-0.001, 150.0]":9,"(150.0, 300.0]":1,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":3,"tcp.ack":9,"tcp.urg":0,"sport_g":10,"sport_le":0,"dport_g":10,"dport_le":0,"mean_tcp_pkts":49548,"std_tcp_pkts":0,"min_tcp_pkts":49548,"max_tcp_pkts":49548,"entropy_tcp_pkts":0,"mean_tcp_len":22.5,"std_tcp_len":54.82750728927548,"min_tcp_len":0,"max_tcp_len":175,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":14,"ip.session_id":8,"meta.direction":0,"ip.pkts_per_flow":6,"duration":5.798953056335449,"ip.header_len":120,"ip.payload_len":358,"ip.avg_bytes_tot_len":76.9375,"time_between_pkts_sum":2.879619598388672,"time_between_pkts_avg":0.4799365997314453,"time_between_pkts_max":0.7889270782470703,"time_between_pkts_min":0.30493736267089844,"time_between_pkts_std":0.20852394786539466,"(-0.001, 50.0]":6,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":6,"pkts_rate":1.0346695242591943,"tcp_bytes_per_flow":158,"byte_rate":1.0346695242591943,"tcp.tcp_session_payload_up_len":6,"tcp.tcp_session_payload_down_len":6,"(-0.001, 150.0]":6,"(150.0, 300.0]":0,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":3,"tcp.ack":6,"tcp.urg":0,"sport_g":6,"sport_le":0,"dport_g":6,"dport_le":0,"mean_tcp_pkts":1389,"std_tcp_pkts":0,"min_tcp_pkts":1389,"max_tcp_pkts":1389,"entropy_tcp_pkts":0,"mean_tcp_len":26.333333333333332,"std_tcp_len":45.332843134604595,"min_tcp_len":0,"max_tcp_len":116,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":15,"ip.session_id":8,"meta.direction":1,"ip.pkts_per_flow":10,"duration":5.798969030380249,"ip.header_len":200,"ip.payload_len":553,"ip.avg_bytes_tot_len":76.9375,"time_between_pkts_sum":44.82555389404297,"time_between_pkts_avg":4.482555389404297,"time_between_pkts_max":41.44406318664551,"time_between_pkts_min":0.0059604644775390625,"time_between_pkts_std":13.007053712083177,"(-0.001, 50.0]":10,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":10,"pkts_rate":1.7244444568699968,"tcp_bytes_per_flow":225,"byte_rate":1.7244444568699968,"tcp.tcp_session_payload_up_len":10,"tcp.tcp_session_payload_down_len":10,"(-0.001, 150.0]":9,"(150.0, 300.0]":1,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":3,"tcp.ack":9,"tcp.urg":0,"sport_g":10,"sport_le":0,"dport_g":10,"dport_le":0,"mean_tcp_pkts":49556,"std_tcp_pkts":0,"min_tcp_pkts":49556,"max_tcp_pkts":49556,"entropy_tcp_pkts":0,"mean_tcp_len":22.5,"std_tcp_len":54.82750728927548,"min_tcp_len":0,"max_tcp_len":175,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":16,"ip.session_id":9,"meta.direction":0,"ip.pkts_per_flow":7,"duration":68.71405792236328,"ip.header_len":140,"ip.payload_len":556,"ip.avg_bytes_tot_len":112.92307692307692,"time_between_pkts_sum":73.06146621704102,"time_between_pkts_avg":10.437352316720146,"time_between_pkts_max":43.47085952758789,"time_between_pkts_min":0.1659393310546875,"time_between_pkts_std":16.19841986383158,"(-0.001, 50.0]":7,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":7,"pkts_rate":0.10187143958095102,"tcp_bytes_per_flow":324,"byte_rate":0.10187143958095102,"tcp.tcp_session_payload_up_len":7,"tcp.tcp_session_payload_down_len":7,"(-0.001, 150.0]":6,"(150.0, 300.0]":0,"(300.0, 450.0]":1,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":1,"tcp.ack":6,"tcp.urg":0,"sport_g":7,"sport_le":0,"dport_g":7,"dport_le":0,"mean_tcp_pkts":33869,"std_tcp_pkts":0,"min_tcp_pkts":33869,"max_tcp_pkts":33869,"entropy_tcp_pkts":0,"mean_tcp_len":46.285714285714285,"std_tcp_len":122.46048925498961,"min_tcp_len":0,"max_tcp_len":324,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":17,"ip.session_id":9,"meta.direction":1,"ip.pkts_per_flow":6,"duration":68.71407794952393,"ip.header_len":120,"ip.payload_len":652,"ip.avg_bytes_tot_len":112.92307692307692,"time_between_pkts_sum":758.4524154663086,"time_between_pkts_avg":126.40873591105144,"time_between_pkts_max":746.2551593780518,"time_between_pkts_min":0.007867813110351562,"time_between_pkts_std":303.699653097095,"(-0.001, 50.0]":5,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":6,"pkts_rate":0.08731835133416893,"tcp_bytes_per_flow":452,"byte_rate":0.08731835133416893,"tcp.tcp_session_payload_up_len":6,"tcp.tcp_session_payload_down_len":6,"(-0.001, 150.0]":5,"(150.0, 300.0]":0,"(300.0, 450.0]":1,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":2,"tcp.ack":6,"tcp.urg":0,"sport_g":6,"sport_le":0,"dport_g":6,"dport_le":0,"mean_tcp_pkts":8080,"std_tcp_pkts":0,"min_tcp_pkts":8080,"max_tcp_pkts":8080,"entropy_tcp_pkts":0,"mean_tcp_len":75.33333333333333,"std_tcp_len":182.0897214745156,"min_tcp_len":0,"max_tcp_len":447,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":18,"ip.session_id":10,"meta.direction":0,"ip.pkts_per_flow":7,"duration":5.860044002532959,"ip.header_len":140,"ip.payload_len":567,"ip.avg_bytes_tot_len":123.5,"time_between_pkts_sum":11.189937591552734,"time_between_pkts_avg":1.598562513078962,"time_between_pkts_max":9.113073348999023,"time_between_pkts_min":0.04315376281738281,"time_between_pkts_std":3.3288018675695423,"(-0.001, 50.0]":7,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":7,"pkts_rate":1.1945302794610935,"tcp_bytes_per_flow":335,"byte_rate":1.1945302794610935,"tcp.tcp_session_payload_up_len":7,"tcp.tcp_session_payload_down_len":7,"(-0.001, 150.0]":6,"(150.0, 300.0]":0,"(300.0, 450.0]":1,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":1,"tcp.ack":6,"tcp.urg":0,"sport_g":7,"sport_le":0,"dport_g":7,"dport_le":0,"mean_tcp_pkts":43045,"std_tcp_pkts":0,"min_tcp_pkts":43045,"max_tcp_pkts":43045,"entropy_tcp_pkts":0,"mean_tcp_len":47.857142857142854,"std_tcp_len":126.61809845809111,"min_tcp_len":0,"max_tcp_len":335,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":19,"ip.session_id":10,"meta.direction":1,"ip.pkts_per_flow":5,"duration":5.859838008880615,"ip.header_len":100,"ip.payload_len":675,"ip.avg_bytes_tot_len":123.5,"time_between_pkts_sum":22.02606201171875,"time_between_pkts_avg":4.40521240234375,"time_between_pkts_max":20.457029342651367,"time_between_pkts_min":0.02002716064453125,"time_between_pkts_std":8.985440643023418,"(-0.001, 50.0]":5,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":5,"pkts_rate":0.8532659081057316,"tcp_bytes_per_flow":507,"byte_rate":0.8532659081057316,"tcp.tcp_session_payload_up_len":5,"tcp.tcp_session_payload_down_len":5,"(-0.001, 150.0]":4,"(150.0, 300.0]":0,"(300.0, 450.0]":0,"(450.0, 600.0]":1,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":2,"tcp.ack":5,"tcp.urg":0,"sport_g":5,"sport_le":0,"dport_g":5,"dport_le":0,"mean_tcp_pkts":8080,"std_tcp_pkts":0,"min_tcp_pkts":8080,"max_tcp_pkts":8080,"entropy_tcp_pkts":0,"mean_tcp_len":101.4,"std_tcp_len":223.95267357189556,"min_tcp_len":0,"max_tcp_len":502,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":20,"ip.session_id":12,"meta.direction":1,"ip.pkts_per_flow":2,"duration":83.39634799957275,"ip.header_len":40,"ip.payload_len":386,"ip.avg_bytes_tot_len":213.0,"time_between_pkts_sum":1214.6430015563965,"time_between_pkts_avg":607.3215007781982,"time_between_pkts_max":671.7929840087891,"time_between_pkts_min":542.8500175476074,"time_between_pkts_std":91.1764459710111,"(-0.001, 50.0]":0,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":1,"tcp_pkts_per_flow":0,"pkts_rate":0.0,"tcp_bytes_per_flow":0,"byte_rate":0.0,"tcp.tcp_session_payload_up_len":0,"tcp.tcp_session_payload_down_len":0,"(-0.001, 150.0]":0,"(150.0, 300.0]":0,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":0,"tcp.syn":0,"tcp.rst":0,"tcp.psh":0,"tcp.ack":0,"tcp.urg":0,"sport_g":0,"sport_le":0,"dport_g":0,"dport_le":0,"mean_tcp_pkts":0,"std_tcp_pkts":0,"min_tcp_pkts":0,"max_tcp_pkts":0,"entropy_tcp_pkts":0,"mean_tcp_len":0.0,"std_tcp_len":0.0,"min_tcp_len":0,"max_tcp_len":0,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":21,"ip.session_id":14,"meta.direction":0,"ip.pkts_per_flow":6,"duration":68.69546604156494,"ip.header_len":120,"ip.payload_len":441,"ip.avg_bytes_tot_len":90.4,"time_between_pkts_sum":1445.9733963012695,"time_between_pkts_avg":240.99556605021158,"time_between_pkts_max":962.7029895782471,"time_between_pkts_min":0.2071857452392578,"time_between_pkts_std":402.5342108778456,"(-0.001, 50.0]":4,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":1,"(500.0, 550.0]":0,"tcp_pkts_per_flow":6,"pkts_rate":0.08734200880695146,"tcp_bytes_per_flow":241,"byte_rate":0.08734200880695146,"tcp.tcp_session_payload_up_len":6,"tcp.tcp_session_payload_down_len":6,"(-0.001, 150.0]":5,"(150.0, 300.0]":1,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":1,"tcp.ack":5,"tcp.urg":0,"sport_g":6,"sport_le":0,"dport_g":6,"dport_le":0,"mean_tcp_pkts":38889,"std_tcp_pkts":0,"min_tcp_pkts":38889,"max_tcp_pkts":38889,"entropy_tcp_pkts":0,"mean_tcp_len":40.166666666666664,"std_tcp_len":98.387838001791,"min_tcp_len":0,"max_tcp_len":241,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":22,"ip.session_id":14,"meta.direction":1,"ip.pkts_per_flow":4,"duration":68.69494199752808,"ip.header_len":80,"ip.payload_len":263,"ip.avg_bytes_tot_len":90.4,"time_between_pkts_sum":2.202749252319336,"time_between_pkts_avg":0.550687313079834,"time_between_pkts_max":1.5201568603515625,"time_between_pkts_min":0.012874603271484375,"time_between_pkts_std":0.687351194625612,"(-0.001, 50.0]":4,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":4,"pkts_rate":0.05822845006760376,"tcp_bytes_per_flow":127,"byte_rate":0.05822845006760376,"tcp.tcp_session_payload_up_len":4,"tcp.tcp_session_payload_down_len":4,"(-0.001, 150.0]":4,"(150.0, 300.0]":0,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":1,"tcp.ack":4,"tcp.urg":0,"sport_g":4,"sport_le":0,"dport_g":4,"dport_le":0,"mean_tcp_pkts":8080,"std_tcp_pkts":0,"min_tcp_pkts":8080,"max_tcp_pkts":8080,"entropy_tcp_pkts":0,"mean_tcp_len":31.75,"std_tcp_len":63.5,"min_tcp_len":0,"max_tcp_len":127,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":23,"ip.session_id":15,"meta.direction":0,"ip.pkts_per_flow":6,"duration":38.44326400756836,"ip.header_len":120,"ip.payload_len":461,"ip.avg_bytes_tot_len":77.6875,"time_between_pkts_sum":19.03510093688965,"time_between_pkts_avg":3.1725168228149414,"time_between_pkts_max":13.164997100830078,"time_between_pkts_min":0.1919269561767578,"time_between_pkts_std":5.044521521875472,"(-0.001, 50.0]":6,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":6,"pkts_rate":0.15607415641967276,"tcp_bytes_per_flow":261,"byte_rate":0.15607415641967276,"tcp.tcp_session_payload_up_len":6,"tcp.tcp_session_payload_down_len":6,"(-0.001, 150.0]":5,"(150.0, 300.0]":1,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":3,"tcp.ack":6,"tcp.urg":0,"sport_g":6,"sport_le":0,"dport_g":6,"dport_le":0,"mean_tcp_pkts":1389,"std_tcp_pkts":0,"min_tcp_pkts":1389,"max_tcp_pkts":1389,"entropy_tcp_pkts":0,"mean_tcp_len":43.5,"std_tcp_len":86.70351780637277,"min_tcp_len":0,"max_tcp_len":219,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":24,"ip.session_id":15,"meta.direction":1,"ip.pkts_per_flow":10,"duration":38.4432909488678,"ip.header_len":200,"ip.payload_len":462,"ip.avg_bytes_tot_len":77.6875,"time_between_pkts_sum":761.80100440979,"time_between_pkts_avg":76.180100440979,"time_between_pkts_max":714.7719860076904,"time_between_pkts_min":0.011920928955078125,"time_between_pkts_std":224.77535996055343,"(-0.001, 50.0]":9,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":10,"pkts_rate":0.2601234117365416,"tcp_bytes_per_flow":134,"byte_rate":0.2601234117365416,"tcp.tcp_session_payload_up_len":10,"tcp.tcp_session_payload_down_len":10,"(-0.001, 150.0]":10,"(150.0, 300.0]":0,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":3,"tcp.ack":9,"tcp.urg":0,"sport_g":10,"sport_le":0,"dport_g":10,"dport_le":0,"mean_tcp_pkts":50592,"std_tcp_pkts":0,"min_tcp_pkts":50592,"max_tcp_pkts":50592,"entropy_tcp_pkts":0,"mean_tcp_len":13.4,"std_tcp_len":27.39099608752239,"min_tcp_len":0,"max_tcp_len":84,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":25,"ip.session_id":16,"meta.direction":0,"ip.pkts_per_flow":5,"duration":46.43024301528931,"ip.header_len":100,"ip.payload_len":6039,"ip.avg_bytes_tot_len":557.0,"time_between_pkts_sum":135.1318359375,"time_between_pkts_avg":27.0263671875,"time_between_pkts_max":132.735013961792,"time_between_pkts_min":0.0,"time_between_pkts_std":59.0959572226523,"(-0.001, 50.0]":4,"(50.0, 100.0]":0,"(100.0, 150.0]":1,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":5,"pkts_rate":0.10768843054199649,"tcp_bytes_per_flow":5871,"byte_rate":0.10768843054199649,"tcp.tcp_session_payload_up_len":5,"tcp.tcp_session_payload_down_len":5,"(-0.001, 150.0]":3,"(150.0, 300.0]":0,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":2,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":1,"tcp.ack":5,"tcp.urg":0,"sport_g":5,"sport_le":0,"dport_g":5,"dport_le":0,"mean_tcp_pkts":8080,"std_tcp_pkts":0,"min_tcp_pkts":8080,"max_tcp_pkts":8080,"entropy_tcp_pkts":0,"mean_tcp_len":1174.2,"std_tcp_len":1891.3181117939944,"min_tcp_len":0,"max_tcp_len":4344,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":26,"ip.session_id":16,"meta.direction":1,"ip.pkts_per_flow":7,"duration":46.43027687072754,"ip.header_len":140,"ip.payload_len":405,"ip.avg_bytes_tot_len":557.0,"time_between_pkts_sum":714.2412662506104,"time_between_pkts_avg":102.03446660723004,"time_between_pkts_max":700.1781463623047,"time_between_pkts_min":0.028133392333984375,"time_between_pkts_std":263.79623412766944,"(-0.001, 50.0]":6,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":7,"pkts_rate":0.1507636928267646,"tcp_bytes_per_flow":173,"byte_rate":0.1507636928267646,"tcp.tcp_session_payload_up_len":7,"tcp.tcp_session_payload_down_len":7,"(-0.001, 150.0]":6,"(150.0, 300.0]":1,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":0,"tcp.psh":1,"tcp.ack":6,"tcp.urg":0,"sport_g":7,"sport_le":0,"dport_g":7,"dport_le":0,"mean_tcp_pkts":37756,"std_tcp_pkts":0,"min_tcp_pkts":37756,"max_tcp_pkts":37756,"entropy_tcp_pkts":0,"mean_tcp_len":24.714285714285715,"std_tcp_len":65.38785383059631,"min_tcp_len":0,"max_tcp_len":173,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":27,"ip.session_id":17,"meta.direction":0,"ip.pkts_per_flow":92,"duration":120.50821995735168,"ip.header_len":1840,"ip.payload_len":116110,"ip.avg_bytes_tot_len":880.5864197530864,"time_between_pkts_sum":7864.642143249512,"time_between_pkts_avg":85.4852406874947,"time_between_pkts_max":969.4020748138428,"time_between_pkts_min":0.0,"time_between_pkts_std":201.55711756286004,"(-0.001, 50.0]":73,"(50.0, 100.0]":3,"(100.0, 150.0]":2,"(150.0, 200.0]":0,"(200.0, 250.0]":2,"(250.0, 300.0]":1,"(300.0, 350.0]":2,"(350.0, 400.0]":1,"(400.0, 450.0]":1,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":92,"pkts_rate":0.7634333992532555,"tcp_bytes_per_flow":113158,"byte_rate":0.7634333992532555,"tcp.tcp_session_payload_up_len":92,"tcp.tcp_session_payload_down_len":92,"(-0.001, 150.0]":57,"(150.0, 300.0]":1,"(300.0, 450.0]":1,"(450.0, 600.0]":0,"(600.0, 750.0]":15,"(750.0, 900.0]":18,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":0,"tcp.syn":1,"tcp.rst":0,"tcp.psh":39,"tcp.ack":92,"tcp.urg":0,"sport_g":92,"sport_le":0,"dport_g":92,"dport_le":0,"mean_tcp_pkts":4444,"std_tcp_pkts":0,"min_tcp_pkts":4444,"max_tcp_pkts":4444,"entropy_tcp_pkts":0,"mean_tcp_len":1229.9782608695652,"std_tcp_len":2021.1204648877683,"min_tcp_len":0,"max_tcp_len":7240,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":28,"ip.session_id":17,"meta.direction":1,"ip.pkts_per_flow":70,"duration":120.50824785232544,"ip.header_len":1400,"ip.payload_len":23305,"ip.avg_bytes_tot_len":880.5864197530864,"time_between_pkts_sum":256.95061683654785,"time_between_pkts_avg":3.670723097664969,"time_between_pkts_max":60.8830451965332,"time_between_pkts_min":0.0030994415283203125,"time_between_pkts_std":11.492669775461446,"(-0.001, 50.0]":68,"(50.0, 100.0]":2,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":0,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":70,"pkts_rate":0.5808731041030502,"tcp_bytes_per_flow":21069,"byte_rate":0.5808731041030502,"tcp.tcp_session_payload_up_len":70,"tcp.tcp_session_payload_down_len":70,"(-0.001, 150.0]":42,"(150.0, 300.0]":21,"(300.0, 450.0]":2,"(450.0, 600.0]":3,"(600.0, 750.0]":0,"(750.0, 900.0]":2,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":1,"tcp.syn":1,"tcp.rst":1,"tcp.psh":34,"tcp.ack":68,"tcp.urg":0,"sport_g":70,"sport_le":0,"dport_g":70,"dport_le":0,"mean_tcp_pkts":37562,"std_tcp_pkts":0,"min_tcp_pkts":37562,"max_tcp_pkts":37562,"entropy_tcp_pkts":0,"mean_tcp_len":300.98571428571427,"std_tcp_len":1167.2434329123546,"min_tcp_len":0,"max_tcp_len":7240,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1},{"_id":29,"ip.session_id":19,"meta.direction":1,"ip.pkts_per_flow":1,"duration":64.1248528957367,"ip.header_len":20,"ip.payload_len":209,"ip.avg_bytes_tot_len":229.0,"time_between_pkts_sum":394.7908878326416,"time_between_pkts_avg":394.7908878326416,"time_between_pkts_max":394.7908878326416,"time_between_pkts_min":394.7908878326416,"time_between_pkts_std":0.0,"(-0.001, 50.0]":0,"(50.0, 100.0]":0,"(100.0, 150.0]":0,"(150.0, 200.0]":0,"(200.0, 250.0]":0,"(250.0, 300.0]":0,"(300.0, 350.0]":0,"(350.0, 400.0]":1,"(400.0, 450.0]":0,"(450.0, 500.0]":0,"(500.0, 550.0]":0,"tcp_pkts_per_flow":0,"pkts_rate":0.0,"tcp_bytes_per_flow":0,"byte_rate":0.0,"tcp.tcp_session_payload_up_len":0,"tcp.tcp_session_payload_down_len":0,"(-0.001, 150.0]":0,"(150.0, 300.0]":0,"(300.0, 450.0]":0,"(450.0, 600.0]":0,"(600.0, 750.0]":0,"(750.0, 900.0]":0,"(900.0, 1050.0]":0,"(1050.0, 1200.0]":0,"(1200.0, 1350.0]":0,"(1350.0, 1500.0]":0,"(1500.0, 10000.0]":0,"tcp.fin":0,"tcp.syn":0,"tcp.rst":0,"tcp.psh":0,"tcp.ack":0,"tcp.urg":0,"sport_g":0,"sport_le":0,"dport_g":0,"dport_le":0,"mean_tcp_pkts":0,"std_tcp_pkts":0,"min_tcp_pkts":0,"max_tcp_pkts":0,"entropy_tcp_pkts":0,"mean_tcp_len":0.0,"std_tcp_len":0.0,"min_tcp_len":0,"max_tcp_len":0,"entropy_tcp_len":0,"ssl.tls_version":0,"malware":1}], "fields": [{"id": "_id", "type": "int"}, {"id": "ip.session_id", "type": "numeric"}, {"id": "meta.direction", "type": "numeric"}, {"id": "ip.pkts_per_flow", "type": "numeric"}, {"id": "duration", "type": "numeric"}, {"id": "ip.header_len", "type": "numeric"}, {"id": "ip.payload_len", "type": "numeric"}, {"id": "ip.avg_bytes_tot_len", "type": "numeric"}, {"id": "time_between_pkts_sum", "type": "numeric"}, {"id": "time_between_pkts_avg", "type": "numeric"}, {"id": "time_between_pkts_max", "type": "numeric"}, {"id": "time_between_pkts_min", "type": "numeric"}, {"id": "time_between_pkts_std", "type": "numeric"}, {"id": "(-0.001, 50.0]", "type": "numeric"}, {"id": "(50.0, 100.0]", "type": "numeric"}, {"id": "(100.0, 150.0]", "type": "numeric"}, {"id": "(150.0, 200.0]", "type": "numeric"}, {"id": "(200.0, 250.0]", "type": "numeric"}, {"id": "(250.0, 300.0]", "type": "numeric"}, {"id": "(300.0, 350.0]", "type": "numeric"}, {"id": "(350.0, 400.0]", "type": "numeric"}, {"id": "(400.0, 450.0]", "type": "numeric"}, {"id": "(450.0, 500.0]", "type": "numeric"}, {"id": "(500.0, 550.0]", "type": "numeric"}, {"id": "tcp_pkts_per_flow", "type": "numeric"}, {"id": "pkts_rate", "type": "numeric"}, {"id": "tcp_bytes_per_flow", "type": "numeric"}, {"id": "byte_rate", "type": "numeric"}, {"id": "tcp.tcp_session_payload_up_len", "type": "numeric"}, {"id": "tcp.tcp_session_payload_down_len", "type": "numeric"}, {"id": "(-0.001, 150.0]", "type": "numeric"}, {"id": "(150.0, 300.0]", "type": "numeric"}, {"id": "(300.0, 450.0]", "type": "numeric"}, {"id": "(450.0, 600.0]", "type": "numeric"}, {"id": "(600.0, 750.0]", "type": "numeric"}, {"id": "(750.0, 900.0]", "type": "numeric"}, {"id": "(900.0, 1050.0]", "type": "numeric"}, {"id": "(1050.0, 1200.0]", "type": "numeric"}, {"id": "(1200.0, 1350.0]", "type": "numeric"}, {"id": "(1350.0, 1500.0]", "type": "numeric"}, {"id": "(1500.0, 10000.0]", "type": "numeric"}, {"id": "tcp.fin", "type": "numeric"}, {"id": "tcp.syn", "type": "numeric"}, {"id": "tcp.rst", "type": "numeric"}, {"id": "tcp.psh", "type": "numeric"}, {"id": "tcp.ack", "type": "numeric"}, {"id": "tcp.urg", "type": "numeric"}, {"id": "sport_g", "type": "numeric"}, {"id": "sport_le", "type": "numeric"}, {"id": "dport_g", "type": "numeric"}, {"id": "dport_le", "type": "numeric"}, {"id": "mean_tcp_pkts", "type": "numeric"}, {"id": "std_tcp_pkts", "type": "numeric"}, {"id": "min_tcp_pkts", "type": "numeric"}, {"id": "max_tcp_pkts", "type": "numeric"}, {"id": "entropy_tcp_pkts", "type": "numeric"}, {"id": "mean_tcp_len", "type": "numeric"}, {"id": "std_tcp_len", "type": "numeric"}, {"id": "min_tcp_len", "type": "numeric"}, {"id": "max_tcp_len", "type": "numeric"}, {"id": "entropy_tcp_len", "type": "numeric"}, {"id": "ssl.tls_version", "type": "numeric"}, {"id": "malware", "type": "numeric"}], "_links": {"start": "/api/3/action/datastore_search?resource_id=97225c00-8851-4542-b4e0-e42bededdf68", "next": "/api/3/action/datastore_search?resource_id=97225c00-8851-4542-b4e0-e42bededdf68&offset=100"}, "total": 29, "total_was_estimated": false}}