diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2021-10-05 17:13:24 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2021-10-05 23:39:11 +0200 |
| commit | 37263112760c796cfa805d1cd2096da0a3407389 (patch) | |
| tree | 95637cc529b8f3222361ab6340ebce383eb2fb77 /test/results/KakaoTalk_chat.pcap.out | |
| parent | a523c348f3580aaf59dd5f82ef8b26d4a0d2ac52 (diff) | |
bump libnDPI to 181a03c5ad41bda533fbfa307627939c2ff30b75
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/KakaoTalk_chat.pcap.out')
| -rw-r--r-- | test/results/KakaoTalk_chat.pcap.out | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/test/results/KakaoTalk_chat.pcap.out b/test/results/KakaoTalk_chat.pcap.out index 8e19d904b..9f612cb54 100644 --- a/test/results/KakaoTalk_chat.pcap.out +++ b/test/results/KakaoTalk_chat.pcap.out @@ -82,7 +82,7 @@ 00424{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069027,"pkt_ts_usec":408118,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACyOBEAA+AaI9K38YQIKGFK8AbuKr2Aiq0X8Gu\/RYBIRHJekAAACBAV4"} 00421{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069027,"pkt_ts_usec":415442,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjmuEAAPwbpRAoYUryt\/GECiq8Bu\/wa79FgIqtGUBA5CIc5AAA="} 00671{"flow_id":15,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069027,"pkt_ts_usec":422126,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":240,"pkt_l4_len":204,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAODmuUAAPwboiwoYUryt\/GECiq8Bu\/wa79FgIqtGUBg5CCTlAAAWAwEAswEAAK8DAVU9HySXfmPaSP66Sz+6k6Z\/7zxfemNbfoeAqoBY5ktfAABGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_first_seen":1430069026370,"flow_last_seen":1430069027422,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_first_seen":1430069026370,"flow_last_seen":1430069027422,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1430069028075,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15} 00418{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069028,"pkt_ts_usec":75659,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgUEEAA+AZ+3XgcGvIKGFK8AFCGx0Ds0yKXy0vyUBQAAEEKAAA="} 00424{"flow_id":15,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069028,"pkt_ts_usec":103644,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACynf0AA+AZvea38YQIKGFK8AbuKr2YOB1z8Gu\/RYBIRHDWiAAACBAV4"} @@ -110,18 +110,18 @@ 00423{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":159674,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwUQ0AA+AZPPdJn8A8KGFK8AbuTvWC6rQuv6iGkYBIRHPMdAAACBAV4"} 00421{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":162268,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgrfkAAPwbxBgoYUrzSZ\/APk70Bu6\/qIaRguq0MUBA5COKyAAA="} 00716{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":171973,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":272,"pkt_l4_len":236,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAQArf0AAPwbwLQoYUrzSZ\/APk70Bu6\/qIaRguq0MUBg5CN2\/AAAWAwEA0wEAAM8DAVU9HyfJAvY\/iCLGWBYFY6M34NB+ZLfXCieB9l4jqbmhICKG\/HsNhwdjbCYE9375OW83ETGox9gGaZ9Lj69f7wR6AEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABE="} -00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1430069030121,"flow_last_seen":1430069030171,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00752{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1430069030121,"flow_last_seen":1430069030171,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00423{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":201514,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAAjgbNgNJn8A8KGFK8AbuTvWC6rQyv6iGkYBClZGRQAAABAQEB"} 00419{"flow_id":20,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":219794,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgcBkAAjwawftJn8A8KGFK8AbuTvWC6rQyv6iJ8UBCkjHZWAAA="} 02147{"flow_id":20,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":296057,"pkt_caplen":1336,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1336,"pkt_l4_len":1300,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABSgcB0AAjwarfdJn8A8KGFK8AbuTvWC6rQyv6iJ8UBCkjCrpAAAWAwEAUQIAAE0DAVU9HybSxelSaq+pzmyJ9iH7XTYBi90VegBpgRmAoaXMIG1yJoOhsfxA3WeIW6NaHJC+xs4pmCDhwQX3Hd61kRPCAC8AAAX\/AQABABYDAQ1cCwANWAANVQAEkzCCBI8wggN3oAMCAQICEHBxAlA9e78ophcAJA6JZewwDQYJKoZIhvcNAQEFBQAwPDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDFRoYXd0ZSwgSW5jLjEWMBQGA1UEAxMNVGhhd3RlIFNTTCBDQTAeFw0xNDA0MTgwMDAwMDBaFw0xNjA0MTcyMzU5NTlaMGUxCzAJBgNVBAYTAktSMRQwEgYDVQQIEwtHeWVvbmdnaS1kbzEUMBIGA1UEBxQLU2VvbmduYW0tc2kxFDASBgNVBAoUC0tha2FvIENvcnAuMRQwEgYDVQQDFAsqLmtha2FvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMdBgTNDUchcOlqz4AjXSOi\/BcjY+nqEiKfppHMuXJO3yGAFmWhd9O+QBCm8FcKZId9u+XO\/um9F0vmt2qfDKgWEZzJg9B6SDfGolTUXhgk+nFdcE+S86ZtHITX7kSDXzmWcPrT6RJ0PN551hp\/GdJ+xmFbpNL2nv+CJCtbz92qR+yKEPTqSSnlzR89VsAXsBFgk4O0PitPyU2Xtqz+5c\/enf99utZy\/VMz7gvdC\/aVXMBorKXtqwbf1dxYqtxp6htoLhcZBYya6Lxnd54fIw4rshOg27mE5Bn7MAbOHc0PO94q1KalkWJCTnyw3svUS+OZW13LZpEW5Hgu\/jjQaMR8CAwEAAaOCAWIwggFeMBYGA1UdEQQPMA2CCyoua2FrYW8uY29tMAkGA1UdEwQCMAAwQgYDVR0gBDswOTA3BgpghkgBhvhFAQc2MCkwJwYIKwYBBQUHAgEWG2h0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzLzAOBgNVHQ8BAf8EBAMCBaAwHwYDVR0jBBgwFoAUp6KDuzRFQD381TBPErk+oQGf9tswOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL3N2ci1vdi1jcmwudGhhd3RlLmNvbS9UaGF3dGVPVi5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGkGCCsGAQUFBwEBBF0wWzAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AudGhhd3RlLmNvbTA1BggrBgEFBQcwAoYpaHR0cDovL3N2ci1vdi1haWEudGhhd3RlLmNvbS9UaGF3dGVPVi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAEvk4yJ5GQZJjDzFLUrMFlBcD5uqP2DKwtFXXOSxaOkky94i9Uhfy7m06\/v4+iOEZVwfFAhpzoTNlly1sPZpMgJyCJ9X4jAYQgiUFyR8fKM\/armugJYR4o3GxrpmZILs6uldpFhtPBRUKSKU0yMcXueyHm\/2X+ml5UR1JeYCWg8gFnncL\/IN7BuZa9Gf6J0+hJSZeIXsEPg15pir43Yi0sJuk7IYfyqYMnMjaGDs7p8Ad+KYYTNX0gD8K9dUkSsuPJJaD9fOM2mjg5ypvUtvrvd6E\/aWowgetkckYpQ9D\/YTqpvJ4IELD8pwbZBD9NSYbX1EPo0PjwPS0vsgCoPcqFkABHAwggRsMA=="} -00813{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":7,"flow_first_seen":1430069030121,"flow_last_seen":1430069030296,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1496,"flow_avg_l4_payload_len":213,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} +00822{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":7,"flow_first_seen":1430069030121,"flow_last_seen":1430069030296,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1496,"flow_avg_l4_payload_len":213,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}} 00646{"flow_id":20,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":300360,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":224,"pkt_l4_len":188,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAANAcCEAAjwav1NJn8A8KGFK8AbuTvWC6sgyv6iJ8UBikjBF9AACCA1SgAwIBAgIQTV8sNAiyTCDNbVB+JE3J7DANBgkqhkiG9w0BAQUFADCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcmk="} 02143{"flow_id":20,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":301276,"pkt_caplen":1336,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1336,"pkt_l4_len":1300,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABSgcCUAAjware9Jn8A8KGFK8AbuTvWC6srSv6iJ8UBCkjBhFAAB6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTAwMjA4MDAwMDAwWhcNMjAwMjA3MjM1OTU5WjA8MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVGhhd3RlLCBJbmMuMRYwFAYDVQQDEw1UaGF3dGUgU1NMIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeSFW3ZJfS8F2MWsyMip09yY5tc0pi8M8iIm2KPJFEyPBaRF6BQMWJAFGrfFwQalgK+7HUlrUjSIw1nn72vEJ0GMK2Yd0OCjl5gZNEtB1ZjVxwWtouTX7QytT8G1sCH9PlBTssSQ0NQwZ2ya8Q50xMLciuiX\/8mSrgGKVgqYMrAAI+yQGmDD7bs6yw9jnw1EyVLhJZa\/7VCViX9WFLG3YR0cB4w6LPf\/gN45RdWvGtF42MdxaqMZpzJQIenyDqHGEwNESNFmqFJX1xG0k4vlmZ9d53hR5U32t1m0drUJN00GOBN6HAiYXMRISstSoKn4sZ2Oe3mwIC88lqgRYke7EQIDAQABo4H7MIH4MDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AudGhhd3RlLmNvbTASBgNVHRMBAf8ECDAGAQH\/AgEAMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQQ0EuY3JsMA4GA1UdDwEB\/wQEAwIBBjAoBgNVHREEITAfpB0wGzEZMBcGA1UEAxMQVmVyaVNpZ25NUEtJLTItOTAdBgNVHQ4EFgQUp6KDuzRFQD381TBPErk+oQGf9tswHwYDVR0jBBgwFoAUe1tFz6\/Oy3r9MZIaarbzRutXSFAwDQYJKoZIhvcNAQEFBQADggEBAIAigOBsyJUW11cmh\/NyNNvGclYnPtOW9i4lkaU+M5enS+Uv+yV9Lwdh+m+DdExMU3IgpHrPUVFWgYiwbR82LMgrsYiZwf5Eq0hRfNjyRGQq2HGn+xov+RmNNLIjv8RMVR2OROiqXZrdn\/0Dx7okQ40tR0Tb9tiYyLL52u\/tKVxpEvrRI5YPv5wN8nlFUzeaVi\/oVxBw9u6JDEmJmsEj9cIqzEHPIqtlbreUgm0vQF9Y3uuVK6ZyaFIZkSqudZ1OkubK3lTqGKslPOZkpnkfJn1h7X3S5XFV2JMXfBQ4MDzfhuNMrUnjl1nOG5srztxl1Asoa06ERlFE9zMILViXIa4ABEkwggRFMIIDrqADAgECAhAzZVAIea1z4jC54B0Nf6yRMA0GCSqGSIb3DQEBBQUAMIHOMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIgQ0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wHhcNMDYxMTE3MDAwMDAwWhcNMjAxMjMwMjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDA=="} 00422{"flow_id":20,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":304267,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgrgEAAPwbxBAoYUrzSZ\/APk70Bu6\/qInxgurIMUBBBANTiAAA="} 00422{"flow_id":20,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":304419,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgrgUAAPwbxAwoYUrzSZ\/APk70Bu6\/qInxgurK0UBBLAMo6AAA="} 00422{"flow_id":20,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":304541,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgrgkAAPwbxAgoYUrzSZ\/APk70Bu6\/qInxgure0UBBVALs6AAA="} 01491{"flow_id":20,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":336219,"pkt_caplen":848,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":848,"pkt_l4_len":812,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAA0AcCkAAjwatYtJn8A8KGFK8AbuTvWC6t7Sv6iJ8UBikjPhiAAB0aGF3dGUsIEluYy4xKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xODA2BgNVBAsTLyhjKSAyMDA2IHRoYXd0ZSwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQDExZ0aGF3dGUgUHJpbWFyeSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKDw+4BZ1JzHpM+doVlzCRBFDA0sbmjxbFtIaElZN\/wLMxnCd3\/MEC2VNBzm600JpxzSuMmXNgK3idQkXwbAzESUlI0CYm\/rWt0RjSiaXISQEHoNvXRmL2o4oOLVVETrHQefB7pv7un9Tgsp9T6EoAHxnKv4HH6JpOih2HFlDaNRe+680iJgDblbnd+6\/FFbC6+Ysuku6QToYofeK8jXTsFMZB7dz4dYukpPymgHHRydSsbVL5HMfHFyHMXAZ+sy\/cmSXJTahcCbv1N9Kwn0jJ2RH5dqUsveCTakd9h7h1BE1T5uKWn7OUkmHgmlgHtALevoJ4XJ\/mH9fuZ8lx3VnQIDAQABo4HCMIG\/MA8GA1UdEwEB\/wQFMAMBAf8wOwYDVR0gBDQwMjAwBgRVHSAAMCgwJgYIKwYBBQUHAgEWGmh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzMA4GA1UdDwEB\/wQEAwIBBjAdBgNVHQ4EFgQUe1tFz6\/Oy3r9MZIaarbzRutXSFAwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVByZW1pdW1TZXJ2ZXJDQS5jcmwwDQYJKoZIhvcNAQEFBQADgYEAhKhMyT4qvJrizI8LsiV3xGGJiWNa1KMVQNT7Xj+0Q+pjFytrmXSeCajd1FYVLnp5MV9jllMbNNkV6k9tcMq+9oKp7dqFd8x2HGqBCiHYQZl\/Xi6Cweiq95OBBaqStB+3msAHF\/XLxrRMDtdW3HEgdDjWdMbWj2uvi42gbCkLYeAWAwEABA4AAAA="} -01068{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":13,"flow_first_seen":1430069030121,"flow_last_seen":1430069030336,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3736,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.kakao.com","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Thawte, Inc., CN=Thawte SSL CA","issuerDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com","fingerprint":"0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4"}} +01077{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":13,"flow_first_seen":1430069030121,"flow_last_seen":1430069030336,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3736,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.kakao.com","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Thawte, Inc., CN=Thawte SSL CA","issuerDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com","fingerprint":"0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4"}} 00422{"flow_id":20,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":338782,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgrg0AAPwbxAQoYUrzSZ\/APk70Bu6\/qInxgurrMUBBfAK4iAAA="} 00671{"flow_id":15,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":435553,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":240,"pkt_l4_len":204,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAODmu0AAPwboiQoYUryt\/GECiq8Bu\/wa79FgIqtGUBg5CCTlAAAWAwEAswEAAK8DAVU9HySXfmPaSP66Sz+6k6Z\/7zxfemNbfoeAqoBY5ktfAABGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} 00872{"flow_id":20,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":469611,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":382,"pkt_l4_len":346,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAW4rhEAAPwbvugoYUrzSZ\/APk70Bu6\/qInxgurrMUBhfAMGpAAAWAwEBBhAAAQIBADHdbtJlVbXP2Me7Ma38p8XS6wSYh+\/vRpK9j6DRf1Em2AM+p7cPSuHY5QUwZ\/vwXG2x7mxyFDwbjTwb2PkmLKI0Ump3aTqTXtuVvVcmhMuWwXk\/DYR4pH2OX1XBOeo\/Pl5TLZglBYU+GsVJLft7PxMPGUXzRakDmG1RVyWwtRalnuwhD\/2Wl\/d1cIBeHJgGzssBXyvaiJaQBQltboVO3gfTXEKif8kN82LDfp7K9ACWYOf4VJAJao0vd3J\/3TvD6jcRgL4U61zLvcOB3Q4flQVIgizBtDjwsIjlNTLEqD0a5DQSjhsPbnCyYELZRdQqR5Xfu5wCvBQnnYeZBa4Y\/EMUAwEAAQEWAwEAMF6qtHnfxQkE14fW7bitUio1+IL\/sCxOok+D\/0MblfYd\/OMJ36oREYUVEOQtHf30uw=="} @@ -143,12 +143,12 @@ 00447{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":703253,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":78,"pkt_l4_len":42,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD4AAEAAQBHSHgoYUrwKvAEBYBQANQAqICQnwAEAAAEAAAAAAAADYXBpCGZhY2Vib29rA2NvbQAAAQAB"} 00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1430069030703,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 02139{"flow_id":15,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":731635,"pkt_caplen":1336,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1336,"pkt_l4_len":1300,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABShea0AAjwYckq38YQIKGFK8AbuKr2Aiq0b8GvCJUBCkrNGhAAAWAwEAWQIAAFUDAcFMnoqnHL28zylfQXnHbXmp7QB2K0I4OCMnBtyhT5SjIFTmkW2W6o96+hlbztXJU76jJJdvgLhMP+5whOTkeNqTwAcAAA3\/AQABAAALAAQDAAECFgMBDNkLAAzVAAzSAAZwMIIGbDCCBVSgAwIBAgIQBnjbTdvaLb44isb+B0TcyDANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMB4XDTE0MDgyODAwMDAwMFoXDTE1MTAyODEyMDAwMFowYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpNZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5mYWNlYm9vay5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATY0d01veJZtvubH1QVjNu\/Tli9R764EPwi6dKemPhJKiX7lEbkQpmEUBxfAf0UJTFcTtlk\/cUMs0bSobxwtIeOo4ID5DCCA+AwHwYDVR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg\/cwHQYDVR0OBBYEFEMJk0D6EUswM+zyh26NcRjPiryOMIICOwYDVR0RBIICMjCCAi6CDiouZmFjZWJvb2suY29tggxmYWNlYm9vay5jb22CCyouZmJzYnguY29tggsqLmZiY2RuLm5ldIIOKi54eC5mYmNkbi5uZXSCDioueHkuZmJjZG4ubmV0ggZmYi5jb22CCCouZmIuY29tghgqLmZhY2Vib29rY29yZXd3d2kub25pb26CFmZhY2Vib29rY29yZXd3d2kub25pb26CGCouZmJjZG4yM2Rzc3IzanFucS5vbmlvboIWZmJjZG4yM2Rzc3IzanFucS5vbmlvboIYKi5mYnNieDJxNG12Y2w2M3B3Lm9uaW9ughZmYnNieDJxNG12Y2w2M3B3Lm9uaW9ughAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDW1lc3Nlbmdlci5jb22CGioubS5mYWNlYm9va2NvcmV3d3dpLm9uaW9ughsqLnh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGXh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGyoueHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIZeHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIOKi54ei5mYmNkbi5uZXSCDHh6LmZiY2RuLm5ldIIbKi54ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughl4ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughhtLmZhY2Vib29rY29yZXd3d2kub25pb24wDgYDVR0PAQH\/BAQDAgOIMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBhBgNVHR8EWjBYMCqgKKAmhiRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vY2EzLWcyOS5jcmwwKqAooCaGJGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9jYTMtZzI5LmNybDBCBgNVHQ=="} -00812{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":11,"flow_first_seen":1430069026370,"flow_last_seen":1430069030731,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} +00821{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":11,"flow_first_seen":1430069026370,"flow_last_seen":1430069030731,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} 00422{"flow_id":15,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":734564,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjmvEAAPwbpQAoYUryt\/GECiq8Bu\/wa8IlgIrBGUBBBAHmJAAA="} 02145{"flow_id":15,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":736182,"pkt_caplen":1336,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1336,"pkt_l4_len":1300,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABShebEAAjwYcka38YQIKGFK8AbuKr2AisEb8GvCJUBikrPVJAAAgBDswOTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUNBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwDQYJKoZIhvcNAQEFBQADggEBAH+E197NT+uv3Gl8Ww0Hto52ip4HI8J9GUO31fXVPsBGGztPmX3vZUA9efuefcpD+c2QQNKsmEtaGlR+Pq2Ym7KusJlTkLZFL0HEeHlPMlC7JkqP3K\/+DkhpxjoDBHNmeFnn45su154px8ew83Ei9w0gkLUTjRJHdw135yyAdeFyLcpRVBaExOCS5rUMN2SxBjQlAqoaeMNHcqm61B\/TRBodNw2f2GV45V33ZCjqHQZ4orzOuwKHpoiBLcUbRodTiFMpead9ct0m\/MnY+4rDyDD+Nd\/OS40p2kN1mfylJsFxllg98sOS0J+KuLubjD1CJFuBsekpEiWyV2GwDB6GLpQABlwwggZYMIIFQKADAgECAhAKXxFNA1sXkRfS79QDjD87MA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMDgwNDAyMTIwMDAwWhcNMjIwNDAzMDAwMDAwWjBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2EKKRAfXv40N1EI+B77Iu1hvgsNcExQYyZ1FblBiJe28KAVuwhg4ELoBSkQhzaKKGWo7zEHdG02ly8oRmYExyp5JnqZ1Y7DbU+gXq28PZHCWXteNmzAU88ACDI+EGRYEBNpxwzunEJRAPkFRO4kznof7YwRvRKo8xX0HHoxaQEbp+ZdwJpsfgme51JEShA6I+SbtgOvqJy0W5\/US62SjM61ESqqNxiNtMK42FwGjPj\/I701XtR8Pn6DDpGWBZjDsh\/jyGXrqXtdoCzM\/DzZbe3M+ktDjMnUuKVhHLJAtigS37n4X\/7TssnvPbQeS3wcTJk2nj3r7KdoXh3fZ25e+wIDAQABo4IC+jCCAvYwDgYDVR0PAQH\/BAQDAgGGMIIBxgYDVR0gBIIBvTCCAbkwggG1BgtghkgBhv1sAQMAAjCCAaQwOgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cuZGlnaWNlcnQuY29tL3NzbC1jcHMtcmVwb3NpdG9yeS5odG0wggFkBggrBgEFBQcCAjCCAVYeggFSAEEAbgB5ACAAdQBzAGUAIABvAGYAIAB0AGgAaQBzACAAQwBlAHIAdABpAGYAaQBjAGEAdABlACAAYwBvAG4AcwB0AGkAdA=="} 00422{"flow_id":15,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":738959,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjmvUAAPwbpPwoYUryt\/GECiq8Bu\/wa8IlgIrVGUBBLAGqJAAA="} 01758{"flow_id":15,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":740271,"pkt_caplen":1043,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1043,"pkt_l4_len":1007,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABANebUAAjwYdta38YQIKGFK8AbuKr2AitUb8GvCJUBikrC7tAAAAdQB0AGUAcwAgAGEAYwBjAGUAcAB0AGEAbgBjAGUAIABvAGYAIAB0AGgAZQAgAEQAaQBnAGkAQwBlAHIAdAAgAEMAUAAvAEMAUABTACAAYQBuAGQAIAB0AGgAZQAgAFIAZQBsAHkAaQBuAGcAIABQAGEAcgB0AHkAIABBAGcAcgBlAGUAbQBlAG4AdAAgAHcAaABpAGMAaAAgAGwAaQBtAGkAdAAgAGwAaQBhAGIAaQBsAGkAdAB5ACAAYQBuAGQAIABhAHIAZQAgAGkAbgBjAG8AcgBwAG8AcgBhAHQAZQBkACAAaABlAHIAZQBpAG4AIABiAHkAIAByAGUAZgBlAHIAZQBuAGMAZQAuMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDAfBgNVHSMEGDAWgBSxPsNpA\/i\/RwHUmCYaCALvY2QrwzAdBgNVHQ4EFgQUUOpzidsp+xCPnuUBINTeeZlIg\/cwDQYJKoZIhvcNAQEFBQADggEBAB7ipUiebNtTOA\/vphoqrOIDQ+2avD6OdRvw\/S4iWawTwGHi5\/rpmc2HCXVUKL9GYNy+USyS8xuRfDEIcOI3ucFbqL2jCwD7GhX9A61YasXHJJlIR0YxHpLvtF9ONMeQvzHB+LGEhtCcAarfilYGzjrpDq6XdF3XcZpCdF\/ejUN83ulV7WkAywXgemFhM9EZTfkI7qA5xSU1tyvED7Ld8aW3DiTEJiiNeXf1L\/BXunwH1OH8zVowV36GEEfdMR\/X\/KLCvzB8XSSq6PmuX2p0ws5rs0bYIb4p1I5eFdZCSucyb6Sxa1GDWL4\/bcf72gMhy2oWGU4K8K2Eyl2Us1p292EWAwEAkQwAAI0DABdBBCtei6pkF7Ihh30IlrkbI+Jxsm\/uAJzeAG6PzBdnOYxE93dfr7QSlu6Nhr9NHU6o1tSsjje+a+kR8pWVe5KLt7wARjBEAiAujbLM+nBgQ9DDXGA8FkGLsmIMEPacaLMIplt6Au\/T6wIgL0KqIWGzS1CoXQgv8AKWMtRyntVQDAdRrg\/X2+gj5\/oWAwEABA4AAAA="} -01600{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":15,"flow_first_seen":1430069026370,"flow_last_seen":1430069030740,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3915,"flow_avg_l4_payload_len":261,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} +01609{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":15,"flow_first_seen":1430069026370,"flow_last_seen":1430069030740,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3915,"flow_avg_l4_payload_len":261,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} 00505{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":748175,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":118,"pkt_l4_len":82,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGbtpgAANREvUAq8AQEKGFK8ADVgFABSeRsnwIGAAAEAAgAAAAADYXBpCGZhY2Vib29rA2NvbQAAAQABwAwABQABAAAD6wAMBHN0YXIEYzEwcsAQwC4AAQABAAAACQAEHw1EVA=="} 00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}} 00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1430069030751,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15} @@ -250,7 +250,7 @@ 00422{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":8002,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACxGQkAA+AZ8VB8NRFQKGFK8AbuwnWIYU8F1uP30YBIRHOshAAACBAV4"} 00420{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":10596,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjw1kAAPwaKxAoYUrwfDURUsJ0Bu3W4\/fRiGFPCUBA5CNq2AAA="} 00670{"flow_id":33,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":12946,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":240,"pkt_l4_len":204,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAODw10AAPwaKCwoYUrwfDURUsJ0Bu3W4\/fRiGFPCUBg5CMwfAAAWAwEAswEAAK8DAVU9Hy2pPPfpWbhIjMHHKuGu\/26IDUvEFU2avrf56FfmAABGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1430069035967,"flow_last_seen":1430069036012,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1430069035967,"flow_last_seen":1430069036012,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00423{"flow_id":33,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":49811,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAAjgYslx8NRFQKGFK8AbuwnWIYU8J1uP30YBClZFxUAAABAQEB"} 00419{"flow_id":33,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":50513,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAChrjUAAjwbADR8NRFQKGFK8AbuwnWIYU8J1uP6sUBCkrG5aAAA="} 00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1430069036068,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15} @@ -258,9 +258,9 @@ 00424{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":109870,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACzrl0AA+AYrYa38YQIKGFK8AbuKt2bo6WFTxCd7YBIRHMNnAAACBAV4"} 00421{"flow_id":34,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":113928,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgqS0AAPwalsgoYUryt\/GECircBu1PEJ3tm6OliUBA5CLL8AAA="} 00670{"flow_id":34,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":116156,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":240,"pkt_l4_len":204,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAOAqTEAAPwak+QoYUryt\/GECircBu1PEJ3tm6OliUBg5CCGEAAAWAwEAswEAAK8DAVU9Hy3lr9PhuC3NcwOeJGoglIkRSauG++7JURnxbEvJAABGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} -00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1430069036068,"flow_last_seen":1430069036116,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1430069036068,"flow_last_seen":1430069036116,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 02141{"flow_id":33,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":121375,"pkt_caplen":1336,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1336,"pkt_l4_len":1300,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABShrjkAAjwa7DB8NRFQKGFK8AbuwnWIYU8J1uP6sUBCkrFqtAAAWAwEAWQIAAFUDAa6R6RRKXfxddbtVAoidxSBrGSP+zxabD35QT5IWWmgIIEx+M4v6kMYdK9rfFgx\/4oOFoeXKuOJVavGbS+sm\/keqwAcAAA3\/AQABAAALAAQDAAECFgMBDNkLAAzVAAzSAAZwMIIGbDCCBVSgAwIBAgIQBnjbTdvaLb44isb+B0TcyDANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMB4XDTE0MDgyODAwMDAwMFoXDTE1MTAyODEyMDAwMFowYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpNZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5mYWNlYm9vay5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATY0d01veJZtvubH1QVjNu\/Tli9R764EPwi6dKemPhJKiX7lEbkQpmEUBxfAf0UJTFcTtlk\/cUMs0bSobxwtIeOo4ID5DCCA+AwHwYDVR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg\/cwHQYDVR0OBBYEFEMJk0D6EUswM+zyh26NcRjPiryOMIICOwYDVR0RBIICMjCCAi6CDiouZmFjZWJvb2suY29tggxmYWNlYm9vay5jb22CCyouZmJzYnguY29tggsqLmZiY2RuLm5ldIIOKi54eC5mYmNkbi5uZXSCDioueHkuZmJjZG4ubmV0ggZmYi5jb22CCCouZmIuY29tghgqLmZhY2Vib29rY29yZXd3d2kub25pb26CFmZhY2Vib29rY29yZXd3d2kub25pb26CGCouZmJjZG4yM2Rzc3IzanFucS5vbmlvboIWZmJjZG4yM2Rzc3IzanFucS5vbmlvboIYKi5mYnNieDJxNG12Y2w2M3B3Lm9uaW9ughZmYnNieDJxNG12Y2w2M3B3Lm9uaW9ughAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDW1lc3Nlbmdlci5jb22CGioubS5mYWNlYm9va2NvcmV3d3dpLm9uaW9ughsqLnh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGXh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGyoueHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIZeHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIOKi54ei5mYmNkbi5uZXSCDHh6LmZiY2RuLm5ldIIbKi54ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughl4ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughhtLmZhY2Vib29rY29yZXd3d2kub25pb24wDgYDVR0PAQH\/BAQDAgOIMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBhBgNVHR8EWjBYMCqgKKAmhiRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vY2EzLWcyOS5jcmwwKqAooCaGJGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9jYTMtZzI5LmNybDBCBgNVHQ=="} -00811{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":7,"flow_first_seen":1430069035967,"flow_last_seen":1430069036121,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} +00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":7,"flow_first_seen":1430069035967,"flow_last_seen":1430069036121,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} 00580{"flow_id":33,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":122016,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":174,"pkt_l4_len":138,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAJ5rj0AAjwa\/lR8NRFQKGFK8AbuwnWIYWMJ1uP6sUBikrOyQAAAgBDswOTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBF"} 00421{"flow_id":33,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":125067,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjw2EAAPwaKwgoYUrwfDURUsJ0Bu3W4\/qxiGFjCUBBBAM0GAAA="} 00422{"flow_id":33,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":125220,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjw2UAAPwaKwQoYUrwfDURUsJ0Bu3W4\/qxiGFk4UBBBAMyQAAA="} @@ -269,16 +269,16 @@ 00424{"flow_id":34,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":149329,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAAjgaA+a38YQIKGFK8AbuKt2bo6WJTxCd7YBClZDSaAAABAQEB"} 00420{"flow_id":34,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":160590,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAChRFkAAjwYu5638YQIKGFK8AbuKt2bo6WJTxCgzUBCkrEagAAA="} 01596{"flow_id":33,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":179969,"pkt_caplen":926,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":926,"pkt_l4_len":890,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAA45rkUAAjwa8ox8NRFQKGFK8AbuwnWIYXjh1uP6sUBikrNHEAAAAeQAgAEEAZwByAGUAZQBtAGUAbgB0ACAAdwBoAGkAYwBoACAAbABpAG0AaQB0ACAAbABpAGEAYgBpAGwAaQB0AHkAIABhAG4AZAAgAGEAcgBlACAAaQBuAGMAbwByAHAAbwByAGEAdABlAGQAIABoAGUAcgBlAGkAbgAgAGIAeQAgAHIAZQBmAGUAcgBlAG4AYwBlAC4wEgYDVR0TAQH\/BAgwBgEB\/wIBADA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTCBjwYDVR0fBIGHMIGEMECgPqA8hjpodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB0GA1UdDgQWBBRQ6nOJ2yn7EI+e5QEg1N55mUiD9zANBgkqhkiG9w0BAQUFAAOCAQEAHuKlSJ5s21M4D++mGiqs4gND7Zq8Po51G\/D9LiJZrBPAYeLn+umZzYcJdVQov0Zg3L5RLJLzG5F8MQhw4je5wVuovaMLAPsaFf0DrVhqxcckmUhHRjEeku+0X040x5C\/McH4sYSG0JwBqt+KVgbOOukOrpd0XddxmkJ0X96NQ3ze6VXtaQDLBeB6YWEz0RlN+QjuoDnFJTW3K8QPst3xpbcOJMQmKI15d\/Uv8Fe6fAfU4fzNWjBXfoYQR90xH9f8osK\/MHxdJKro+a5fanTCzmuzRtghvinUjl4V1kJK5zJvpLFrUYNYvj9tx\/vaAyHLahYZTgrwrYTKXZSzWnb3YRYDAQCSDAAAjgMAF0EExrvVjJmskxsxl7za+fyJjy8jLZ01HW0zf5npTx\/6GWLGRG3SXO5Gg1gOG8smi\/NyV\/PxGGRbia0CMA7d76Yv2ABHMEUCIHzwDcwFMpxVP\/8am4nZhxz0QnCrvWisp422CWpoZBYUAiEA6zngcC34dn3Gt0qUcGhAjS8GTzhESSBXNqyC\/12rLOcWAwEABA4AAAA="} -01600{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":13,"flow_first_seen":1430069035967,"flow_last_seen":1430069036179,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3732,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} +01609{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":13,"flow_first_seen":1430069035967,"flow_last_seen":1430069036179,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3732,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} 00422{"flow_id":33,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":183936,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjw20AAPwaKvwoYUrwfDURUsJ0Bu3W4\/qxiGGGeUBBVALAqAAA="} 00801{"flow_id":32,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":184027,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUOiUUAArQZqEh8NRFQKGFK8AFCStWTibgTNKqFHUBj\/\/1uiAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogbnRKRXA0ZXcwOHRBWkdWd2J0SHdUZzhPVFBDbGd3RHI1V1FlTXJkYitCazA1eEpaZkMxaXVjb1NpaWd3RG94NUZzcjJjQ2txSmN3MHBUN1FMS1dUY0E9PQ0KRGF0ZTogU3VuLCAyNiBBcHIgMjAxNSAxNzoyMzo1NiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"} 00420{"flow_id":32,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":185828,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACitlkAAPwbOBAoYUrwfDURUkrUAUM0qoUdk4m8fUBA8uN1tAAA="} 00589{"flow_id":33,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":247321,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":178,"pkt_l4_len":142,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAKLw3EAAPwaKRAoYUrwfDURUsJ0Bu3W4\/qxiGGGeUBhVAPcpAAAWAwEARhAAAEJBBKEasiyUo2ANNASkr2uadAhqkbscFf9u1KOWllAbNFBDhtdLmgUrZUpTT7pczUwTMUMatVuEPWFyZE1dHeDqmuYUAwEAAQEWAwEAJGIfRucykgPyI9pqoL2jesB+lmMfcHzlLfb88ABcRl7sHSXOIg=="} 02140{"flow_id":34,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":608985,"pkt_caplen":1336,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1336,"pkt_l4_len":1300,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABShRF0AAjgYq5q38YQIKGFK8AbuKt2bo6WJTxCgzUBCkrMtIAAAWAwEAWQIAAFUDAbZyuIuZl37RA6xhj4YdGRy7e\/k0fSBIfmPHpvdYA0LwIGHGz3CMoqyAqySUoSyZbEmdkTnwkbEEIcyIOcde2TVPwAcAAA3\/AQABAAALAAQDAAECFgMBDNkLAAzVAAzSAAZwMIIGbDCCBVSgAwIBAgIQBnjbTdvaLb44isb+B0TcyDANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMB4XDTE0MDgyODAwMDAwMFoXDTE1MTAyODEyMDAwMFowYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpNZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5mYWNlYm9vay5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATY0d01veJZtvubH1QVjNu\/Tli9R764EPwi6dKemPhJKiX7lEbkQpmEUBxfAf0UJTFcTtlk\/cUMs0bSobxwtIeOo4ID5DCCA+AwHwYDVR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg\/cwHQYDVR0OBBYEFEMJk0D6EUswM+zyh26NcRjPiryOMIICOwYDVR0RBIICMjCCAi6CDiouZmFjZWJvb2suY29tggxmYWNlYm9vay5jb22CCyouZmJzYnguY29tggsqLmZiY2RuLm5ldIIOKi54eC5mYmNkbi5uZXSCDioueHkuZmJjZG4ubmV0ggZmYi5jb22CCCouZmIuY29tghgqLmZhY2Vib29rY29yZXd3d2kub25pb26CFmZhY2Vib29rY29yZXd3d2kub25pb26CGCouZmJjZG4yM2Rzc3IzanFucS5vbmlvboIWZmJjZG4yM2Rzc3IzanFucS5vbmlvboIYKi5mYnNieDJxNG12Y2w2M3B3Lm9uaW9ughZmYnNieDJxNG12Y2w2M3B3Lm9uaW9ughAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDW1lc3Nlbmdlci5jb22CGioubS5mYWNlYm9va2NvcmV3d3dpLm9uaW9ughsqLnh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGXh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGyoueHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIZeHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIOKi54ei5mYmNkbi5uZXSCDHh6LmZiY2RuLm5ldIIbKi54ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughl4ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughhtLmZhY2Vib29rY29yZXd3d2kub25pb24wDgYDVR0PAQH\/BAQDAgOIMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBhBgNVHR8EWjBYMCqgKKAmhiRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vY2EzLWcyOS5jcmwwKqAooCaGJGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9jYTMtZzI5LmNybDBCBgNVHQ=="} -00812{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":258,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":7,"flow_first_seen":1430069036068,"flow_last_seen":1430069036608,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} +00821{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":258,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":7,"flow_first_seen":1430069036068,"flow_last_seen":1430069036608,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}} 02145{"flow_id":34,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":609168,"pkt_caplen":1336,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1336,"pkt_l4_len":1300,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABShRGEAAjgYq5a38YQIKGFK8AbuKt2bo7mJTxCgzUBCkrCEVAAAgBDswOTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUNBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwDQYJKoZIhvcNAQEFBQADggEBAH+E197NT+uv3Gl8Ww0Hto52ip4HI8J9GUO31fXVPsBGGztPmX3vZUA9efuefcpD+c2QQNKsmEtaGlR+Pq2Ym7KusJlTkLZFL0HEeHlPMlC7JkqP3K\/+DkhpxjoDBHNmeFnn45su154px8ew83Ei9w0gkLUTjRJHdw135yyAdeFyLcpRVBaExOCS5rUMN2SxBjQlAqoaeMNHcqm61B\/TRBodNw2f2GV45V33ZCjqHQZ4orzOuwKHpoiBLcUbRodTiFMpead9ct0m\/MnY+4rDyDD+Nd\/OS40p2kN1mfylJsFxllg98sOS0J+KuLubjD1CJFuBsekpEiWyV2GwDB6GLpQABlwwggZYMIIFQKADAgECAhAKXxFNA1sXkRfS79QDjD87MA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMDgwNDAyMTIwMDAwWhcNMjIwNDAzMDAwMDAwWjBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2EKKRAfXv40N1EI+B77Iu1hvgsNcExQYyZ1FblBiJe28KAVuwhg4ELoBSkQhzaKKGWo7zEHdG02ly8oRmYExyp5JnqZ1Y7DbU+gXq28PZHCWXteNmzAU88ACDI+EGRYEBNpxwzunEJRAPkFRO4kznof7YwRvRKo8xX0HHoxaQEbp+ZdwJpsfgme51JEShA6I+SbtgOvqJy0W5\/US62SjM61ESqqNxiNtMK42FwGjPj\/I701XtR8Pn6DDpGWBZjDsh\/jyGXrqXtdoCzM\/DzZbe3M+ktDjMnUuKVhHLJAtigS37n4X\/7TssnvPbQeS3wcTJk2nj3r7KdoXh3fZ25e+wIDAQABo4IC+jCCAvYwDgYDVR0PAQH\/BAQDAgGGMIIBxgYDVR0gBIIBvTCCAbkwggG1BgtghkgBhv1sAQMAAjCCAaQwOgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cuZGlnaWNlcnQuY29tL3NzbC1jcHMtcmVwb3NpdG9yeS5odG0wggFkBggrBgEFBQcCAjCCAVYeggFSAEEAbgB5ACAAdQBzAGUAIABvAGYAIAB0AGgAaQBzACAAQwBlAHIAdABpAGYAaQBjAGEAdABlACAAYwBvAG4AcwB0AGkAdA=="} 01755{"flow_id":34,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":612036,"pkt_caplen":1043,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1043,"pkt_l4_len":1007,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABANRGUAAjgYsCa38YQIKGFK8AbuKt2bo82JTxCgzUBikrEovAAAAdQB0AGUAcwAgAGEAYwBjAGUAcAB0AGEAbgBjAGUAIABvAGYAIAB0AGgAZQAgAEQAaQBnAGkAQwBlAHIAdAAgAEMAUAAvAEMAUABTACAAYQBuAGQAIAB0AGgAZQAgAFIAZQBsAHkAaQBuAGcAIABQAGEAcgB0AHkAIABBAGcAcgBlAGUAbQBlAG4AdAAgAHcAaABpAGMAaAAgAGwAaQBtAGkAdAAgAGwAaQBhAGIAaQBsAGkAdAB5ACAAYQBuAGQAIABhAHIAZQAgAGkAbgBjAG8AcgBwAG8AcgBhAHQAZQBkACAAaABlAHIAZQBpAG4AIABiAHkAIAByAGUAZgBlAHIAZQBuAGMAZQAuMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDAfBgNVHSMEGDAWgBSxPsNpA\/i\/RwHUmCYaCALvY2QrwzAdBgNVHQ4EFgQUUOpzidsp+xCPnuUBINTeeZlIg\/cwDQYJKoZIhvcNAQEFBQADggEBAB7ipUiebNtTOA\/vphoqrOIDQ+2avD6OdRvw\/S4iWawTwGHi5\/rpmc2HCXVUKL9GYNy+USyS8xuRfDEIcOI3ucFbqL2jCwD7GhX9A61YasXHJJlIR0YxHpLvtF9ONMeQvzHB+LGEhtCcAarfilYGzjrpDq6XdF3XcZpCdF\/ejUN83ulV7WkAywXgemFhM9EZTfkI7qA5xSU1tyvED7Ld8aW3DiTEJiiNeXf1L\/BXunwH1OH8zVowV36GEEfdMR\/X\/KLCvzB8XSSq6PmuX2p0ws5rs0bYIb4p1I5eFdZCSucyb6Sxa1GDWL4\/bcf72gMhy2oWGU4K8K2Eyl2Us1p292EWAwEAkQwAAI0DABdBBF6hk1Yewa00uIJUS1f8EGQdfuetE3UDgcfK1KuF8DJSBKJSEPoE6VPxncMmJsPNt5F\/a0hmJ8KTbudHBxzPJocARjBEAiANHy3l9Wg1jYhXx6qsp9jjZzbvcPiJcvxfW51qSwHb9gIgMOMuVzo3DjBChuJlhLhS4A5pSe4rOcJyYLqIsIe8xbAWAwEABA4AAAA="} -01600{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":9,"flow_first_seen":1430069036068,"flow_last_seen":1430069036612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":414,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} +01609{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":9,"flow_first_seen":1430069036068,"flow_last_seen":1430069036612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":414,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}} 00422{"flow_id":34,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":614905,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgqTUAAPwalsAoYUryt\/GECircBu1PEKDNm6O5iUBBBAKVMAAA="} 00422{"flow_id":34,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":615088,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgqTkAAPwalrwoYUryt\/GECircBu1PEKDNm6PNiUBBLAJZMAAA="} 00422{"flow_id":34,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":615210,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgqT0AAPwalrgoYUryt\/GECircBu1PEKDNm6Pc9UBBVAIhxAAA="} @@ -332,7 +332,7 @@ 00450{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069073,"pkt_ts_usec":186194,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQa8ITb\/\/ccKGFK8FGfmVG+Fj0U6r49hoBJF6jkFAAACBAV4BAIICjTom84AAqNQAQMDCA=="} 00438{"flow_id":39,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069073,"pkt_ts_usec":186682,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQsMUAAQAZ8+AoYUrw2\/\/3H5lQUZzqvj2FvhY9GgBABtpHBAAABAQgKAAKjZTTom84="} 00547{"flow_id":39,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069073,"pkt_ts_usec":201697,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":146,"pkt_l4_len":110,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAIIsMkAAQAZ8qQoYUrw2\/\/3H5lQUZzqvj2FvhY9GgBgBtpi\/AAABAQgKAAKjZzTom84WAwEASQEAAEUDAVFRUVESVPKV5Ej6iE0e+b\/OK2fBD2XxGFd+RBJAtWh8AAAeAAQABQAvADMAMgAKABYAEwAJABUAEgADAAgAFAARAQA="} -00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_first_seen":1430069072986,"flow_last_seen":1430069073201,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":19,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"d9ce50c62ab1fd5932da3c6b6d406c65","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00807{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_first_seen":1430069072986,"flow_last_seen":1430069073201,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":19,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"d9ce50c62ab1fd5932da3c6b6d406c65","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00439{"flow_id":39,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069073,"pkt_ts_usec":294684,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADQUukAALgambzb\/\/ccKGFK8FGfmVG+Fj0Y6r4+vgBAARqynAAABAQgKNOib\/AACo2c="} 02306{"flow_id":39,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069073,"pkt_ts_usec":299933,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABaAUu0AALgahAjb\/\/ccKGFK8FGfmVG+Fj0Y6r4+vgBAARqHKAAABAQgKNOib\/AACo2cWAwEGtQIAAEYDAVU9H1Gb\/qiDm98eXfIJxb4shEK1GhPjZeBEv8P67\/0aIFU9H1G382hmASwGnCuJDP0Mh2TynvUtxumEykegoF7eAAQACwAGYwAGYAADPjCCAzowggKjoAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwgaQxCzAJBgNVBAYTAktSMRQwEgYDVQQIDAtHeWVvbmdnaSBkbzEOMAwGA1UEBwwFU3V3b24xJTAjBgNVBAoMHFNBTVNVTkcgRUxFQ1RST05JQ1MgQ08uLCBMVEQxHjAcBgNVBAMMFSoucHVzaC5zYW1zdW5nb3NwLmNvbTEoMCYGCSqGSIb3DQEJARYZYWRtaW5AcHVzaC5zYW1zdW5nb3NwLmNvbTAeFw05OTEyMzExNTA1MDRaFw00OTEyMTgxNTA1MDRaMIGUMQswCQYDVQQGEwJLUjEUMBIGA1UECAwLR3llb25nZ2kgZG8xJTAjBgNVBAoMHFNBTVNVTkcgRUxFQ1RST05JQ1MgQ08uLCBMVEQxHjAcBgNVBAMMFSoucHVzaC5zYW1zdW5nb3NwLmNvbTEoMCYGCSqGSIb3DQEJARYZYWRtaW5AcHVzaC5zYW1zdW5nb3NwLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsyrNiMIXJ++fpsiI08sYxPZbKOY56a37f6J9ViQReAUe3UWF2fdOff49ukAjUISbhahOinbZux+ildb7qUyHJVHQXanBrQsLoODvfOiws0bRofk+EjA3+puR1KI8EgNDCJfkzYF40k16LBiMv6fKIGXOV6sbZciKSSDD+AX5+08CAwEAAaOBiTCBhjAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUHQ6IKqRzfLkHpPDYYWaWWRoHaGswHwYDVR0jBBgwFoAUWMjZPBPgzaBussvwASa64F2DMFEwCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBBQUAA4GBALo4j8DvDTq0WR5v2UJovDtyilA1Zel1mK2n\/GtzjEjxAUkMxaGxxxnaEWdSVH0\/0pG7jG3ieJSWSLWW4HdJJ+ZytoamKq2k87O5sF5LkM+ZGg+UlFyFpcvLuYXtbZHa4CFAnYmBZ5nQNz06gzWDYU9\/yRhZSf2unf7zNha\/BodKAAMcMIIDGDCCAoGgAwIBAgIJAPMld7YDENSnMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYDVQQGEwJLUjEUMBIGA1UECAwLR3llb25nZ2kgZG8xDjAMBgNVBAcMBVN1d29uMSUwIwYDVQQKDBxTQU1TVU5HIEVMRUNUUk9OSUNTIENPLiwgTFREMR4wHAYDVQQDDBUqLnB1c2guc2Ftc3VuZ29zcC5jb20xKDAmBgkqhkiG9w0BCQEWGWFkbWluQHB1c2guc2Ftc3VuZ29zcC5jb20wHhcNOTkxMjMxMTUwMjEwWhcNNDkxMjE4MTUwMjEwWjCBpDELMAkGA1UEBhMCS1IxFDASBgNVBAgMC0d5ZW9uZ2dpIGRvMQ4wDAYDVQQHDAVTdXdvbjElMCMGA1UECgwcU0FNU1VORyBFTEVDVFJPTklDUyBDTy4sIExURDEeMBwGA1UEAwwVKi5wdXNoLnNhbXN1bmdvc3AuY29tMSgwJgYJKoZIhvcNAQkBFhlhZG1pbkBwdXNoLnNhbXN1bmdvc3AuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS\/wx087bX6AA7bz\/rPd\/AOtm8g1ebRfENevGCnMrnUw=="} 00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15} @@ -383,9 +383,9 @@ ~~ total detected protocols..: 29 ~~ total active/idle flows...: 39/39 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 2169226 bytes -~~ total memory freed........: 2169226 bytes -~~ total allocations/frees...: 35996/35996 +~~ total memory allocated....: 2112754 bytes +~~ total memory freed........: 2112754 bytes +~~ total allocations/frees...: 36009/36009 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 140 chars ~~ json string max len.......: 2311 chars |