diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2025-03-05 19:00:23 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2025-03-06 19:00:23 +0100 |
| commit | ae95c95617d3716abcfbcc93742f6652e44d151c (patch) | |
| tree | fb07186390ebc402a34aa212986ee4a0d0e44ea1 /test/results/default/tls_certificate_too_long.pcap.out | |
| parent | 42c54d3755a84dfaf741157fe83c94b0b15fb296 (diff) | |
* fix API issue with a changed function signature
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/default/tls_certificate_too_long.pcap.out')
| -rw-r--r-- | test/results/default/tls_certificate_too_long.pcap.out | 116 |
1 files changed, 58 insertions, 58 deletions
diff --git a/test/results/default/tls_certificate_too_long.pcap.out b/test/results/default/tls_certificate_too_long.pcap.out index 488cadce2..f24a08583 100644 --- a/test/results/default/tls_certificate_too_long.pcap.out +++ b/test/results/default/tls_certificate_too_long.pcap.out @@ -1,5 +1,5 @@ -00629{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1626168074745096} +00629{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1626168074745096} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168074745096,"flow_src_last_pkt_time":1626168074745096,"flow_dst_last_pkt_time":1626168074745096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168074745096,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1626168074745096,"flow_dst_last_pkt_time":1626168074745096,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168074745096,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoYkwAAEAGDJLAqAF5NJUVPM4KAbsrlJN\/t5VLK1AQEAACSAAA"} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168074926313,"flow_src_last_pkt_time":1626168074926313,"flow_dst_last_pkt_time":1626168074926313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":394,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":394,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168074926313,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -39,41 +39,41 @@ 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077017862,"flow_dst_last_pkt_time":1626168075993721,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":170,"pkt_l4_len":116,"thread_ts_usec":1626168077017862,"pkt":"MzMAAAD76qnehSPOht1gCggAAHQR\/\/6AAAAAAAAAEFmoWPnnz5T\/AgAAAAAAAAAAAAAAAAD7FOkU6QB0UZMAAAAAAAIAAQAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAwAAQhfaG9tZWtpdMAcAAwAAcAMAAwAAQAAEZQACAVNQlByb8AMAAApBaAAABGUABIABAAOALpqv2tNWDvqqd6FI84="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077413785,"flow_src_last_pkt_time":1626168077413785,"flow_dst_last_pkt_time":1626168077413785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077413785,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077413785,"flow_dst_last_pkt_time":1626168077413785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168077413785,"pkt":"WNVuaKQA8BiYFWV8CABFAABAe7EAAEARLMvAqAF5CAgICNkPADUALCfrXeUBAAABAAAAAAAABHdkY3AJbWljcm9zb2Z0A2NvbQAAQQAB"} -01108{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077413785,"flow_src_last_pkt_time":1626168077413785,"flow_dst_last_pkt_time":1626168077413785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077413785,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr": []}}} +01100{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077413785,"flow_src_last_pkt_time":1626168077413785,"flow_dst_last_pkt_time":1626168077413785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077413785,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr": []}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077415370,"flow_src_last_pkt_time":1626168077415370,"flow_dst_last_pkt_time":1626168077415370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077415370,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077415370,"flow_dst_last_pkt_time":1626168077415370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168077415370,"pkt":"WNVuaKQA8BiYFWV8CABFAABA7DEAAEARvErAqAF5CAgICNJ8ADUALMmVww0BAAABAAAAAAAABHdkY3AJbWljcm9zb2Z0A2NvbQAAAQAB"} -01108{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077415370,"flow_src_last_pkt_time":1626168077415370,"flow_dst_last_pkt_time":1626168077415370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077415370,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +01100{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077415370,"flow_src_last_pkt_time":1626168077415370,"flow_dst_last_pkt_time":1626168077415370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077415370,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077415370,"flow_dst_last_pkt_time":1626168077439746,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1626168077439746,"pkt":"8BiYFWV8WNVuaKQACABFAAC9hRIAAHgR6uwICAgIwKgBeQA10nwAqSezww2BgAABAAMAAAAABHdkY3AJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAANmgAfCndkLXByb2QtY3AOdHJhZmZpY21hbmFnZXIDbmV0AMAwAAUAAQAAARUANhh3ZC1wcm9kLWNwLWV1LW5vcnRoLTItZmULbm9ydGhldXJvcGUIY2xvdWRhcHAFYXp1cmXAG8BbAAEAAQAAAAQABChxCi8="} -01140{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077415370,"flow_src_last_pkt_time":1626168077415370,"flow_dst_last_pkt_time":1626168077439746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1626168077439746,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["40.113.10.47,ttl=4"]}}} +01132{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077415370,"flow_src_last_pkt_time":1626168077415370,"flow_dst_last_pkt_time":1626168077439746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1626168077439746,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["40.113.10.47,ttl=4"]}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077441399,"flow_src_last_pkt_time":1626168077441399,"flow_dst_last_pkt_time":1626168077441399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077441399,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077441399,"flow_dst_last_pkt_time":1626168077441399,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_usec":1626168077441399,"pkt":"WNVuaKQA8BiYFWV8CABFAABlf9gAAEARKH\/AqAF5CAgICP\/UADUAUcNfVk0BAAABAAAAAAAAGHdkLXByb2QtY3AtZXUtbm9ydGgtMi1mZQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AAEEAAQ=="} -01185{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077441399,"flow_src_last_pkt_time":1626168077441399,"flow_dst_last_pkt_time":1626168077441399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077441399,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Azure","proto_id":"5.276","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","domainame":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr": []}}} +01175{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077441399,"flow_src_last_pkt_time":1626168077441399,"flow_dst_last_pkt_time":1626168077441399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077441399,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","domainame":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr": []}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077469097,"flow_src_last_pkt_time":1626168077469097,"flow_dst_last_pkt_time":1626168077469097,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077469097,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077469097,"flow_dst_last_pkt_time":1626168077469097,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168077469097,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KWAbtjvPcwAAAAALAC\/\/\/cwgAAAgQFtAEDAwYBAQgKPdH4ZwAAAAAEAgAA"} 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077413785,"flow_dst_last_pkt_time":1626168077486637,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_usec":1626168077486637,"pkt":"8BiYFWV8WNVuaKQACABFAADs3EYAAHkRkokICAgIwKgBeQA12Q8A2KuGXeWBgAABAAIAAQAABHdkY3AJbWljcm9zb2Z0A2NvbQAAQQABwAwABQABAAAN4AAfCndkLXByb2QtY3AOdHJhZmZpY21hbmFnZXIDbmV0AMAwAAUAAQAAAG0ANhh3ZC1wcm9kLWNwLWV1LW5vcnRoLTEtZmULbm9ydGhldXJvcGUIY2xvdWRhcHAFYXp1cmXAG8B0AAYAAQAAADsAMwRwcmQxDmF6dXJlZG5zLWNsb3VkwEoGbXNuaHN0wBEAACcRAAADhAAAASwACTqAAAAAPA=="} -01120{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077413785,"flow_src_last_pkt_time":1626168077413785,"flow_dst_last_pkt_time":1626168077486637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":208,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1626168077486637,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":65,"rsp_type":5,"rsp_addr": []}}} +01112{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077413785,"flow_src_last_pkt_time":1626168077413785,"flow_dst_last_pkt_time":1626168077486637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":208,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1626168077486637,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":65,"rsp_type":5,"rsp_addr": []}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077506382,"flow_src_last_pkt_time":1626168077506382,"flow_dst_last_pkt_time":1626168077506382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077506382,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077506382,"flow_dst_last_pkt_time":1626168077506382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168077506382,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KXAbtENsV0AAAAALAC\/\/8t3wAAAgQFtAEDAwYBAQgKPdH4jAAAAAAEAgAA"} 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077441399,"flow_dst_last_pkt_time":1626168077507825,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_usec":1626168077507825,"pkt":"8BiYFWV8WNVuaKQACABFAACx7P0AAHkRgg0ICAgIwKgBeQA1\/9QAnZiFVk2BgAABAAAAAQAAGHdkLXByb2QtY3AtZXUtbm9ydGgtMi1mZQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AAEEAAcAlAAYAAQAAADsAQARwcmQxDmF6dXJlZG5zLWNsb3VkA25ldAAGbXNuaHN0CW1pY3Jvc29mdMBAAAAnEQAAA4QAAAEsAAk6gAAAADw="} -01197{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077441399,"flow_src_last_pkt_time":1626168077441399,"flow_dst_last_pkt_time":1626168077507825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1626168077507825,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Azure","proto_id":"5.276","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","domainame":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr": []}}} +01187{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077441399,"flow_src_last_pkt_time":1626168077441399,"flow_dst_last_pkt_time":1626168077507825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1626168077507825,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","domainame":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr": []}}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077469097,"flow_dst_last_pkt_time":1626168077517315,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077517315,"pkt":"8BiYFWV8WNVuaKQACABFAAA0QHFAAG0G2JEocQovwKgBeQG70pbavX69Y7z3MYAS\/\/\/xlwAAAgQFoAEDAwgBAQQC"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1626168077517411,"flow_dst_last_pkt_time":1626168077517315,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168077517411,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KWAbtjvPcx2r1+vlAQEAAiVwAA"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1626168077517977,"flow_dst_last_pkt_time":1626168077517315,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168077517977,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KWAbtjvPcx2r1+vlAYEAD30wAAFgMBAgABAAH8AwNkegAS3SJdh+Ps6UKG9MyXAf0SRqbWmWVBhQp\/VOVADSDgVOCn66tcEgqkfLL0mp6O7VxhxdDeiMyDL+q388p15AA2uroTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfVpaAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAAqqqgAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACmqqgABAAAdACAJu3qSxuQsxDbpNVWddZpTF2zJ6kWp8q3j+IxIhWZeHwAtAAIBAQArAAsKGhoDBAMDAwIDASoqAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077469097,"flow_src_last_pkt_time":1626168077517977,"flow_dst_last_pkt_time":1626168077517315,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077517977,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077469097,"flow_src_last_pkt_time":1626168077517977,"flow_dst_last_pkt_time":1626168077517315,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077517977,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077506382,"flow_dst_last_pkt_time":1626168077557557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077557557,"pkt":"8BiYFWV8WNVuaKQACABFAAA0ihJAAG0GjvAocQovwKgBeQG70pd9bt1TRDbFdYAS\/\/9BkgAAAgQFoAEDAwgBAQQC"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1626168077557625,"flow_dst_last_pkt_time":1626168077557557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168077557625,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KXAbtENsV1fW7dVFAQEAByUQAA"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1626168077557905,"flow_dst_last_pkt_time":1626168077557557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168077557905,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KXAbtENsV1fW7dVFAYEAAkCwAAFgMBAgABAAH8AwNPLclcNOiYyKfkFUFX9CBTeYItyA+K1YMdY+Waaxu8GiAZcvK6JMhkcMeFF\/bogwVRv4DlHl2J+vNEetT4N0HCDAA2amoTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfdraAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAAqKigAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACmKigABAAAdACDwwbzb63uhezmRq24dKuSGOD4717wf5fUd\/9x8ZXG6RQAtAAIBAQArAAsKWloDBAMDAwIDAbq6AAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01261{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077506382,"flow_src_last_pkt_time":1626168077557905,"flow_dst_last_pkt_time":1626168077557557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077557905,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077506382,"flow_src_last_pkt_time":1626168077557905,"flow_dst_last_pkt_time":1626168077557557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077557905,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1626168077517977,"flow_dst_last_pkt_time":1626168077565896,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168077565896,"pkt":"8BiYFWV8WNVuaKQACABFAAXQQHJAAG0G0vQocQovwKgBeQG70pbavX6+Y7z5NlAQCANxtAAAFgMDDxACAABaAwNg7VsNiz+wizixR9j60nU5wQVw\/OZ309c5RX1hR6XMSyDtDwAAQdTTz2ltKh+JWyvmjp8TN3AFuIHXs68A2pPeOsAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="} -01900{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168077469097,"flow_src_last_pkt_time":1626168077517977,"flow_dst_last_pkt_time":1626168077565902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168077565902,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} +01906{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168077469097,"flow_src_last_pkt_time":1626168077517977,"flow_dst_last_pkt_time":1626168077565902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168077565902,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077590364,"flow_src_last_pkt_time":1626168077590364,"flow_dst_last_pkt_time":1626168077590364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077590364,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077590364,"flow_dst_last_pkt_time":1626168077590364,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1626168077590364,"pkt":"WNVuaKQA8BiYFWV8CABFAAA\/efAAAEARLo3AqAF5CAgICMikADUAK6rjycUBAAABAAAAAAAAA3d3dwltaWNyb3NvZnQDY29tAABBAAE="} -01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077590364,"flow_src_last_pkt_time":1626168077590364,"flow_dst_last_pkt_time":1626168077590364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077590364,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.microsoft.com","domainame":"www.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr": []}}} +01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077590364,"flow_src_last_pkt_time":1626168077590364,"flow_dst_last_pkt_time":1626168077590364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077590364,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.microsoft.com","domainame":"www.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr": []}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077590442,"flow_src_last_pkt_time":1626168077590442,"flow_dst_last_pkt_time":1626168077590442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077590442,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077590442,"flow_dst_last_pkt_time":1626168077590442,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1626168077590442,"pkt":"WNVuaKQA8BiYFWV8CABFAAA\/el4AAEARLh\/AqAF5CAgICOMxADUAK47tCy8BAAABAAAAAAAAA3d3dwltaWNyb3NvZnQDY29tAAABAAE="} -01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077590442,"flow_src_last_pkt_time":1626168077590442,"flow_dst_last_pkt_time":1626168077590442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077590442,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.microsoft.com","domainame":"www.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +01098{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077590442,"flow_src_last_pkt_time":1626168077590442,"flow_dst_last_pkt_time":1626168077590442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077590442,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.microsoft.com","domainame":"www.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00862{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077590364,"flow_dst_last_pkt_time":1626168077604344,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_usec":1626168077604344,"pkt":"8BiYFWV8WNVuaKQACABFAAETO6UAAHgRNAQICAgIwKgBeQA1yKQA\/zFnycWBgAABAAMAAQAAA3d3dwltaWNyb3NvZnQDY29tAABBAAHADAAFAAEAAAelACMDd3d3CW1pY3Jvc29mdAdjb20tYy0zB2VkZ2VrZXkDbmV0AMAvAAUAAQAAAHAANwN3d3cJbWljcm9zb2Z0B2NvbS1jLTMHZWRnZWtleQNuZXQLZ2xvYmFscmVkaXIGYWthZG5zwE3AXgAFAAEAAAAZABkGZTEzNjc4BGRzY2IKYWthbWFpZWRnZcBNwKgABgABAAAAMgAxBm4wZHNjYsCtCmhvc3RtYXN0ZXIGYWthbWFpwBpg7VdYAAAD6AAAA+gAAAPoAAAHCA=="} -01119{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077590364,"flow_src_last_pkt_time":1626168077590364,"flow_dst_last_pkt_time":1626168077604344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":247,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":247,"midstream":0,"thread_ts_usec":1626168077604344,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.microsoft.com","domainame":"www.microsoft.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":65,"rsp_type":5,"rsp_addr": []}}} +01111{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077590364,"flow_src_last_pkt_time":1626168077590364,"flow_dst_last_pkt_time":1626168077604344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":247,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":247,"midstream":0,"thread_ts_usec":1626168077604344,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.microsoft.com","domainame":"www.microsoft.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":65,"rsp_type":5,"rsp_addr": []}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077604858,"flow_src_last_pkt_time":1626168077604858,"flow_dst_last_pkt_time":1626168077604858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077604858,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077604858,"flow_dst_last_pkt_time":1626168077604858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1626168077604858,"pkt":"WNVuaKQA8BiYFWV8CABFAABIwDAAAEAR6EPAqAF5CAgICNkaADUANI8rXZMBAAABAAAAAAAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AABBAAE="} 01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077604858,"flow_src_last_pkt_time":1626168077604858,"flow_dst_last_pkt_time":1626168077604858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077604858,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e13678.dscb.akamaiedge.net","domainame":"e13678.dscb.akamaiedge.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr": []}}} @@ -81,39 +81,39 @@ 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077604997,"flow_dst_last_pkt_time":1626168077604997,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1626168077604997,"pkt":"WNVuaKQA8BiYFWV8CABFAABIJH8AAEARg\/XAqAF5CAgICNUhADUANLCIQG8BAAABAAAAAAAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AAABAAE="} 01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077604997,"flow_src_last_pkt_time":1626168077604997,"flow_dst_last_pkt_time":1626168077604997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077604997,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e13678.dscb.akamaiedge.net","domainame":"e13678.dscb.akamaiedge.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1626168077557905,"flow_dst_last_pkt_time":1626168077607577,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168077607577,"pkt":"8BiYFWV8WNVuaKQACABFAAXQihNAAG0GiVMocQovwKgBeQG70pd9bt1URDbHelAQCAMVNQAAFgMDDxACAABaAwNg7VsNrUHv7aK8m51exLCgb9UXgehWdrwaasjq\/kZHuSBKRQAAJAFMO\/\/9EucIis19X6Ej2yC9TNEzZ7sX6gMxycAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="} -01900{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168077506382,"flow_src_last_pkt_time":1626168077557905,"flow_dst_last_pkt_time":1626168077607612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168077607612,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} +01906{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168077506382,"flow_src_last_pkt_time":1626168077557905,"flow_dst_last_pkt_time":1626168077607612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168077607612,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077604858,"flow_dst_last_pkt_time":1626168077619979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1626168077619979,"pkt":"8BiYFWV8WNVuaKQACABFAACITIkAAHkRIqsICAgIwKgBeQA12RoAdB3yXZOBgAABAAAAAQAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AABBAAHAEwAGAAEAAAKpADQGbjBkc2NiwBgKaG9zdG1hc3RlcgZha2FtYWkDY29tAGDtWc8AAAPoAAAD6AAAA+gAAAcI"} 01129{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077604858,"flow_src_last_pkt_time":1626168077604858,"flow_dst_last_pkt_time":1626168077619979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":108,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":108,"midstream":0,"thread_ts_usec":1626168077619979,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e13678.dscb.akamaiedge.net","domainame":"e13678.dscb.akamaiedge.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr": []}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077620854,"flow_dst_last_pkt_time":1626168077620854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077620854,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077620854,"flow_dst_last_pkt_time":1626168077620854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168077620854,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGVJbAqAF5AhYh69KYAFDHEa2yAAAAALAC\/\/\/SXgAAAgQFtAEDAwYBAQgKPdH4\/AAAAAAEAgAA"} 00801{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077590442,"flow_dst_last_pkt_time":1626168077622136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_usec":1626168077622136,"pkt":"8BiYFWV8WNVuaKQACABFAADmBoMAAHgRaVMICAgIwKgBeQA14zEA0sNDCy+BgAABAAQAAAAAA3d3dwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAosACMDd3d3CW1pY3Jvc29mdAdjb20tYy0zB2VkZ2VrZXkDbmV0AMAvAAUAAQAAAyUANwN3d3cJbWljcm9zb2Z0B2NvbS1jLTMHZWRnZWtleQNuZXQLZ2xvYmFscmVkaXIGYWthZG5zwE3AXgAFAAEAAAMDABkGZTEzNjc4BGRzY2IKYWthbWFpZWRnZcBNwKEAAQABAAAAEwAEAhYh6w=="} -01138{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077590442,"flow_src_last_pkt_time":1626168077590442,"flow_dst_last_pkt_time":1626168077622136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":202,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":202,"midstream":0,"thread_ts_usec":1626168077622136,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.microsoft.com","domainame":"www.microsoft.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["2.22.33.235,ttl=19"]}}} +01130{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077590442,"flow_src_last_pkt_time":1626168077590442,"flow_dst_last_pkt_time":1626168077622136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":202,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":202,"midstream":0,"thread_ts_usec":1626168077622136,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.microsoft.com","domainame":"www.microsoft.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["2.22.33.235,ttl=19"]}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077620854,"flow_dst_last_pkt_time":1626168077632344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1626168077632344,"pkt":"8BiYFWV8WNVuaKQACABFAAA8AABAADkGW5oCFiHrwKgBeQBQ0pgVbXIGxxGts6AS\/oilegAAAgQFtAQCCAqgBBfWPdH4\/AEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1626168077632420,"flow_dst_last_pkt_time":1626168077632344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077632420,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGVKLAqAF5AhYh69KYAFDHEa2zFW1yB4AQCArKugAAAQEICj3R+QegBBfW"} 00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1626168077632855,"flow_dst_last_pkt_time":1626168077632344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1626168077632855,"pkt":"WNVuaKQA8BiYFWV8CABFAAEHAABAAEAGU8\/AqAF5AhYh69KYAFDHEa2zFW1yB4AYCAp9hQAAAQEICj3R+QegBBfWR0VUIC9wa2kvY2VydHMvTWljUm9vQ2VyQXV0MjAxMV8yMDExXzAzXzIyLmNydCBIVFRQLzEuMQ0KSG9zdDogd3d3Lm1pY3Jvc29mdC5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGl0LWl0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IGNvbS5hcHBsZS50cnVzdGQvMi4wDQoNCg=="} -01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077632855,"flow_dst_last_pkt_time":1626168077632344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077632855,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"www.microsoft.com","domainame":"www.microsoft.com","http": {"url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}}} +01162{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077632855,"flow_dst_last_pkt_time":1626168077632344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077632855,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft365","proto_id":"7.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.microsoft.com","domainame":"www.microsoft.com","http": {"url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}}} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077604997,"flow_dst_last_pkt_time":1626168077633946,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1626168077633946,"pkt":"8BiYFWV8WNVuaKQACABFAABYGXsAAHgRVukICAgIwKgBeQA11SEAREvAQG+BgAABAAEAAAAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AAABAAHADAABAAEAAAATAAQCFiHr"} 01146{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077604997,"flow_src_last_pkt_time":1626168077604997,"flow_dst_last_pkt_time":1626168077633946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":1626168077633946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e13678.dscb.akamaiedge.net","domainame":"e13678.dscb.akamaiedge.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["2.22.33.235,ttl=19"]}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1626168077632855,"flow_dst_last_pkt_time":1626168077643688,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077643688,"pkt":"8BiYFWV8WNVuaKQACABFAAA0bRxAADkG7oUCFiHrwKgBeQBQ0pgVbXIHxxGuhoAQAfzP6QAAAQEICqAEF+I90fkH"} -01447{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077632855,"flow_dst_last_pkt_time":1626168077654666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":1436,"midstream":0,"thread_ts_usec":1626168077654666,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"www.microsoft.com","domainame":"www.microsoft.com","http": {"url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}}} +01456{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077632855,"flow_dst_last_pkt_time":1626168077654666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":1436,"midstream":0,"thread_ts_usec":1626168077654666,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft365","proto_id":"7.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"www.microsoft.com","domainame":"www.microsoft.com","http": {"url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077660456,"flow_dst_last_pkt_time":1626168077660456,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077660456,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077660456,"flow_dst_last_pkt_time":1626168077660456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168077660456,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGVJbAqAF5AhYh69KZAFBWi1SkAAAAALAC\/\/+bzgAAAgQFtAEDAwYBAQgKPdH5IAAAAAAEAgAA"} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077660456,"flow_dst_last_pkt_time":1626168077670653,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1626168077670653,"pkt":"8BiYFWV8WNVuaKQACABFAAA8AABAADkGW5oCFiHrwKgBeQBQ0pnFRlw1VotUpaAS\/ohpIwAAAgQFtAQCCAqAXqM6PdH5IAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1626168077670728,"flow_dst_last_pkt_time":1626168077670653,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077670728,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGVKLAqAF5AhYh69KZAFBWi1SlxUZcNoAQCAqOZAAAAQEICj3R+SqAXqM6"} 00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077670653,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_usec":1626168077671150,"pkt":"WNVuaKQA8BiYFWV8CABFAAEJAABAAEAGU83AqAF5AhYh69KZAFBWi1SlxUZcNoAYCAqtegAAAQEICj3R+SqAXqM6R0VUIC9wa2lvcHMvY2VydHMvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3J0IEhUVFAvMS4xDQpIb3N0OiB3d3cubWljcm9zb2Z0LmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogaXQtaXQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogY29tLmFwcGxlLnRydXN0ZC8yLjANCg0K"} -01158{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077670653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077671150,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"www.microsoft.com","domainame":"www.microsoft.com","http": {"url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}}} +01164{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077670653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077671150,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft365","proto_id":"7.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.microsoft.com","domainame":"www.microsoft.com","http": {"url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077680554,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077680554,"pkt":"8BiYFWV8WNVuaKQACABFAAA0kqtAADkGyPYCFiHrwKgBeQBQ0pnFRlw2VotVeoAQAfyTkwAAAQEICoBeo0Q90fkq"} -01449{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077691567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":1436,"midstream":0,"thread_ts_usec":1626168077691567,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"www.microsoft.com","domainame":"www.microsoft.com","http": {"url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}}} +01458{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077691567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":1436,"midstream":0,"thread_ts_usec":1626168077691567,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft365","proto_id":"7.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"www.microsoft.com","domainame":"www.microsoft.com","http": {"url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077734028,"flow_src_last_pkt_time":1626168077734028,"flow_dst_last_pkt_time":1626168077734028,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168077734028,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077734028,"flow_dst_last_pkt_time":1626168077734028,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077734028,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGezbAqAF5jFJxGtKRAbvAP+ze5D7DE4ARCAAudQAAAQEICj3R+WZAyN\/6"} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077735142,"flow_src_last_pkt_time":1626168077735142,"flow_dst_last_pkt_time":1626168077735142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077735142,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077735142,"flow_dst_last_pkt_time":1626168077735142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1626168077735142,"pkt":"WNVuaKQA8BiYFWV8CABFAABCGz0AAEARjT3AqAF5CAgICP69ADUALrrFTnABAAABAAAAAAAACnRpbWUtbWFjb3MFYXBwbGUDY29tAAABAAE="} -01108{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077735142,"flow_src_last_pkt_time":1626168077735142,"flow_dst_last_pkt_time":1626168077735142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077735142,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"time-macos.apple.com","domainame":"time-macos.apple.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} +01104{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077735142,"flow_src_last_pkt_time":1626168077735142,"flow_dst_last_pkt_time":1626168077735142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077735142,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"time-macos.apple.com","domainame":"time-macos.apple.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077735142,"flow_dst_last_pkt_time":1626168077749239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":193,"pkt_l4_len":159,"thread_ts_usec":1626168077749239,"pkt":"8BiYFWV8WNVuaKQACABFAACzStAAAHkRJDkICAgIwKgBeQA1\/r0An7qJTnCBgAABAAYAAAAACnRpbWUtbWFjb3MFYXBwbGUDY29tAAABAAHADAAFAAEAAAR8ABUIdGltZS1vc3gBZwdhYXBsaW1nwB3AMgABAAEAAANFAAQR\/Tb7wDIAAQABAAADRQAEEf1s\/cAyAAEAAQAAA0UABBH9bH3AMgABAAEAAANFAAQR\/TZ7wDIAAQABAAADRQAEEf02fQ=="} -01217{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077735142,"flow_src_last_pkt_time":1626168077735142,"flow_dst_last_pkt_time":1626168077749239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":151,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":151,"midstream":0,"thread_ts_usec":1626168077749239,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"time-macos.apple.com","domainame":"time-macos.apple.com","dns": {"num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["17.253.54.251,ttl=837","17.253.108.253,ttl=837","17.253.108.125,ttl=837","17.253.54.123,ttl=837"]}}} +01213{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077735142,"flow_src_last_pkt_time":1626168077735142,"flow_dst_last_pkt_time":1626168077749239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":151,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":151,"midstream":0,"thread_ts_usec":1626168077749239,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"time-macos.apple.com","domainame":"time-macos.apple.com","dns": {"num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["17.253.54.251,ttl=837","17.253.108.253,ttl=837","17.253.108.125,ttl=837","17.253.54.123,ttl=837"]}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077750362,"flow_src_last_pkt_time":1626168077750362,"flow_dst_last_pkt_time":1626168077750362,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077750362,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077750362,"flow_dst_last_pkt_time":1626168077750362,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1626168077750362,"pkt":"WNVuaKQA8BiYFWV8CABFAABMdJwAAEAR+uvAqAF5Ef02+8BAAHsAOBCpIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00979{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077750362,"flow_src_last_pkt_time":1626168077750362,"flow_dst_last_pkt_time":1626168077750362,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077750362,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"request_code":0,"version":0}}} +00971{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077750362,"flow_src_last_pkt_time":1626168077750362,"flow_dst_last_pkt_time":1626168077750362,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077750362,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"version":4,"mode":3}}} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077750362,"flow_dst_last_pkt_time":1626168077780464,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1626168077780464,"pkt":"8BiYFWV8WNVuaKQACABFAABMU7FAADcR5NYR\/Tb7wKgBeQB7wEAAOB9pJAED6wAAAAAAAAALU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mN1Ssd5+SX2Y3VLRfJ"} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077734028,"flow_dst_last_pkt_time":1626168077848613,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1626168077848613,"pkt":"8BiYFWV8WNVuaKQACABFAABTEkpAADAGeM2MUnEawKgBeQG70pHkPsMTwD\/s34AYAEWx6wAAAQEICkDJEb890flmFQMDABpqQiSe8lZWsEgoTupah5UnGMUqJn8V431Q+A=="} 00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077734028,"flow_src_last_pkt_time":1626168077734028,"flow_dst_last_pkt_time":1626168077848613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":31,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":31,"midstream":1,"thread_ts_usec":1626168077848613,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -152,18 +152,18 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1626168079158693,"flow_dst_last_pkt_time":1626168079206860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168079206860,"pkt":"8BiYFWV8WNVuaKQACABFAAA0JA1AAG0G9PUocQovwKgBeQG70ppkHrV27LorbYAS\/\/90QAAAAgQFoAEDAwgBAQQC"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1626168079207008,"flow_dst_last_pkt_time":1626168079206860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168079207008,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KaAbvsuittZB61d1AQEACk\/wAA"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1626168079207901,"flow_dst_last_pkt_time":1626168079206860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168079207901,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KaAbvsuittZB61d1AYEACJCgAAFgMBAgABAAH8AwMDKPIIMryvI0pEIYfkwpdZziP1ocCKGJOQqDIxBQeYkCDt7fbkdmYliTmJGei2O++fHAfoNoC5YkkDcTx0aHwyCgA26uoTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfYqKAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAAoKCgAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACkKCgABAAAdACBRl1S9svmUTgvrEZzkNMujiVqHzc70acKshZGFVJo2UAAtAAIBAQArAAsK6uoDBAMDAwIDAWpqAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168079158693,"flow_src_last_pkt_time":1626168079207901,"flow_dst_last_pkt_time":1626168079206860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079207901,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168079158693,"flow_src_last_pkt_time":1626168079207901,"flow_dst_last_pkt_time":1626168079206860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079207901,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1626168079191811,"flow_dst_last_pkt_time":1626168079243524,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168079243524,"pkt":"8BiYFWV8WNVuaKQACABFAAA0S\/NAAG0GzQ8ocQovwKgBeQG70pvEiS5w0d8i8oAS\/\/++MAAAAgQFoAEDAwgBAQQC"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1626168079243607,"flow_dst_last_pkt_time":1626168079243524,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168079243607,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KbAbvR3yLyxIkucVAQEADu7wAA"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1626168079243987,"flow_dst_last_pkt_time":1626168079243524,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168079243987,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KbAbvR3yLyxIkucVAYEABrKgAAFgMBAgABAAH8AwO1hBGpy3+S+rRxjgLBoJRVX7qoCeE+Ka2HorEpSKj6nCDqF1HdOAmp+O3EFYLMuwKar2f6dybtNo9WKAZ2qmv1OQA2KioTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfdraAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAAqamgAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACmamgABAAAdACAOdhFnUVLJQSE5jPczjbh5JY+1ipK3sAvXRLyv18O4ewAtAAIBAQArAAsKenoDBAMDAwIDAQoKAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168079191811,"flow_src_last_pkt_time":1626168079243987,"flow_dst_last_pkt_time":1626168079243524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079243987,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168079191811,"flow_src_last_pkt_time":1626168079243987,"flow_dst_last_pkt_time":1626168079243524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079243987,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1626168079207901,"flow_dst_last_pkt_time":1626168079255800,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168079255800,"pkt":"8BiYFWV8WNVuaKQACABFAAXQJA5AAG0G71gocQovwKgBeQG70ppkHrV37LotclAQCAMYcQAAFgMDDxACAABaAwNg7VsPNbhpFtTs7XlFPY0F\/axpZerVj9YBcE+6IZbpaCDaJAAAnEXh\/2sue2V5EkUlKI\/sfD0TnXJr82bTBEVV7cAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="} -01901{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168079158693,"flow_src_last_pkt_time":1626168079207901,"flow_dst_last_pkt_time":1626168079255807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168079255807,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} +01907{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168079158693,"flow_src_last_pkt_time":1626168079207901,"flow_dst_last_pkt_time":1626168079255807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168079255807,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1626168079243987,"flow_dst_last_pkt_time":1626168079296976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168079296976,"pkt":"8BiYFWV8WNVuaKQACABFAAXQS\/RAAG0Gx3IocQovwKgBeQG70pvEiS5x0d8k91AQCANyPQAAFgMDDxACAABaAwNg7VsP3ihfIbejS7d9r9O+Hbrzpqz3vHyWDIaorK6SRyBlFwAAe5OeINT99eUZefJSf4c9dr\/N0A1TNqki1Z9hoMAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="} -01901{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1626168079191811,"flow_src_last_pkt_time":1626168079297042,"flow_dst_last_pkt_time":1626168079297122,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168079297122,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} +01907{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1626168079191811,"flow_src_last_pkt_time":1626168079297042,"flow_dst_last_pkt_time":1626168079297122,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168079297122,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168079361941,"flow_src_last_pkt_time":1626168079361941,"flow_dst_last_pkt_time":1626168079361941,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079361941,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1626168079361941,"flow_dst_last_pkt_time":1626168079361941,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1626168079361941,"pkt":"WNVuaKQA8BiYFWV8CABFAABM2zIAAEARlFXAqAF5Ef02+8RwAHsAOAx5IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00980{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168079361941,"flow_src_last_pkt_time":1626168079361941,"flow_dst_last_pkt_time":1626168079361941,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079361941,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"request_code":0,"version":0}}} +00972{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168079361941,"flow_src_last_pkt_time":1626168079361941,"flow_dst_last_pkt_time":1626168079361941,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079361941,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"version":4,"mode":3}}} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1626168079361941,"flow_dst_last_pkt_time":1626168079391889,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1626168079391889,"pkt":"8BiYFWV8WNVuaKQACABFAABMVlxAADcR4isR\/Tb7wKgBeQB7xHAAOKCnJAED6wAAAAAAAAAMU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mPcazl\/+SX2Y9xr5E6"} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1626168079653752,"flow_dst_last_pkt_time":1626168078677309,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1626168079653752,"pkt":"WNVuaKQA8BiYFWV8CABFAABHgX8AAEARJvbAqAF5CAgICMseADUAM5vfbTUBAAABAAAAAAAAAjE4AzE2MwI5OAI1Mgdpbi1hZGRyBGFycGEAAAwAAQ=="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168079905490,"flow_src_last_pkt_time":1626168079905490,"flow_dst_last_pkt_time":1626168079905490,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079905490,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -173,18 +173,18 @@ 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1626168079905490,"flow_dst_last_pkt_time":1626168079957007,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168079957007,"pkt":"8BiYFWV8WNVuaKQACABFAAA0g1dAAG0GlasocQovwKgBeQG70pxuzvrNjMnfA4AS\/\/\/QkQAAAgQFoAEDAwgBAQQC"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1626168079957076,"flow_dst_last_pkt_time":1626168079957007,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168079957076,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KcAbuMyd8Dbs76zlAQEAABUQAA"} 01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1626168079957351,"flow_dst_last_pkt_time":1626168079957007,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168079957351,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KcAbuMyd8Dbs76zlAYEABDlgAAFgMBAgABAAH8AwMgbPK9I4TzFoyQdXNftSqLtc4HmFOyqsEZQJHzzYzlriAqNEHSztqcrM\/D+veI5\/m+1rARfQ5p00F5SiZjrJVo+AA2uroTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfUpKAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAApaWgAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArAClaWgABAAAdACB6JGjBUt+g7AvFg+oGELCVd0olZyOpZz8HyaRohlR6AwAtAAIBAQArAAsK2toDBAMDAwIDAVpaAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168079905490,"flow_src_last_pkt_time":1626168079957351,"flow_dst_last_pkt_time":1626168079957007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079957351,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168079905490,"flow_src_last_pkt_time":1626168079957351,"flow_dst_last_pkt_time":1626168079957007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079957351,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1626168079937697,"flow_dst_last_pkt_time":1626168079986558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168079986558,"pkt":"8BiYFWV8WNVuaKQACABFAAA0TOVAAG0GzB0ocQovwKgBeQG70p13uqY86tbCUoAS\/\/\/a2QAAAgQFoAEDAwgBAQQC"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1626168079986635,"flow_dst_last_pkt_time":1626168079986558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168079986635,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KdAbvq1sJSd7qmPVAQEAALmQAA"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1626168079986894,"flow_dst_last_pkt_time":1626168079986558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168079986894,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KdAbvq1sJSd7qmPVAYEACgHwAAFgMBAgABAAH8AwOafk3P0X6QUcg58fAxSEB8O5EwTuSV\/5piw2ufBOQSYCDrIYHGunI6VpocdN6m2fIsEnR2dW7f2uA5iXmzb9sA0AA26uoTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfYqKAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAArq6gAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACnq6gABAAAdACCtOcDu7VvNq8oOkM1M85JEhe8H5v1SSt5Ji5AGSpEzHgAtAAIBAQArAAsKuroDBAMDAwIDASoqAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168079937697,"flow_src_last_pkt_time":1626168079986894,"flow_dst_last_pkt_time":1626168079986558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079986894,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168079937697,"flow_src_last_pkt_time":1626168079986894,"flow_dst_last_pkt_time":1626168079986558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079986894,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1626168079957351,"flow_dst_last_pkt_time":1626168080007051,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168080007051,"pkt":"8BiYFWV8WNVuaKQACABFAAXQg1hAAG0GkA4ocQovwKgBeQG70pxuzvrOjMnhCFAQCANf0wAAFgMDDxACAABaAwNg7VsQ1pfr38OYTI5xjO1At1qrE0i1jUK28rRezGoaCyDGBwAAykBbzWGIy8rqbcJLhgaZ3hDQ5FOt+EPYGhMNVsAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="} -01901{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1626168079905490,"flow_src_last_pkt_time":1626168080007157,"flow_dst_last_pkt_time":1626168080007331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168080007331,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} +01907{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1626168079905490,"flow_src_last_pkt_time":1626168080007157,"flow_dst_last_pkt_time":1626168080007331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168080007331,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} 02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1626168079986894,"flow_dst_last_pkt_time":1626168080036867,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168080036867,"pkt":"8BiYFWV8WNVuaKQACABFAAXQTOZAAG0GxoAocQovwKgBeQG70p13uqY96tbEV1AQCAPSSgAAFgMDDxACAABaAwNg7VsQPRGFUXV4NTK5nbpfGxvlr4YbH3NCue852uw1MyDiJQAAknLiqu\/0vHjzbE6U5Wh7dwDBQ2qUtxPCs6ZnSsAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="} -01901{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168079937697,"flow_src_last_pkt_time":1626168079986894,"flow_dst_last_pkt_time":1626168080036872,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168080036872,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} +01907{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168079937697,"flow_src_last_pkt_time":1626168079986894,"flow_dst_last_pkt_time":1626168080036872,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168080036872,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168080092272,"flow_src_last_pkt_time":1626168080092272,"flow_dst_last_pkt_time":1626168080092272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080092272,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1626168080092272,"flow_dst_last_pkt_time":1626168080092272,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1626168080092272,"pkt":"WNVuaKQA8BiYFWV8CABFAABMx3MAAEARqBTAqAF5Ef02+\/5LAHsAONKdIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00980{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168080092272,"flow_src_last_pkt_time":1626168080092272,"flow_dst_last_pkt_time":1626168080092272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080092272,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"request_code":0,"version":0}}} +00972{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168080092272,"flow_src_last_pkt_time":1626168080092272,"flow_dst_last_pkt_time":1626168080092272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080092272,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"version":4,"mode":3}}} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1626168080092272,"flow_dst_last_pkt_time":1626168080122102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1626168080122102,"pkt":"8BiYFWV8WNVuaKQACABFAABMV31AADcR4QoR\/Tb7wKgBeQB7\/ksAOLQqJAED6wAAAAAAAAANU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mQLKsA6OSX2ZAsrLL1"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168080539548,"flow_src_last_pkt_time":1626168080539548,"flow_dst_last_pkt_time":1626168080539548,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080539548,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1626168080539548,"flow_dst_last_pkt_time":1626168080539548,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168080539548,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KeAbvRcN5sAAAAALAC\/\/97\/QAAAgQFtAEDAwYBAQgKPdIENAAAAAAEAgAA"} @@ -193,18 +193,18 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1626168080539548,"flow_dst_last_pkt_time":1626168080587652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168080587652,"pkt":"8BiYFWV8WNVuaKQACABFAAA0frdAAG0GmksocQovwKgBeQG70p4gI5AJ0XDebYAS\/\/9F7gAAAgQFoAEDAwgBAQQC"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1626168080587719,"flow_dst_last_pkt_time":1626168080587652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168080587719,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KeAbvRcN5tICOQClAQEAB2rQAA"} 01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1626168080587994,"flow_dst_last_pkt_time":1626168080587652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168080587994,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KeAbvRcN5tICOQClAYEAAMdQAAFgMBAgABAAH8AwPMjYIsgAQp6pn3ZtQXAiaGKm\/rmXKTkqMv3ljJ+5MIayAtgt8PaC6+AbFrQYAXJm2rRzFyWGNBrmBWTNsT5nam3wA2KioTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfYqKAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAAra2gAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACna2gABAAAdACBerNIBvIcNw8LE\/PhOJJ1NcP0K+YPLbp6TK\/l72MTiJQAtAAIBAQArAAsKuroDBAMDAwIDAerqAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168080539548,"flow_src_last_pkt_time":1626168080587994,"flow_dst_last_pkt_time":1626168080587652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080587994,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168080539548,"flow_src_last_pkt_time":1626168080587994,"flow_dst_last_pkt_time":1626168080587652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080587994,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1626168080569908,"flow_dst_last_pkt_time":1626168080617186,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168080617186,"pkt":"8BiYFWV8WNVuaKQACABFAAA0hXNAAG0Gk48ocQovwKgBeQG70p8W6XtBWEUaioAS\/\/+g\/gAAAgQFoAEDAwgBAQQC"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1626168080617265,"flow_dst_last_pkt_time":1626168080617186,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168080617265,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KfAbtYRRqKFul7QlAQEADRvQAA"} 01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1626168080617623,"flow_dst_last_pkt_time":1626168080617186,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168080617623,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KfAbtYRRqKFul7QlAYEACyQgAAFgMBAgABAAH8AwM03dkqNEVfsVa2AthcA+pbUsijyUyY2d64e5OAJVmG1SAeuh8Osv1FCBNVAHQS7imShqcMBm8Zp+TsRBclD8tdEQA2KioTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfbq6AAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAAq6ugAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACm6ugABAAAdACDlACMA3\/CIa29aVDTicFGCShqJK7VgcOuJMJ73UOtPegAtAAIBAQArAAsKKioDBAMDAwIDAcrKAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168080569908,"flow_src_last_pkt_time":1626168080617623,"flow_dst_last_pkt_time":1626168080617186,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080617623,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} +01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168080569908,"flow_src_last_pkt_time":1626168080617623,"flow_dst_last_pkt_time":1626168080617186,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080617623,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}} 02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1626168080587994,"flow_dst_last_pkt_time":1626168080639024,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168080639024,"pkt":"8BiYFWV8WNVuaKQACABFAAXQfrhAAG0GlK4ocQovwKgBeQG70p4gI5AK0XDgclAQCAN8ogAAFgMDDxACAABaAwNg7VsQq\/CAoDwacZtQhsI4Gak5tQl3Guhn7+5+Dn36YCDBRwAAHWtVq2hn1QPrjqQsaKVRhJJvFksZnJMqyuj60cAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="} -01901{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168080539548,"flow_src_last_pkt_time":1626168080587994,"flow_dst_last_pkt_time":1626168080639030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168080639030,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} +01907{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168080539548,"flow_src_last_pkt_time":1626168080587994,"flow_dst_last_pkt_time":1626168080639030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168080639030,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} 02491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1626168080617623,"flow_dst_last_pkt_time":1626168080666081,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168080666081,"pkt":"8BiYFWV8WNVuaKQACABFAAXQhXRAAG0GjfIocQovwKgBeQG70p8W6XtCWEUcj1AQCAMG0QAAFgMDDxACAABaAwNg7VsQnrej6hQdjxxCIt\/S3WS6bxuZx\/7n5fuTboeL2yDYPgAAtMdAptxolJXPN3G6KdiJmQf+ymwgaiqIU\/n4ycAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="} -01901{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168080569908,"flow_src_last_pkt_time":1626168080617623,"flow_dst_last_pkt_time":1626168080666086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168080666086,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} +01907{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168080569908,"flow_src_last_pkt_time":1626168080617623,"flow_dst_last_pkt_time":1626168080666086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168080666086,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168080732598,"flow_src_last_pkt_time":1626168080732598,"flow_dst_last_pkt_time":1626168080732598,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080732598,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1626168080732598,"flow_dst_last_pkt_time":1626168080732598,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1626168080732598,"pkt":"WNVuaKQA8BiYFWV8CABFAABMaD0AAEARB0vAqAF5Ef02+94hAHsAOPLHIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -00980{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168080732598,"flow_src_last_pkt_time":1626168080732598,"flow_dst_last_pkt_time":1626168080732598,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080732598,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"request_code":0,"version":0}}} +00972{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168080732598,"flow_src_last_pkt_time":1626168080732598,"flow_dst_last_pkt_time":1626168080732598,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080732598,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"version":4,"mode":3}}} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1626168080732598,"flow_dst_last_pkt_time":1626168080762577,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1626168080762577,"pkt":"8BiYFWV8WNVuaKQACABFAABMWKVAADcR3+IR\/Tb7wKgBeQB73iEAOEmOJAED6wAAAAAAAAAOU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mQ0KMdvOSX2ZDQo9j2"} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168081935817,"flow_src_last_pkt_time":1626168081935817,"flow_dst_last_pkt_time":1626168081935817,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168081935817,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1626168081935817,"flow_dst_last_pkt_time":1626168081935817,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1626168081935817,"pkt":"8BiYFWV8WNVuaKQACABFAgBT\/jUAADoGG+iC0yGRwKgBeQG70LhXNR5OnF8A9oAYAQrx0QAAAQEICrTFhOw90eMiFwMDABoAAAAAAAAALjbyzjKtkrWGo0S+7wFfhufrwQ=="} @@ -212,22 +212,22 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1626168081935817,"flow_dst_last_pkt_time":1626168081936024,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168081936024,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAG1D7AqAF5gtMhkdC4AbucXwD2VzUebYAQCAChqQAAAQEICj3SCZ60xYTs"} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1626168081935817,"flow_dst_last_pkt_time":1626168081936349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1626168081936349,"pkt":"WNVuaKQA8BiYFWV8CABFAgBXAABAAEAG1BnAqAF5gtMhkdC4AbucXwD2VzUebYAYCABxCwAAAQEICj3SCZ60xYTsFwMDAB6jdVHReZkUes0n0uJUluEta6fWXjhtBJq5oBbOx1I="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1626168081946770,"flow_dst_last_pkt_time":1626168081936349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168081946770,"pkt":"8BiYFWV8WNVuaKQACABFAAA0\/kAAADoGG\/6C0yGRwKgBeQG70LhXNR5tnF8BGYAQAQqoaAAAAQEICrTFhQA90gme"} -01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077415370,"flow_src_last_pkt_time":1626168077415370,"flow_dst_last_pkt_time":1626168077439746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"wdcp.microsoft.com"}} +01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077415370,"flow_src_last_pkt_time":1626168077415370,"flow_dst_last_pkt_time":1626168077439746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wdcp.microsoft.com"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168080732598,"flow_src_last_pkt_time":1626168080732598,"flow_dst_last_pkt_time":1626168080762577,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077604997,"flow_src_last_pkt_time":1626168077604997,"flow_dst_last_pkt_time":1626168077633946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e13678.dscb.akamaiedge.net"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1626168075993721,"flow_src_last_pkt_time":1626168077017862,"flow_dst_last_pkt_time":1626168075993721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip6","src_ip":"fe80::1059:a858:f9e7:cf94","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077413785,"flow_src_last_pkt_time":1626168077413785,"flow_dst_last_pkt_time":1626168077486637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":208,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"wdcp.microsoft.com"}} +01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077413785,"flow_src_last_pkt_time":1626168077413785,"flow_dst_last_pkt_time":1626168077486637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":208,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wdcp.microsoft.com"}} 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077604858,"flow_src_last_pkt_time":1626168077604858,"flow_dst_last_pkt_time":1626168077619979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":108,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":108,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e13678.dscb.akamaiedge.net"}} 00938{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168074745096,"flow_src_last_pkt_time":1626168074745096,"flow_dst_last_pkt_time":1626168074928929,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168074745096,"flow_src_last_pkt_time":1626168074745096,"flow_dst_last_pkt_time":1626168074928929,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01274{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077673300,"flow_dst_last_pkt_time":1626168077673225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":1944,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"www.microsoft.com"}} -01274{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077704270,"flow_dst_last_pkt_time":1626168077704176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":2179,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft","proto_id":"7.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"www.microsoft.com"}} -01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077590442,"flow_src_last_pkt_time":1626168077590442,"flow_dst_last_pkt_time":1626168077622136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":202,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":202,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.microsoft.com"}} +01283{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077673300,"flow_dst_last_pkt_time":1626168077673225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":1944,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft365","proto_id":"7.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"www.microsoft.com"}} +01283{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077704270,"flow_dst_last_pkt_time":1626168077704176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":2179,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft365","proto_id":"7.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"www.microsoft.com"}} +01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077590442,"flow_src_last_pkt_time":1626168077590442,"flow_dst_last_pkt_time":1626168077622136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":202,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":202,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.microsoft.com"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168080092272,"flow_src_last_pkt_time":1626168080092272,"flow_dst_last_pkt_time":1626168080122102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168076607953,"flow_src_last_pkt_time":1626168076607953,"flow_dst_last_pkt_time":1626168076607953,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00940{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168076607950,"flow_src_last_pkt_time":1626168076607950,"flow_dst_last_pkt_time":1626168076607950,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077735142,"flow_src_last_pkt_time":1626168077735142,"flow_dst_last_pkt_time":1626168077749239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":151,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":151,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"time-macos.apple.com"}} -01059{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077441399,"flow_src_last_pkt_time":1626168077441399,"flow_dst_last_pkt_time":1626168077507825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Azure","proto_id":"5.276","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com"}} +01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077735142,"flow_src_last_pkt_time":1626168077735142,"flow_dst_last_pkt_time":1626168077749239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":151,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":151,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"time-macos.apple.com"}} +01049{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077441399,"flow_src_last_pkt_time":1626168077441399,"flow_dst_last_pkt_time":1626168077507825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1626168081935817,"flow_src_last_pkt_time":1626168081946770,"flow_dst_last_pkt_time":1626168081936349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":35,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":35,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1626168077734028,"flow_src_last_pkt_time":1626168077848703,"flow_dst_last_pkt_time":1626168077848617,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":31,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":31,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1626168075993609,"flow_src_last_pkt_time":1626168077017501,"flow_dst_last_pkt_time":1626168075993609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -235,21 +235,21 @@ 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":38,"flow_first_seen":1626168078673569,"flow_src_last_pkt_time":1626168078822590,"flow_dst_last_pkt_time":1626168078826328,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1318,"flow_src_tot_l4_payload_len":9829,"flow_dst_tot_l4_payload_len":7799,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077750362,"flow_src_last_pkt_time":1626168077750362,"flow_dst_last_pkt_time":1626168077780464,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168079361941,"flow_src_last_pkt_time":1626168079361941,"flow_dst_last_pkt_time":1626168079391889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -01121{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168077469097,"flow_src_last_pkt_time":1626168077704327,"flow_dst_last_pkt_time":1626168077750960,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} -01121{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1626168077506382,"flow_src_last_pkt_time":1626168077704386,"flow_dst_last_pkt_time":1626168077753728,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} -01121{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168079158693,"flow_src_last_pkt_time":1626168079264240,"flow_dst_last_pkt_time":1626168079311305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} -01121{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1626168079191811,"flow_src_last_pkt_time":1626168079302510,"flow_dst_last_pkt_time":1626168079355098,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} -01121{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1626168079905490,"flow_src_last_pkt_time":1626168080050576,"flow_dst_last_pkt_time":1626168080098887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} -01121{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168079937697,"flow_src_last_pkt_time":1626168080051297,"flow_dst_last_pkt_time":1626168080098602,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} -01121{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168080539548,"flow_src_last_pkt_time":1626168080646797,"flow_dst_last_pkt_time":1626168080694014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} -01121{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168080569908,"flow_src_last_pkt_time":1626168080682572,"flow_dst_last_pkt_time":1626168080730590,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}} +01127{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168077469097,"flow_src_last_pkt_time":1626168077704327,"flow_dst_last_pkt_time":1626168077750960,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01127{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1626168077506382,"flow_src_last_pkt_time":1626168077704386,"flow_dst_last_pkt_time":1626168077753728,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01127{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168079158693,"flow_src_last_pkt_time":1626168079264240,"flow_dst_last_pkt_time":1626168079311305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01127{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1626168079191811,"flow_src_last_pkt_time":1626168079302510,"flow_dst_last_pkt_time":1626168079355098,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01127{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1626168079905490,"flow_src_last_pkt_time":1626168080050576,"flow_dst_last_pkt_time":1626168080098887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01127{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168079937697,"flow_src_last_pkt_time":1626168080051297,"flow_dst_last_pkt_time":1626168080098602,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01127{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168080539548,"flow_src_last_pkt_time":1626168080646797,"flow_dst_last_pkt_time":1626168080694014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01127{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168080569908,"flow_src_last_pkt_time":1626168080682572,"flow_dst_last_pkt_time":1626168080730590,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01009{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1626168074926313,"flow_src_last_pkt_time":1626168076790343,"flow_dst_last_pkt_time":1626168076790262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1182,"flow_dst_tot_l4_payload_len":3530,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1626168074926313,"flow_src_last_pkt_time":1626168076790343,"flow_dst_last_pkt_time":1626168076790262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1182,"flow_dst_tot_l4_payload_len":3530,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077590364,"flow_src_last_pkt_time":1626168077590364,"flow_dst_last_pkt_time":1626168077604344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":247,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":247,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.microsoft.com"}} +01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077590364,"flow_src_last_pkt_time":1626168077590364,"flow_dst_last_pkt_time":1626168077604344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":247,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":247,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.microsoft.com"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168076015959,"flow_src_last_pkt_time":1626168076015959,"flow_dst_last_pkt_time":1626168076015959,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":341,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":341,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_companion-link._tcp.local"}} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1626168078653044,"flow_src_last_pkt_time":1626168079653752,"flow_dst_last_pkt_time":1626168079674037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":323,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"235.33.22.2.in-addr.arpa"}} 01132{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1626168075664939,"flow_src_last_pkt_time":1626168076655532,"flow_dst_last_pkt_time":1626168076674265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":90,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":431,"flow_dst_tot_l4_payload_len":749,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"60.21.149.52.in-addr.arpa"}} -00868{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":315,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95708,"total-not-detected-flows":1,"total-guessed-flows":1,"total-detected-flows":33,"total-detection-updates":26,"total-updates":0,"current-active-flows":0,"total-active-flows":35,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":252,"global_ts_usec":1626168081946770} +00868{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":315,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95708,"total-not-detected-flows":1,"total-guessed-flows":1,"total-detected-flows":33,"total-detection-updates":26,"total-updates":0,"current-active-flows":0,"total-active-flows":35,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":252,"global_ts_usec":1626168081946770} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 315/315 ~~ skipped flows.............: 0 @@ -258,9 +258,9 @@ ~~ total active/idle flows...: 35/35 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7695372 bytes -~~ total memory freed........: 7695372 bytes -~~ total allocations/frees...: 126714/126714 +~~ total memory allocated....: 8632891 bytes +~~ total memory freed........: 8632891 bytes +~~ total allocations/frees...: 145576/145576 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 537 chars ~~ json message max len.......: 2529 chars |