diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2023-11-08 01:27:42 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2023-11-08 01:27:42 +0100 |
| commit | d80ea84d2ebebe29761f3727fbc5295ba3cb81b8 (patch) | |
| tree | 036fa1f3a19cdd9e03b9119cecd0e0386cb9bf86 /test/results/default/tunnelbear.pcap.out | |
| parent | b1e679b0bbc4e2c33db12dde598c35c8bf680490 (diff) | |
Reset `Unidirectional Traffc` risk if packets from both directions processed.1.6rc2
* Fixed risk hash value calculation, which was only done lower 32 bits.
* Reduced default reader threads count to two if cross compiling.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/default/tunnelbear.pcap.out')
| -rw-r--r-- | test/results/default/tunnelbear.pcap.out | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/test/results/default/tunnelbear.pcap.out b/test/results/default/tunnelbear.pcap.out index 1293c6a22..8350aefde 100644 --- a/test/results/default/tunnelbear.pcap.out +++ b/test/results/default/tunnelbear.pcap.out @@ -104,9 +104,9 @@ 01417{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734764418751,"flow_src_last_pkt_time":1655734764426265,"flow_dst_last_pkt_time":1655734764423369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734764426265,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.200.188","src_port":47046,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mtalk.google.com","tls": {"version":"TLSv1.2","ja3":"58e34c2965c9f3fa4919d58deef1f49e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1655734764426265,"flow_dst_last_pkt_time":1655734764426590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734764426590,"pkt":"ABoRAAACABoRAAABCABFAAAoAGJAABAGTSxKfci8CggAARRst8aiLGbKXdObTFAQ\/\/\/ESAAA"} 00988{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":27,"flow_first_seen":1655734524335198,"flow_src_last_pkt_time":1655734525873766,"flow_dst_last_pkt_time":1655734525874298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3657,"flow_src_tot_l4_payload_len":4308,"flow_dst_tot_l4_payload_len":9410,"midstream":0,"thread_ts_usec":1655734764426590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1655734524340111,"flow_src_last_pkt_time":1655734524597364,"flow_dst_last_pkt_time":1655734524593066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3657,"flow_src_tot_l4_payload_len":749,"flow_dst_tot_l4_payload_len":3984,"midstream":0,"thread_ts_usec":1655734764426590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00785{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1655734524343748,"flow_src_last_pkt_time":1655734524541811,"flow_dst_last_pkt_time":1655734524541420,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3655,"flow_src_tot_l4_payload_len":749,"flow_dst_tot_l4_payload_len":3982,"midstream":0,"thread_ts_usec":1655734764426590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45108,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1655734524346049,"flow_src_last_pkt_time":1655734524597767,"flow_dst_last_pkt_time":1655734524593379,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3658,"flow_src_tot_l4_payload_len":749,"flow_dst_tot_l4_payload_len":3985,"midstream":0,"thread_ts_usec":1655734764426590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00981{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1655734524340111,"flow_src_last_pkt_time":1655734524597364,"flow_dst_last_pkt_time":1655734524593066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3657,"flow_src_tot_l4_payload_len":749,"flow_dst_tot_l4_payload_len":3984,"midstream":0,"thread_ts_usec":1655734764426590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00982{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1655734524343748,"flow_src_last_pkt_time":1655734524541811,"flow_dst_last_pkt_time":1655734524541420,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3655,"flow_src_tot_l4_payload_len":749,"flow_dst_tot_l4_payload_len":3982,"midstream":0,"thread_ts_usec":1655734764426590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45108,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00981{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1655734524346049,"flow_src_last_pkt_time":1655734524597767,"flow_dst_last_pkt_time":1655734524593379,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3658,"flow_src_tot_l4_payload_len":749,"flow_dst_tot_l4_payload_len":3985,"midstream":0,"thread_ts_usec":1655734764426590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00983{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1655734525210582,"flow_src_last_pkt_time":1655734525633318,"flow_dst_last_pkt_time":1655734525631645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":738,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734764426590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00987{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1655734525218267,"flow_src_last_pkt_time":1655734525773780,"flow_dst_last_pkt_time":1655734525773395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":749,"flow_src_tot_l4_payload_len":2295,"flow_dst_tot_l4_payload_len":1194,"midstream":0,"thread_ts_usec":1655734764426590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01460{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734764418751,"flow_src_last_pkt_time":1655734764426265,"flow_dst_last_pkt_time":1655734764619627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":203,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":203,"midstream":0,"thread_ts_usec":1655734764619627,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.200.188","src_port":47046,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mtalk.google.com","tls": {"version":"TLSv1.3","ja3":"58e34c2965c9f3fa4919d58deef1f49e","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} @@ -174,22 +174,22 @@ 01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1655734777912168,"flow_dst_last_pkt_time":1655734777909352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734777912168,"pkt":"ABoRAAACABoRAAABCABFAAItVQ1AAEAG\/3sKCAABaBFyKIRCAbtalsotpWk11FAY\/\/8d9wAAFgMBAgABAAH8AwMmAdKYGKsqqphSvWqupDgnKUFtDbqLJVhyc5O8GAS+ayBzS35friOfAWwzRvK4nOaCBJAbSD\/HvnzVJtlqjl91KAAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurXqfhCsyPABZtbMnzb26AxMffuozfeg4IKaCIbNJ3q2zznlQTcn2vtZGw2LgspfFkx\/\/ulZltuMfvovkdu6OxfbcYa5VnIF3xidmaUJ8SUPb79tJJFaBhFXEN61mvGK7zPpvVrV3mTyXEwUGGWTkZAGHvhktDm3FDiaeMeQoyzU\/JxID7YfTFAEkYxMS3+IaSjPuX3oi2kUbrLhwugcx7H6N+6QUOak1x1EA8eU6f8ZVAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734777904202,"flow_src_last_pkt_time":1655734777912168,"flow_dst_last_pkt_time":1655734777909352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734777912168,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33858,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1655734777912168,"flow_dst_last_pkt_time":1655734777912678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734777912678,"pkt":"ABoRAAACABoRAAABCABFAAAoALZAABAGhdhoEXIoCggAAQG7hEKlaTXUWpbMMlAQ\/\/9DjgAA"} -00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655734764418751,"flow_src_last_pkt_time":1655734764869724,"flow_dst_last_pkt_time":1655734764819484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":529,"flow_src_tot_l4_payload_len":981,"flow_dst_tot_l4_payload_len":850,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.200.188","src_port":47046,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1655734776512617,"flow_src_last_pkt_time":1655734777353819,"flow_dst_last_pkt_time":1655734777302084,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":5473,"flow_src_tot_l4_payload_len":2129,"flow_dst_tot_l4_payload_len":6457,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50904,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1655734524480852,"flow_src_last_pkt_time":1655734524990363,"flow_dst_last_pkt_time":1655734524940004,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3864,"flow_src_tot_l4_payload_len":1386,"flow_dst_tot_l4_payload_len":4498,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":47496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1655734755247797,"flow_src_last_pkt_time":1655734756001569,"flow_dst_last_pkt_time":1655734755950969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":2760,"flow_src_tot_l4_payload_len":814,"flow_dst_tot_l4_payload_len":3457,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.7.32","src_port":60224,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1655734776705767,"flow_src_last_pkt_time":1655734778245353,"flow_dst_last_pkt_time":1655734778245065,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3864,"flow_src_tot_l4_payload_len":1479,"flow_dst_tot_l4_payload_len":4498,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":48222,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01236{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655734764418751,"flow_src_last_pkt_time":1655734764869724,"flow_dst_last_pkt_time":1655734764819484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":529,"flow_src_tot_l4_payload_len":981,"flow_dst_tot_l4_payload_len":850,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.200.188","src_port":47046,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1655734776512617,"flow_src_last_pkt_time":1655734777353819,"flow_dst_last_pkt_time":1655734777302084,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":5473,"flow_src_tot_l4_payload_len":2129,"flow_dst_tot_l4_payload_len":6457,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50904,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1655734524480852,"flow_src_last_pkt_time":1655734524990363,"flow_dst_last_pkt_time":1655734524940004,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3864,"flow_src_tot_l4_payload_len":1386,"flow_dst_tot_l4_payload_len":4498,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":47496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement"}} +01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1655734755247797,"flow_src_last_pkt_time":1655734756001569,"flow_dst_last_pkt_time":1655734755950969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":2760,"flow_src_tot_l4_payload_len":814,"flow_dst_tot_l4_payload_len":3457,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.7.32","src_port":60224,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Messenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} +01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1655734776705767,"flow_src_last_pkt_time":1655734778245353,"flow_dst_last_pkt_time":1655734778245065,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3864,"flow_src_tot_l4_payload_len":1479,"flow_dst_tot_l4_payload_len":4498,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":48222,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement"}} 01049{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1655734754648445,"flow_src_last_pkt_time":1655734754651380,"flow_dst_last_pkt_time":1655734754651336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"8.8.8.8","src_port":51120,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00773{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1655734754648445,"flow_src_last_pkt_time":1655734754651380,"flow_dst_last_pkt_time":1655734754651336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"8.8.8.8","src_port":51120,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":13,"flow_first_seen":1655734759670358,"flow_src_last_pkt_time":1655734762085906,"flow_dst_last_pkt_time":1655734762035602,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":4026,"flow_src_tot_l4_payload_len":1421,"flow_dst_tot_l4_payload_len":6373,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"99.83.135.170","src_port":47594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1655734754614463,"flow_src_last_pkt_time":1655734755078257,"flow_dst_last_pkt_time":1655734754614463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1551,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"104.17.114.40","src_port":38398,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":13,"flow_first_seen":1655734759670358,"flow_src_last_pkt_time":1655734762085906,"flow_dst_last_pkt_time":1655734762035602,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":4026,"flow_src_tot_l4_payload_len":1421,"flow_dst_tot_l4_payload_len":6373,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"99.83.135.170","src_port":47594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01106{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1655734754614463,"flow_src_last_pkt_time":1655734755078257,"flow_dst_last_pkt_time":1655734754614463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1551,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"104.17.114.40","src_port":38398,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":12,"flow_first_seen":1655734524312623,"flow_src_last_pkt_time":1655734524991165,"flow_dst_last_pkt_time":1655734524991083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":5473,"flow_src_tot_l4_payload_len":2127,"flow_dst_tot_l4_payload_len":6486,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50178,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":30,"flow_first_seen":1655734776460292,"flow_src_last_pkt_time":1655734777910457,"flow_dst_last_pkt_time":1655734777903866,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":2900,"flow_src_tot_l4_payload_len":4802,"flow_dst_tot_l4_payload_len":6169,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33830,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00984{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655734776516959,"flow_src_last_pkt_time":1655734776970401,"flow_dst_last_pkt_time":1655734776962883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":738,"flow_dst_tot_l4_payload_len":225,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33838,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00984{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655734776520455,"flow_src_last_pkt_time":1655734776969874,"flow_dst_last_pkt_time":1655734776962409,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":738,"flow_dst_tot_l4_payload_len":225,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00985{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1655734776527103,"flow_src_last_pkt_time":1655734776901504,"flow_dst_last_pkt_time":1655734776891156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":738,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00984{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655734776538093,"flow_src_last_pkt_time":1655734776971287,"flow_dst_last_pkt_time":1655734776963310,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":738,"flow_dst_tot_l4_payload_len":225,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33848,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1655734777904202,"flow_src_last_pkt_time":1655734777912168,"flow_dst_last_pkt_time":1655734777912678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33858,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1655734777904202,"flow_src_last_pkt_time":1655734777912168,"flow_dst_last_pkt_time":1655734777912678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33858,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":421,"packets-processed":421,"total-skipped-flows":0,"total-l4-payload-len":92077,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":20,"total-detection-updates":19,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":193,"global_ts_usec":1655734778245353} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 421/421 |