diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2023-05-23 04:38:07 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2023-05-24 19:30:19 +0200 |
| commit | c9514136b7c4246a57b85474d1a8e376a9009d4a (patch) | |
| tree | eb17d83ea16815000a4f723c240e54f21cf0691b /test/results/disable_protocols | |
| parent | a4e5bab9b2826ae50a48da275b6b441624aab50f (diff) | |
bump libnDPI to ...
* upstream changed regression test interface, needed to adapt
* improved libnDPI helper build script
* updated JSON schema
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/disable_protocols')
4 files changed, 162 insertions, 0 deletions
diff --git a/test/results/disable_protocols/dns_long_domainname.pcap.out b/test/results/disable_protocols/dns_long_domainname.pcap.out new file mode 100644 index 000000000..3936f82b5 --- /dev/null +++ b/test/results/disable_protocols/dns_long_domainname.pcap.out @@ -0,0 +1,24 @@ +00530{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00593{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1599686652555538} +00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1599686652555538,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1599686652555538,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZsREAAEAR9yLAqAGoCAgICP8fADUARcOpi1QBAAABAAAAAAAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAQ=="} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1599686652555538,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"thread_ts_usec":1599686652578187,"pkt":"KDc3AG3IEBMx8Tl2CABFAACR3WoAAHYRlJEICAgIwKgBqAA1\/x8AfQAAi1SBgwABAAAAAQAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAcAsAAYAAQAABcMALAJucwVpY2FubgNvcmcAA25vYwNkbnPATHhn+r4AABwgAAAOEAASdQAAAA4Q"} +01226{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1599686652578187,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","dns": {"num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1599686652578187,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00597{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1599686652578187} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 2/2 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 178 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7676801 bytes +~~ total memory freed........: 7676801 bytes +~~ total allocations/frees...: 142381/142381 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 535 chars +~~ json string max len.......: 1231 chars +~~ json string avg len.......: 874 chars diff --git a/test/results/disable_protocols/pluralsight.pcap.out b/test/results/disable_protocols/pluralsight.pcap.out new file mode 100644 index 000000000..e5670495e --- /dev/null +++ b/test/results/disable_protocols/pluralsight.pcap.out @@ -0,0 +1,74 @@ +00522{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00585{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648373355763733} +00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355763733,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373355763733,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355763733,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373355763733,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8t1dAAEAGzuTAqAGANkW8EqaSAbs5mmmUAAAAAKAC+vDIPgAAAgQFtAQCCAqK+PnbAAAAAAEDAwc="} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373355952180,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOAG5js2RbwSwKgBgAG7ppJ9QO7SOZpplaASaN998gAAAgQFtAQCCApSMR4Hivj52wEDAwg="} +01254{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1648373355952549,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5t1lAAEAGzOXAqAGANkW8EqaSAbs5mmmVfUDu04AYAfbrKAAAAQEICor4+pdSMR4HFgMBAgABAAH8AwM1jCFDKADpkwCWNDdgH\/adXVGzDgYuQsQMuim+6yCdjCAuElAWaAcNbYd22pDJpusrU2oMuj5gm\/t2Aky6e512VAAgamoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAAABQAEgAAD3BsdXJhbHNpZ2h0LmNvbQAXAAD\/AQABAAAKAAoACCoqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApKioAAQAAHQAgy0tnman9YKIJBU2tFJ\/X+H4+8C285s8hNvU9rt60YmAALQACAQEAKwAHBgoKAwQDAwAbAAMCAAJEaQAFAAMCaDJqagABAAAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01199{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373355952549,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139861,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373356139861,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcqW9AAOAGNyw2RbwSwKgBgAG7ppJ9QO7TOZprmoAQAG5jngAAAQEIClIxHsWK+PqXFgMDAEYCAABCAwOA5WC3JqevYzzUx7sAgkcnkWLtUg1Xcif8LAl\/TJHvdQDALwAAGv8BAAEAAAsABAMAAQIAIwAAABAABQADAmgyFgMDFCsLABQnABQkAAa\/MIIGuzCCBaOgAwIBAgIIRQTgxdAUfGQwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjAwNTAyMTYwMjA4WhcNMjIwNzAxMjM0MjI4WjA\/MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGjAYBgNVBAMMESoucGx1cmFsc2lnaHQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSJg4wZgzdbbQJBQZhpcu6kt1yALpBEwdrVeNm1058LHSvcFCpcQ7k2VflDO787iBTgMlrfWy2xPSA7dEEi3sWmGvwZhI42laHi\/cRXRuYGgAg+p5ED1\/KI4VgH0+\/DEDlJmdBUPV4w70Lzu\/VFvb5N6Kw9OPAje4RaJcjYC6fjHvQDyP8IefKIgkzP\/J68B00drY5eqZcv63b1GwhRozV7ChHkjNJwACK6ZKNc1d65kuAAQlO8yxZbKqqIP8vsHzhwdrLvF2OkMFV9i\/YcFzJmEwdUHpo2qHLQXdNUUdz0lxCntTc5uG8AFLCsuVyzRahyj9I2frvleD\/hGr412owIDAQABo4IDQzCCAz8wDAYDVR0TAQH\/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH\/BAQDAgWgMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZzJzMS0xOTI1LmNybDBdBgNVHSAEVjBUMEgGC2CGSAGG\/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RpZzIuY3J0MB8GA1UdIwQYMBaAFEDCvSeOzDSDMKIz1\/tss\/C0LIDOMC0GA1UdEQQmMCSCESoucGx1cmFsc2lnaHQuY29tgg9wbHVyYWxzaWdodC5jb20wHQYDVR0OBBYEFHGsEKvGACoriNxVjIM6FsyWy5xFMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAXHWH6HXAAAEAwBHMEUCIQCdq2ML0Jumv\/iwktHg9EsmJGw6zFWoVcwtyGu\/OquCpwIgJNt1t1fAS5zanYUHVg1aMgxKZxKpYR6jQNCINKhMD8EAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAXHWH6eYAAAEAwBHMEUCIQDOz0qVjezJW1dWI7uBCCgp8Vare8XuroiKxVinR889OwIgTBWtS\/mx69sNFk2T86UGhx90X2tLUGINGtaF04Pqrs0AdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMA="} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139861,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1648373356139861,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139917,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373356139917,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcqXBAAOAGNys2RbwSwKgBgAG7ppJ9QPR7OZprmoAQAG5r5gAAAQEIClIxHsWK+PqX75SYVdaJ0N0AAAFx1h+p5gAABAMARzBFAiArTqTaTNvTVBxKcE\/cBnjdmdOpwF7wOjcm630XBESqNQIhAP9I\/m28a30n87OXSSWJMlzY0ZubLGqcj8tRe9nxjdH6MA0GCSqGSIb3DQEBCwUAA4IBAQArJTxpGLwd+6RFESgocdVAaUnnWVF05CS6VyiI\/I\/6hlgY98VaPMbYAUs625+z4QW6RINrj\/dBbui4MFxolC+9fx01MHlq8FWGhd6ATKhv9SsO39\/E7GyBeHsdEDqXs5\/rAOwx7YkF9iaJEzlt9DxDaybhln4vlGlbk4WSRU8XJJEXZcvvMBDpLw2v2xC1PTQ+qQYru7XvN8uqc5qpIflenl6uZn8fv8mM9AIofo2gd0QTddupk+TbkOroHXLBf9I4mGcXV7ofNOZhiVDQs179yI7PbSfDz\/HBeL8engijD\/xuPLda37wCjIJ07hx0Z0ehQNPvZtHGLsnh96sdovIjAATUMIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAwMFoXDTMxMDUwMzA3MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzDBNliF44v\/z5lz4\/OYuY8UhzaFkVLVat4a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOvK\/6AYZ15V8TPLvQ\/MDxdR\/yaFrzDN5ZBUY4RS1T4KL7QjL7wMDge87Am+GZHY23ecSZHjzhHU9FGHbTj3ADqRay9vHHZqm8A29vNMDp5T19MR\/gd71vCxJ1gO7GyQ5HYpDNO6rPWJ0+tJYqlxvTV0KaudAVkV4i1RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7neTOvDCAHf+jfBDnCaQJsY1L6d8EbyHSHyLmTGFBUNUtpTrw700kuH9zB0lL7AgMBAAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH\/MA4GA1UdDwEB\/wQEAwIBBjAdBgNVHQ4EFgQUQMK9J47MNIMwojPX+2yz8LQsgM4wHwYDVR0jBBgwFoAUOpqFBxBnKLbv9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZHJvb3QtZzIuY3JsMEYGA1UdIAQ\/MD0wOwYEVR0gADAzMDEGCCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAIfmyTEMg4uJapkEv\/oV9PBO9sPpyIBslQj6Zz91cxG7685C\/b+LrTW+C05+Z5Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2RJ17LJ3lXubvDGGqv+QqG+6Enrg="} +01630{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139971,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5590,"midstream":0,"thread_ts_usec":1648373356139971,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","tls": {"version":"TLSv1.2","server_names":"*.pluralsight.com,pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.pluralsight.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"31:0B:3D:03:7A:6A:F8:86:8F:CE:62:30:E9:A2:F1:47:E5:6C:3D:F7"}}} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357854664,"flow_dst_last_pkt_time":1648373357854664,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357854664,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1648373357854664,"flow_dst_last_pkt_time":1648373357854664,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373357854664,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8tRVAAEAG8mLAqAGAkks+0KceAbt\/83TdAAAAAKAC+vCjygAAAgQFtAQCCAquLcooAAAAAAEDAwc="} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357861427,"flow_dst_last_pkt_time":1648373357861427,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357861427,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1648373357861427,"flow_dst_last_pkt_time":1648373357861427,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373357861427,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA85z1AAEAGwDrAqAGAkks+0KcmAbuYBq2TAAAAAKAC+vBS8wAAAgQFtAQCCAquLcouAAAAAAEDAwc="} +00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1648373357854664,"flow_dst_last_pkt_time":1648373357870317,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373357870317,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGrniSSz7QwKgBgAG7px6MpPZof\/N03qAS\/\/\/QggAAAgQFTAQCCApC6QiXri3KKAEDAwk="} +01256{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357870317,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1648373357870481,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5tRdAAEAG8GPAqAGAkks+0KceAbt\/83TejKT2aYAYAfY+HwAAAQEICq4tyjdC6QiXFgMBAgABAAH8AwNByQDZoxI4dOK0Sqz8YqFtpt\/EgjJNogy+qC4qHtET5yBBjqjV\/zD\/ZZYcaXw3kK2L11Av5ASkLtB9CBYWZu3HRgAg2toTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTGhoAAAAAABsAGQAAFnBsdXJhbHNpZ2h0Mi5pbWdpeC5uZXQAFwAA\/wEAAQAACgAKAAh6egAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKXp6AAEAAB0AICyryrnXcbLoAjfLxc89+emszCPBlJNQz9WtPrwFSKZoAC0AAgEBACsABwZ6egMEAwMAGwADAgACRGkABQADAmgySkoAAQAAFQDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357870317,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357870481,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight2.imgix.net","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1648373357861427,"flow_dst_last_pkt_time":1648373357879338,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373357879338,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGrniSSz7QwKgBgAG7pyYtR\/VLmAatlKAS\/\/8fEgAAAgQFTAQCCAr1hBcPri3KLgEDAwk="} +01253{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357879338,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1648373357879453,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI55z9AAEAGvjvAqAGAkks+0KcmAbuYBq2ULUf1TIAYAfb0QgAAAQEICq4tykD1hBcPFgMBAgABAAH8AwMVCkjcl1ldHYszMMhbvCrBmyAv89Ky2j4DTP7XcUyMOSBZfmcNBQmySrBYu\/Xc6jDaJEswZCfnt+SXnGDnGRc5VwAgCgoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAAABoAGAAAFXBsdXJhbHNpZ2h0LmltZ2l4Lm5ldAAXAAD\/AQABAAAKAAoACBoaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApGhoAAQAAHQAgibFRT+4ffFiWVzdt9+CHYgJvYueRYWReY4H44PP66lMALQACAQEAKwAHBurqAwQDAwAbAAMCAAJEaQAFAAMCaDJaWgABAAAVAMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01203{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357879338,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357879453,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.imgix.net","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357887214,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_usec":1648373357887214,"pkt":"PKn0qB\/spJGxgjQ5CABFAAVwy7JAADkG3ZGSSz7QwKgBgAG7px6MpPZpf\/N244AQAQnCdgAAAQEICkLpCKmuLco3FgMDAFICAABOAwO6XIhZjRsIbZDozpr1cCQJ4YRKyEEKscq5XpJVSzbGlADALwAAJv8BAAEAAAAAAAALAAQDAAECACMAAAAFAAAAEAAFAAMCaDIAFwAAFgMDCzYLAAsyAAsvAAZzMIIGbzCCBVegAwIBAgIQAS9nOSftrM\/NLZrw\/SoL\/DANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTErMCkGA1UEAxMiR2xvYmFsU2lnbiBBdGxhcyBSMyBEViBUTFMgQ0EgMjAyMDAeFw0yMTA1MTAyMzA5NTdaFw0yMjA2MTEyMzA5NTZaMBYxFDASBgNVBAMMCyouaW1naXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtM2d7k3mMXLoGZ8dsCzKEv\/iAG7db5OS9zWBDVE3gTu2BP7KvkzsRhp3tj40M5uHOpBk78Onyv05WUN8dlLDCKppJ1MyuTtZ7Js+LE1GTMKOIrO13a9rwuvdYmoe2V4ccVVbXeX34ZVJPDHkMOWMH99sBaFNROtf64LhLu1ng8NBkUjhNzWSfQdrg2G\/BGXVWv5UQf9\/TXXwzGZV+7k\/SIXwWlwMiRImjm2IPCyM7xO9PdPs1F0mep723FE9NdEjZx6bVITNwxRluW8EDNnV2OGfJc4svjsY9F0fTNEehrrkyA78fo0co8gFcYFIfYoFQ8Tx0Ye2nmOI71+eH20DfwIDAQABo4IDeDCCA3QwOQYDVR0RBDIwMIILKi5pbWdpeC5jb22CCyouaW1naXgubmV0gglpbWdpeC5jb22CCWltZ2l4Lm5ldDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRU6xzs2st5sPHVa9gktTgoye33VTBWBgNVHSAETzBNMEEGCSsGAQQBoDIBCjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwCQYDVR0TBAIwADCBmgYIKwYBBQUHAQEEgY0wgYowPgYIKwYBBQUHMAGGMmh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2NhL2dzYXRsYXNyM2R2dGxzY2EyMDIwMEgGCCsGAQUFBzAChjxodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2F0bGFzcjNkdnRsc2NhMjAyMC5jcnQwHwYDVR0jBBgwFoAUQm1XLU8fJnd0pidk9oD6j0ho\/nwwRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9jYS9nc2F0bGFzcjNkdnRsc2NhMjAyMC5jcmwwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB1AG9Tdqwx8DEZ2JkApFEV\/3cVHBHZAsEAKQaNsgiaN9kTAAABeViLVtAAAAQDAEYwRAIgFJUbp8zRVM2ymHpaBv7zGx+3V0vX1oW8W6pafQNwJIECIF82EX0oLSxMljZcWPIehFSBOYBdc5vOapX2e2OMeIbUAHcARqVV63X6kSAwtaKJafTzfREsQXS+\/Um4havy\/HD+bUcAAAF5WItWyAAABAMASDBGAiEA76uJqqwZa4Jhk2SQ2jcwQBZYH7n+uyGeoOr2oOiiF0MCIQDtiVL1M\/n0TGXMpgng7tQ="} +01287{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357887214,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1340,"midstream":0,"thread_ts_usec":1648373357887214,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight2.imgix.net","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357887220,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_usec":1648373357887220,"pkt":"PKn0qB\/spJGxgjQ5CABFAAVwy7NAADkG3ZCSSz7QwKgBgAG7px6MpPulf\/N244AQAQkZKgAAAQEICkLpCKmuLco3ahV8ZpdERTsq5aiKCdel9zgAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAXlYi1c\/AAAEAwBHMEUCIQD88phuR9bgOJ50FssFiYaBo4yrHB5J95ouhbRLpptKlQIgcaHKzP6l2VLeTLrHXQKoXz9kqKD4AiCQzgcvVBxkOhYwDQYJKoZIhvcNAQELBQADggEBACRyUMLxw3XkYr0iGFf7LSN1EpWsOR0qXYUJeSD+gEbwZ6e\/2WbwIcpz7MW0qa2Kp7tFkw9Uh7Cp+zdjYfMQKhzpCp2+Ws0mTcAssCHYkeGkfwBHRVpFnbCnZ7cqA6x5\/ERoiJ6e9ShnTl8gREqPjEe\/kqgGIH6VxnEajqxXNAXu847jy+zUobNrPprEr8sJU1Wn1tZELcR+VzsTicoSUiddXVVqYB7uusn9fYRaNBwA3PFergkTUdpoJjRwrj5fri9mQErJKsKdU+gfusdKByvu6KA3arN\/Gv3F\/C3AwZv02+50jWZTEjyDjcvNw364BTNfQ8iLfDIFMzK\/BFImhL0ABLYwggSyMIIDmqADAgECAhB4AxggzwI286aFGLrvt\/cBMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTIwMDcyODAwMDAwMFoXDTI5MDMxODAwMDAwMFowVTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExKzApBgNVBAMTIkdsb2JhbFNpZ24gQXRsYXMgUjMgRFYgVExTIENBIDIwMjAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJp0\/QYg1WB2tVDaYfybSL6DdaL9KMIEKnP0tn3z15ZGtqDjONRzmzZYn09a\/Vc5sXRuEu02evPRsKhrC1C6fp02XmYdgHV9sUiJIhT74j1X1sYezj1puaAA9YtIXhR+kqgmEn9t2P0Nff8s8Jn7vT+xFdcb+qwtgjTlYZYS2qdWfjBcQv6FagKfzJCOxvBTAAKrQyMiBHKlpuZPc5E4sYTr\/Z8e5Dk\/QgeMtSmi+QXMiJN2hffcsYUa2zcdzv4NohbwyxTVu3ZQmuSeUuEZmXf0A+GdqWZ\/kCoXCxw6UKSrTmma9hHJy+LlWii\/4FJzmpgTYtxLiqTf0QLnpCf+8FAgMBAAGjggGFMIIBgTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFEJtVy1PHyZ3dKYnZPaA+o9IaP58MB8GA1UdIwQYMBaAFI\/wS3+oLkUkrk1Q+mOai97i3Ru8MHsGCCsGAQUFBwEBBG8wbTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL3Jvb3RyMzA7BggrBgEFBQcwAoYvaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvcm9vdC1yMy5jcnQwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9yb290LXIzLmNybDBHBgNVHSAEQDA+MDwGBFUdIAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3M="} +01530{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357887226,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4020,"midstream":0,"thread_ts_usec":1648373357887226,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight2.imgix.net","tls": {"version":"TLSv1.2","server_names":"*.imgix.com,*.imgix.net,imgix.com,imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.imgix.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D"}}} +02363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357901597,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_usec":1648373357901597,"pkt":"PKn0qB\/spJGxgjQ5CABFAAVwx75AADkG4YWSSz7QwKgBgAG7pyYtR\/VMmAavmYAQAQkZkgAAAQEICvWEFyKuLcpAFgMDAFICAABOAwMgeDaCaH+ifl7BHuGkMXIEJdYJhJkayUt39GpkFgu93wDALwAAJv8BAAEAAAAAAAALAAQDAAECACMAAAAFAAAAEAAFAAMCaDIAFwAAFgMDCzYLAAsyAAsvAAZzMIIGbzCCBVegAwIBAgIQAS9nOSftrM\/NLZrw\/SoL\/DANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTErMCkGA1UEAxMiR2xvYmFsU2lnbiBBdGxhcyBSMyBEViBUTFMgQ0EgMjAyMDAeFw0yMTA1MTAyMzA5NTdaFw0yMjA2MTEyMzA5NTZaMBYxFDASBgNVBAMMCyouaW1naXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtM2d7k3mMXLoGZ8dsCzKEv\/iAG7db5OS9zWBDVE3gTu2BP7KvkzsRhp3tj40M5uHOpBk78Onyv05WUN8dlLDCKppJ1MyuTtZ7Js+LE1GTMKOIrO13a9rwuvdYmoe2V4ccVVbXeX34ZVJPDHkMOWMH99sBaFNROtf64LhLu1ng8NBkUjhNzWSfQdrg2G\/BGXVWv5UQf9\/TXXwzGZV+7k\/SIXwWlwMiRImjm2IPCyM7xO9PdPs1F0mep723FE9NdEjZx6bVITNwxRluW8EDNnV2OGfJc4svjsY9F0fTNEehrrkyA78fo0co8gFcYFIfYoFQ8Tx0Ye2nmOI71+eH20DfwIDAQABo4IDeDCCA3QwOQYDVR0RBDIwMIILKi5pbWdpeC5jb22CCyouaW1naXgubmV0gglpbWdpeC5jb22CCWltZ2l4Lm5ldDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRU6xzs2st5sPHVa9gktTgoye33VTBWBgNVHSAETzBNMEEGCSsGAQQBoDIBCjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwCQYDVR0TBAIwADCBmgYIKwYBBQUHAQEEgY0wgYowPgYIKwYBBQUHMAGGMmh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2NhL2dzYXRsYXNyM2R2dGxzY2EyMDIwMEgGCCsGAQUFBzAChjxodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2F0bGFzcjNkdnRsc2NhMjAyMC5jcnQwHwYDVR0jBBgwFoAUQm1XLU8fJnd0pidk9oD6j0ho\/nwwRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9jYS9nc2F0bGFzcjNkdnRsc2NhMjAyMC5jcmwwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB1AG9Tdqwx8DEZ2JkApFEV\/3cVHBHZAsEAKQaNsgiaN9kTAAABeViLVtAAAAQDAEYwRAIgFJUbp8zRVM2ymHpaBv7zGx+3V0vX1oW8W6pafQNwJIECIF82EX0oLSxMljZcWPIehFSBOYBdc5vOapX2e2OMeIbUAHcARqVV63X6kSAwtaKJafTzfREsQXS+\/Um4havy\/HD+bUcAAAF5WItWyAAABAMASDBGAiEA76uJqqwZa4Jhk2SQ2jcwQBZYH7n+uyGeoOr2oOiiF0MCIQDtiVL1M\/n0TGXMpgng7tQ="} +01286{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357901597,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1340,"midstream":0,"thread_ts_usec":1648373357901597,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.imgix.net","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357901597,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_usec":1648373357901597,"pkt":"PKn0qB\/spJGxgjQ5CABFAAVwx79AADkG4YSSSz7QwKgBgAG7pyYtR\/qImAavmYAQAQlntQAAAQEICvWEFyKuLcpAahV8ZpdERTsq5aiKCdel9zgAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAXlYi1c\/AAAEAwBHMEUCIQD88phuR9bgOJ50FssFiYaBo4yrHB5J95ouhbRLpptKlQIgcaHKzP6l2VLeTLrHXQKoXz9kqKD4AiCQzgcvVBxkOhYwDQYJKoZIhvcNAQELBQADggEBACRyUMLxw3XkYr0iGFf7LSN1EpWsOR0qXYUJeSD+gEbwZ6e\/2WbwIcpz7MW0qa2Kp7tFkw9Uh7Cp+zdjYfMQKhzpCp2+Ws0mTcAssCHYkeGkfwBHRVpFnbCnZ7cqA6x5\/ERoiJ6e9ShnTl8gREqPjEe\/kqgGIH6VxnEajqxXNAXu847jy+zUobNrPprEr8sJU1Wn1tZELcR+VzsTicoSUiddXVVqYB7uusn9fYRaNBwA3PFergkTUdpoJjRwrj5fri9mQErJKsKdU+gfusdKByvu6KA3arN\/Gv3F\/C3AwZv02+50jWZTEjyDjcvNw364BTNfQ8iLfDIFMzK\/BFImhL0ABLYwggSyMIIDmqADAgECAhB4AxggzwI286aFGLrvt\/cBMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTIwMDcyODAwMDAwMFoXDTI5MDMxODAwMDAwMFowVTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExKzApBgNVBAMTIkdsb2JhbFNpZ24gQXRsYXMgUjMgRFYgVExTIENBIDIwMjAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJp0\/QYg1WB2tVDaYfybSL6DdaL9KMIEKnP0tn3z15ZGtqDjONRzmzZYn09a\/Vc5sXRuEu02evPRsKhrC1C6fp02XmYdgHV9sUiJIhT74j1X1sYezj1puaAA9YtIXhR+kqgmEn9t2P0Nff8s8Jn7vT+xFdcb+qwtgjTlYZYS2qdWfjBcQv6FagKfzJCOxvBTAAKrQyMiBHKlpuZPc5E4sYTr\/Z8e5Dk\/QgeMtSmi+QXMiJN2hffcsYUa2zcdzv4NohbwyxTVu3ZQmuSeUuEZmXf0A+GdqWZ\/kCoXCxw6UKSrTmma9hHJy+LlWii\/4FJzmpgTYtxLiqTf0QLnpCf+8FAgMBAAGjggGFMIIBgTAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFEJtVy1PHyZ3dKYnZPaA+o9IaP58MB8GA1UdIwQYMBaAFI\/wS3+oLkUkrk1Q+mOai97i3Ru8MHsGCCsGAQUFBwEBBG8wbTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL3Jvb3RyMzA7BggrBgEFBQcwAoYvaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvcm9vdC1yMy5jcnQwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9yb290LXIzLmNybDBHBgNVHSAEQDA+MDwGBFUdIAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3M="} +01529{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357901597,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4020,"midstream":0,"thread_ts_usec":1648373357901597,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.imgix.net","tls": {"version":"TLSv1.2","server_names":"*.imgix.com,*.imgix.net,imgix.com,imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.imgix.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D"}}} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358908144,"flow_dst_last_pkt_time":1648373358908144,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373358908144,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1648373358908144,"flow_dst_last_pkt_time":1648373358908144,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373358908144,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8pPxAAEAG95PAqAGAEsvJOKZ6AbsXjcxKAAAAAKAC+vDGJwAAAgQFtAQCCAq7LqF\/AAAAAAEDAwc="} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1648373358908144,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373358948816,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOUG948Sy8k4wKgBgAG7pnpgCgHJF43MS6ASaN+FjQAAAgQFtAQCCAqVXttnuy6hfwEDAwg="} +01256{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1648373358949276,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5pP5AAEAG9ZTAqAGAEsvJOKZ6AbsXjcxLYAoByoAYAfahVQAAAQEICrsuoaiVXttnFgMBAgABAAH8AwPQaIxCQafGfU7U68BjTWz12bgC7rPMRDrwBcYKkg2BtiCsXEdEYhfEEMAlvDmVmL\/9\/3dvAf\/ZUZkvazPc8sBEAwAg6uoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAAABgAFgAAE3N0dC5wbHVyYWxzaWdodC5jb20AFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKVpaAAEAAB0AIC1NIbYz00S\/PDWD2znXWT+4vqGbUzfdyPQt1wB6uPFJAC0AAgEBACsABwb6+gMEAwMAGwADAgACRGkABQADAmgyuroAAQAAFQDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373358949276,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358988767,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373358988767,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcvRJAAOUGNN0Sy8k4wKgBgAG7pnpgCgHKF43OUIAQAG7AjQAAAQEICpVe25C7LqGoFgMDAEYCAABCAwONSvORfRK+oCxj36Hg6J2Hj1QoaCg2HEgsIONHMtI7MQDALwAAGgAAAAD\/AQABAAALAAQDAAECABAABQADAmgyFgMDD1QLAA9QAA9NAAbPMIIGyzCCBbOgAwIBAgIQB\/B75x6f37TLIkIFT5mkADANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBEaWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMTEwMDEwMDAwMDBaFw0yMjEwMDEyMzU5NTlaMHgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEjMCEGA1UEChMaQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQxHDAaBgNVBAMTE3N0dC5wbHVyYWxzaWdodC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDr0xSOZf6cCydxEcuFpMVtE13xSxgvN+BhmKgaQAFAzHuwpqwKyaYNmuuLH\/VY4kWvt8oOW3wCuzOM+EMY1K7qcL+jle28Q47YlvtlMucVxaWwRNmKApjrDY2t5SUUQdf2joKa3AMbeENJerDPlu+0VGDcQTqWT9piC0Gkf4X3KOy\/pQfvHRbuzGVd27UtimfLJFXU0JlWM+hCFgHHXQ0OsRQGtSRQn7NHHZvcjzGEcKei5SlMP5F+AbeUb0TDvIhz8x1hWofd9DhmJevyeADezC\/ufKEHGqCAV5PP3Z1d2enMQP1jzKpQXhefR9QTTv1Xw+xqOoPmo8RYBDpRcC6HAgMBAAGjggN4MIIDdDAfBgNVHSMEGDAWgBS3a6LqqKqEjHnqtNoPmLLFlXa59DAdBgNVHQ4EFgQUBvB7mWhufk4oLyHNuYTGk+hRL+IwHgYDVR0RBBcwFYITc3R0LnBsdXJhbHNpZ2h0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGPBgNVHR8EgYcwgYQwQKA+oDyGOmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtNC5jcmwwQKA+oDyGOmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU1JTQVNIQTI1NjIwMjBDQTEtNC5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMH8GCCsGAQUFBwEBBHMwcTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEkGCCsGAQUFBzAChj1odHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAwGA1UdEwEB\/wQCMAAwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB3ACl5vvCeOTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABfD5FpRQAAAQDAEgwRgIhANbj9wEZj1VoGi2UMZnu3XdkngNqGzgH0H+SQhnbt3jmAiEAqwd+SxYB3DbbxtBV\/7joXhChyIF2XFd33lGbzb6QjcEAdwBByMqx3yJGShDGoToJQodeTjGLGwPr60vHaPCQYpYG9gAAAXw+RaUVAAAEAwBIMEYCIQDAIrZL2u\/2JggDkhT0JCtofKLodQnV8LO7lcpEm5pVngIhAM0ARgZECXgacp8gNEXiUuDbe\/K5+5FF6yOd5k8zoidrAHYA36Veq2iCTx8="} +01288{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358988767,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1648373358988767,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358992536,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373358992536,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcvRNAAOUGNNwSy8k4wKgBgAG7pnpgCgdyF43OUIAQAG4ZwQAAAQEICpVe25C7LqGobK3uuF9OPlrqzaISpGpejjsSwCBEXCpzAAABfD5FpVkAAAQDAEcwRQIgD\/C+dWI8FNoRd7swKXa4Z3HVOZE6Xo7KLlhYwlDQxUUCIQCORa5g5oY\/p0EanlV0l9hVbXFwuN3kDs7vi8zHYx0FHzANBgkqhkiG9w0BAQsFAAOCAQEAi6q+Yac3NG5zNVZmjOqlgVySNn4urWYHVdnWUcpSV1FJEbUvEiDf6tt46etJ35ZdH6y8l394Q7SRjdYbsn4fD\/+G1nXxjmE4R1M4s9O9PIX353I\/EynAH\/JMAEHRHDLvAMSqCPTBDGQoI\/MgZeEqkZ45e6CE1was5eBG\/IVEv5AISEuq9PMyxIRwHqPEyekxORc5LUg\/jZoUKL9sOGiDWpuM4l2CFZJFEqYf9Qquu5ANUnEjWiMeqiIu55kD1AtVpL5t6znkbU19ECEyuL9lJ\/R1BjOCUDSFpmWLJRHg1pEVTh3mx2+HxqVgJwUWZ8rKriBkPEnLAZJWN54WtrOPrQAEwjCCBL4wggOmoAMCAQICEAbY2QTVWENG9oovp1QifsQwDQYJKoZIhvcNAQELBQAwYTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xvYmFsIFJvb3QgQ0EwHhcNMjEwNDE0MDAwMDAwWhcNMzEwNDEzMjM1OTU5WjBPMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBEaWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFLs2VHcLzdT1jb7Jztw2blHzETVK1KZkYfLArsZAflLtzcuQog7d\/jxNCemql6HYKI5RFW2x6fWMJR5yw0DS7SkuFWy\/F5X7O7h8olA3uaUkFmEGBPVxNJ8Og3Z4Pf59NLZ0wiUabfDpkQ7VdRdCbifcfKYi4TG38jiCVTb8E0WACLhP\/4vqdYSSJ7lq2iiJsVvKB83+lRqNWw7TfiNrSCS2K1SZrsx2fW4z7149YSXkTxv3FCfViEA4CxgQH6+coyu7SOJ4cnxSt01KjWl97DZPnKzlOiVrx4F45JAymu+0lPpBW5zvJcGVdta3mnK6InIBO10D1A0yEwB5PqmfUCAwEAAaOCAYIwggF+MBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFLdrouqoqoSMeeq02g+YssWVdrn0MB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA4GA1UdDwEB\/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcnQwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA9BgNVHSAENjA0MAsGCWCGSAGG\/WwCATAHBgVngQwBATAIBgZngQwBAgEwCAYGZ4EMAQICMAgGBmeBDAECAzANBgkqhkiG9w0BAQsFAAOCAQEAgDLOXgvdbloNCq\/h1oTLwI76hXDt2l2zDPcrdUD+hQr68zF4t3BLGolYuoC982sd6X7PC7pYnFnUkNP9bP3QmG23cYJbz20LWgnQe97EQ9gqpN6eQSZfu4+Zy92u4ahvn4c="} +01572{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358992536,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1648373358992536,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","tls": {"version":"TLSv1.2","server_names":"stt.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, CN=stt.pluralsight.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C5:A3:DE:6D:71:B1:15:77:EC:86:38:E6:30:1C:F5:AC:18:9D:BE:82"}}} +00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359576448,"flow_dst_last_pkt_time":1648373359576448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359576448,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1648373359576448,"flow_dst_last_pkt_time":1648373359576448,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373359576448,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TutAAEAGHxbAqAGAaBOif780Abvdb02GAAAAAKAC+vDHywAAAgQFtAQCCArb1PDNAAAAAAEDAwc="} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1648373359576448,"flow_dst_last_pkt_time":1648373359597402,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648373359597402,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGdQloE6J\/wKgBgAG7vzSUVFy03W9Nh4AS\/\/\/FjwAAAgQFeAEBBAIBAwMK"} +01238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359597402,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1648373359600685,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItTu1AAEAGHSPAqAGAaBOif780Abvdb02HlFRctVAYAfYwgAAAFgMBAgABAAH8AwOIgQTFWwPXqiGWcEl1+ZXYiujgmOb6nQAZYCe\/QQpLyiA8RROCb85LShovAJOvtUQPlP7tKhROlf321DTdV6NmHgAgysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT2toAAAAAABgAFgAAE3d3dy5wbHVyYWxzaWdodC5jb20AFwAA\/wEAAQAACgAKAAgKCgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKQoKAAEAAB0AIEbEu4abSNoKA92bDrKiGkIvMOu6w9kvXP7U129h\/FVaAC0AAgEBACsABwaamgMEAwMAGwADAgACRGkABQADAmgyGhoAAQAAFQDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359597402,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359600685,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"www.pluralsight.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359621466,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373359621466,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXcUA5AADkGH1NoE6J\/wKgBgAG7vzSUVFy13W9PjFAQAEN7JQAAFgMDAHoCAAB2AwP2A+As2n18m0TB8jYY2sY624Si9JzWk3n9xO7CVTKi4CA8RROCb85LShovAJOvtUQPlP7tKhROlf321DTdV6NmHhMBAAAuADMAJAAdACAiOXjhETkQ4gsvJVg73916HOcBZsIAzfHY15rQ215hVQArAAIDBBQDAwABARcDAwfOcAF\/5E51Sf0bJ0BGworKSnQ8uQGhQ+8YRQ8HA7lFgceS0e147fyx2dg\/er0k9EfR4+8g7kA8C5yG0MP0ctVxAi31I1vbQcrFcTG5BRrW+J3BvZAupknRPpB2G0qIOGo3utPvQDdWA3bcXxkc4J9derN0WXMPIDrpeWBwY1IQGQFxfYiER5N1\/u\/Bs9hoxhUa7MKPB1DbN17Dw2+76X9BXfJYTGG2+oe3VURo9b\/CHvqAA7L0EvD4zjBOXSVAEsr4NA1JQ\/tIIVIUtX31vA+LsJzPj5N9gJADJMdt2FyOjyuDHB1F6xleVBsn2uzOA+DCR+u4sHyIKINsJaS\/Wk8Lyo0lA8DzJUTq9LW9zJG4XkGnPJ+lYmXGXbXvzOKn6Q5dO9hAHxG6iBQfQWa5dWCJ6SE7RrXJ+46aA5tjNsE4jdkFrcnChExyvsra\/bDhM7678iRq5nFqST5Au0r5M5ykliVYcCYa45fmWTJjouzh3OzCOLe\/8ddMbsw2A444sU5tduvnkgHpzIRFQwQdYCX6juY5GnGVZ66RFAiruFOq0XQWeRelvFObDZtsNyWqJUkJWSva+PqlQiRvaw976+dwVabEQ8MTycAR\/piLInqJxloBeVfLFvmEV51MdWe+s4tPmHRdwgrA2xUyGbVYNuDTpS6I+4tCd5UP5ktCw3WNNaS8jr6RHVVCawxM4haHVgPtrAO2l5HVKNZtiyL8KpJbQyXWChKWjNEvuvB4uNQbzaRs+lnSHeQNgHfGDVd9dRAwIMZ5tgVIHYwjuSYwIISaLjXDYSasOOVyIsSdR07+XHsofhuZ8VluEqfjaJitPdZ2vMbflj\/qyYnDZyKkv+tXyYThWOL\/Dq4H4QNyHD\/Ap1H0iRDfCgpwuxwWNfDfVn7S0ccy5LvwvLo++Fena1EE2Q1NobG4k3ch19wjk4BMgoYH0frT22KM4kfw+7+Wy+Ppjd5FHjezdnUHv2AHx9zTmN+Nwr+bFFsrbJwnRIlsRV05xxKtaAa4XHXawh3apLnxaUPXW3BLN7lF0CiwUUS6uzy6eyUIf37mQz1u\/zTbAXpjma696kPL2EiRqNLldlWSxDoXSEn\/DFMiGrYpAnexhYlRPUju7yKIRjDYW6sJNfpMyiCyzezIV8ROrKCYUeLsv+ENJ1j0+oBrom1tVBzoSsz6ApwgtYUTNomsCBx+77hYwkdTRswoBo9l+oZy2SgYDMTiUH1TALmuyj56miHHvAfIevP22nFB3piotWvfiOGeTw59T\/qShe9eHBSCK5s2TMkbYcH72BTOXawzSc2pSb0uN0orUwaruxzKBkOJnfLmzdUfNF8jA2TTKfaSxRVehOneQ081r6HjVlARpUaEU2SN8UahiKh8aL8aGIq9inh7cYvLqG2lI767yOrFCLo2umRGqSXA+\/J1utRkHtkqvIW43IiNicTMkQCrkCF37IUkoNFE4rIhv8uaxDJ4Aoaf2tkKsVtDkwAduS81ULSAiec\/tvz\/2uuGWgQo2fxcPHiNp+xEv0VcSqGV\/0jOGUSohk7ar5z7aULgUE\/K6F4Xls5KOhHVPZuY57NwwYmvY19AhBICcLc\/kr+XXMg2xtl9mvGC+MjoIpZbVLL2D2xpgPWQX4DfF5NtProg8W5JEi+MBDKl+\/O2N8hMZrQHnnlSi2VACm4mdXeCwRdwyDXz8VHhslqVyL6VAcDHcAoa5qazxz8ZuprG1OKZQ9Q8pyVkrO4J5dZeNCvGvI6O9rFvHIE48bjRJtkfkew="} +01252{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":40,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359621466,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359621466,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"www.pluralsight.com","tls": {"version":"TLSv1.3","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359646502,"flow_dst_last_pkt_time":1648373359646502,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359646502,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1648373359646502,"flow_dst_last_pkt_time":1648373359646502,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373359646502,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8yIlAAEAGdgjAqAGAaBHR8K7iAbvIMdGjAAAAAKAC+vD8DgAAAgQFtAQCCArhZSj9AAAAAAEDAwc="} +00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1648373359646502,"flow_dst_last_pkt_time":1648373359662167,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648373359662167,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGRZpoEdHwwKgBgAG7ruI30m4VyDHRpIAS\/\/+CtAAAAgQFeAEBBAIBAwMK"} +01237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359662167,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1648373359662306,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItyItAAEAGdBXAqAGAaBHR8K7iAbvIMdGkN9JuFlAYAfapQAAAFgMBAgABAAH8AwNnKyM21\/SbS3Q02cIKvbAgcmV67HQB0KXsoOxxl9v++yDRdtN3P07Qel84K9CWVDBxLwdJHbn9d9oomO2+9M0CRgAgenoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAAAD4APAAAOXpuNnF6cTZjYWF1Y3VkZXNyLXBsdXJhbHNpZ2h0LnNpdGVpbnRlcmNlcHQucXVhbHRyaWNzLmNvbQAXAAD\/AQABAAAKAAoACLq6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAgm5zCzvNJzsWd1VyD4DXwZiQmlSanX10JAobLY4rSfTUALQACAQEAKwAHBsrKAwQDAwAbAAMCAAJEaQAFAAMCaDJaWgABAAAVAJ4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01245{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359662167,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359662306,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359681609,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1648373359681609,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXciMBAADkGtzFoEdHwwKgBgAG7ruI30m4WyDHTqVAQAEMEpAAAFgMDAHoCAAB2AwPh3f4G6bvkpAQiBlVF27q7BUriTXi+L8W0hRbgEpZaoiDRdtN3P07Qel84K9CWVDBxLwdJHbn9d9oomO2+9M0CRhMBAAAuADMAJAAdACA1SyvSQZLLx5CIHv4HSvtmmCUXoZblQcltm9P7V5WpIAArAAIDBBQDAwABARcDAwwzmT+Htjc5hkKanw\/IShWHFSoHCihsxypO2X+bsSjpwMmM9sH5YD79mqbLGND5TLQzhnwEx6cw5hrszrANTqt\/hHmfTxGJHTmIg9d+PzYlznjyJf8kSYA45HzBeXkEMc6uPO4NwiMvO2n78Gu30CV+TWYgfT0b15WA5H9vY9Xu\/V8RFdxMbaKGFia36IyaX5O\/8ke0pBwdrJXOVuqOQhF8CeV8Fh6w3PUEfuYXD4+Ho33B12ArNvK3hYu7A\/s3k2BRfDaPzqCtp086iJx0y39Ho2dJBXgxQFyVWnmnsd20f5YDk4M\/xkmxuKOOOArMJPwKYBoPrXvq3\/JRU2QhZBOxUwgBpJglNvZBrqKKvpCkGjiHYTVStQx9RudFVvC3myuChgy\/1G0vy80sg6Ky+Y\/\/3kNqAM\/tANNu5mQx3WbYrvvfTmDGCU9AYGcppPTP09XJnodaV8\/CkiqTbPMuyCkYqvCI5WwnyGC8WZYpKt+2TazshOiXqO9SL1RHv6Dn8te02a+10maxCvSlAqJBWR1+x+r+ThqQTllwTjIE9ldAyhj8ENZbbjj+ocUdjDQ\/suSJ9GPBe7o5y5U0tgXCBLgkqjGoTeMbYy6LVJn1ShYjby7XjWr1QSKmsm3D5VZ91QCbp8LXn28LvZldZyecaHfl8wO7ipN+ECY2WQUeLyHyxoJRrxRDNi43\/BsYJnohonEepMLiaGMHeGTkbT+FozcpsymnssgPxEzVyGVodKDyDiMtOS2\/4gVH00s+CjiEOvU\/WA2WYO+W0GaBoObQCC8C+wgP8X+9\/Lly4MJ8uYHzwJZULnomHy4Zhu3eO8OaaOD8adiKrmX6nf6RRAu9XTBSP6Pea+PT8ApgiP6cHHICUjEIoh1EKF0UWXUO9dydWy8GNBhCnF52mzdJWkKFMi4\/fZktIi123bVOx\/8O85m8SxP9YAHKNNRoCN75\/KXIi7BsS\/yRQl3sqhWASSR7qZOvy+t0usBhHJ97tgy43o+oXVboG5ECaj0mauoYvu75AmhrEMI5qxh+LSqg+vNZHX32i43L5wOTf5bLMarYHZ2zd3Pg+FItI\/oos+WGxlPPYSigPsvRd0ylS\/YCDOt9L5JYmtpF33miRvOv++1Yk\/XWR5vMXeGReVxoq8ugQklfwnbSUSgD6wAX+kbj8AKGs5ZYuXyk7kqFG\/vMOTQPPCPk\/rCLij28VaGG3XQju7sjATGtsw5czsHJGiGwlP5tELr5hlojoMQrDMZr03CYMBu\/6EmnFBWmF1oJZfg4bGfWGEPfI7OoSqGHyoSay0AIlQVjj+d9f0FDqQ97cabxH0umDoaC\/FKH6X\/yc\/hrjIl4HmRt7VMpQyz2KdTzE8B4vzoujGXvtombEVZZCjytpnXTvHrVZua0Nx6vnYWN6U8hOPTiQzVv6YW6MflR92hbAH3p76MQVsREGfgb9bUAvIi+LGIt8MS39s03IWH5ITKktk1M0EDFu9rxI3fMzRA2+G+N4DZBBqlW0y+82xrp9wlYKMPmZCijkiUoYkreaDPjpGYTvkJAsDo1MY+vTQW3dm5sfsFKLG7cIjM6A3z4yo\/7FFTyhkQz7qkQuhIb45msYMVl46RKf8E4zW5YOVa5yF4IQYePRSUh+e\/LuyeYbl7fd6XURSxrpcv5Ie0Xz51vOk3KidEbdAfwA3A5yNwHZ+P2B22mjmaE\/kNxdDWA\/RSgensrsfzyAwjZrMsqHPSI5rKW2m9kOpusiMUcPgzvTzqRcYx8vb4upSN5jLk="} +01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359681609,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","tls": {"version":"TLSv1.3","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359681609,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358995982,"flow_dst_last_pkt_time":1648373359037654,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":4402,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359621466,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357890274,"flow_dst_last_pkt_time":1648373357906518,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5003,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357907751,"flow_dst_last_pkt_time":1648373357922416,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5003,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373356146750,"flow_dst_last_pkt_time":1648373356334094,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":5848,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00596{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":26716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1648373359681609} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 44/44 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 26716 bytes +~~ total detected protocols..: 6 +~~ total active/idle flows...: 6/6 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7745421 bytes +~~ total memory freed........: 7745421 bytes +~~ total allocations/frees...: 142533/142533 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 527 chars +~~ json string max len.......: 2533 chars +~~ json string avg len.......: 1529 chars diff --git a/test/results/disable_protocols/quic-mvfst-27.pcapng.out b/test/results/disable_protocols/quic-mvfst-27.pcapng.out new file mode 100644 index 000000000..de05058f9 --- /dev/null +++ b/test/results/disable_protocols/quic-mvfst-27.pcapng.out @@ -0,0 +1,25 @@ +00526{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +02250{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1240,"thread_ts_usec":41432902,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEAR6jcKAAIPRav6D4x1AbsE2OWQzPrOsAIIrbuyBEpv1K8AAES+140kYx8r1I1jytRmSbOd1I6+euAu\/WCog0hZ7CK2vbiQaDsUNhduZ4TaOU+YwMwzr4tFRPY4WVcwFZYxf3JpeyRLGb56IxYnrJ+wVEN3bI7bVdKHF8LObpsuaNgGvwptfsH+rDACd3BONx\/QShlSNEGgtojOTAb3IBxaMPoBBrqk2vcqdCneK9x+zToW6kQDTdEd1IieGWgR+hdSwpMJLkz6epIDIJvr2+7hnKY8vsay1GJiKAlvxUurjQpspuMDfgvdh0iM6M1FrTv7rKzGyRXK46jvoMQof1iOAPHATgwqM4ZuYMuNvt\/y0p1tz148IXIa\/fLbIf\/jtx8RB3egC2zhGA2mbRbaurTTw48eZ\/8+UmFX\/pGgD39VTuQ0iy3fwQ4KqkHSAZwYDfMrqtGQuy3zdVoOJcB1EfGcQ\/j15ErCmDlRT7vkVVWnNzp5ac2qQ30IkEy79yMP2uQl+qcNCK7LBv3ES0ZAYMoMzeMHxcHojmxmY7m9pU8\/6TN1mmhBOL55YskIGgF5b9dubHYOHRFbIoVzLmlUMAC3n\/J8icXYhMzF+2LMmkFk5V6Ftpg6RFwazyDsV1VvAG0px\/ZReUsDZc2BpKOvPXUMcmmbi7J+4xk79GjDWU7qn9No\/9OgaUBSqlTMXjLKVw1AQS9DQbbP6Ljm2tjkBmxsNgiaX3ZHZdlEZ39g+pfa+C3d0\/Me91SnnyzofgyFHFf\/FZrz8kZlG+cPy3y6jToJU9oYVkDn4scTl9+EJRhVW2fiSh2BpNrkr1jxBS6nl0AbZVVuTjZo1emeItVe2pTwk9uLFdXZ\/CsWVBwjAwBQ8vxgzBGFWe9Cz3WpWkEzkAzQeOKzfLIFJb1PdMquNCwMajA4Jx\/Cl8vTf2306+VAoELddtYLnop0Ayp+TxS0Rn4I5pIhgtvtCnBaEOMmPLVrk2Tj6N4i6o4MT6NN2UsGMhl2jrLGVEchP8VeBBOrUPQTIvY+Xm1UQd6ud\/GSXz1lmW9JWN\/jvl2VrC\/dEdNNNDsuFT5DVQqiDS81yxHlMqpnUJtGOqdXBxl\/ipvbbIFVJMAxqaqhOIq9lLXVi0WRSrle2jY8C6byBzVmaXR9ob+Wj5JgOJ4dl6+zmTJfROyutrX06SLZW3iXBCGlGsJZa3VoAGsKr8R2PPaQW1IM5QBB1\/g3l2+\/8cMTpVbSj+AToLePRXNLpaht6\/i0lf5tmm5WeIZEw\/kp8XgE1IVG1OwCHdXi3LW8Ju6ZT6+NSDZYRl5iCIMOLeH+Uqa7zxr6BPSdijI5fZHwJ7CyzIIsLtNldUOOeWaUdszlpTm5UglrnEBk\/8+KIWEVomulKHSD78LbyMa2ZwRhHyUIoQUx3u628eG5WvmgiPmoWBpQq0SAcNJkibSZlfyukZBXk6ytoD7RL+6u7B+gDbgoIKW3EI2Vygx0786PDvzKNz\/jICcqh071958oOMWvZwK4wNNnPl+hmatacx8NLqlbU4\/qy23i+aLaPb\/wBxpmPXyakND4mOvFt3dmh\/yOVbINbAdZZ958R4K\/VXTGhgBSkxwXbKGKq+I\/xQwGAiri3PaDQBO6NYoKc0jqzc3rTGw44eUPJeiqQ8qEhbvrsfPi3A+VS5FRGlwZaAkkAdoB2gRkAwEAAAAAAAAAAAAAABYAAQACACEB2gAAAAAAAAAAAAAAAAAAAAANY6kd"} +01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","quic": {"tls": {"version":"TLSv1.3","ja3":"61d8a93ff379660087082a82411f19a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}}} +02276{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464206,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464206,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHoAAEARKapFq\/oPCgACDwG7jHUE7DGTx\/rOsAIACGUZSqSBwJ2mAETSQ4uzcebnNMDWiCLwgEqse1zwFbQeUwCYbirASYBY9Wqb\/AVucNo+1QzVbJaW9TpMoqvmNgwqhyeKJHn4nzURskXOXtyoQu1UCn4VWBURvJjr0Pri5khEPw4xAwDV7X2Rmmpwaw6btUsOaonrqKF\/SrLeyArFzwB+JFVws5mjdog13nZj3AyrnfXROIcoKcafi5iIMUPL8fCRhq9X7vo879HkMFFe\/UL0Z6KfMxRHk\/gm5EOke7DkOtpvDqjM8A17vn\/YA\/LmKAMC318G22YHyWoexSGb3BcRVBGh\/JnZslVfKZDHgCPKBJ6TZoECS2S1Lkq5nHD0FrjB28JkpPGddocsvTJ4gXR11CtFRogKRhcL6ToomCWSsXQm4N4h+xa8EUgP+Qp0EvdNEgFlkK7QzIbTOeUkbO0qojWV6pfET3Iov+\/apIMX2oqertd1yP5huAQbmPBJDrUV5aSXJ2n4942yy8nej3YOzA3244Ppj3KJ1FI9fYQWy94tzkcAq0MyyNAtAzVQrMQHV9+ftrN2eaUEuTAr5G712uv1AnCx12zkzS\/bPkH5HakesCqHiBdPHaH4mxGfceFuvWrXvk9k8noKiLgriTnvQwp\/saWNDkm8kvfm9PpqQm+XgxMCJ0tq2pG80BHbTgRQV8MdZ11XnvblfPEVlDFLqayo6KQYDuE9pUfQ+9AqEaxGVZRMSVRaIpJDPVqd0UHWM8ATc92GN71YPW\/frstXWA7sGYASVobLo1b3c8kYQSBM7dcU\/iqAkl+FksHEaC1aLZjGfaRKtnrpTDuyyUXcztv9cqa5wo9RQzervEK0UxM3gVjtBBX1mCaBfaZIZdXvbDZThkMu9RGphMLYrx9SqWAcKRkM9YhQ4qnUOJEDTD2qoX8miGa+JoKbQ6qKnL2RRJM\/0dLcmr8S6LVgNf3TuED+N3hbsZ9OBQ7xHjHnYpm\/+OxE3iCQ7O\/MjCEYbY876HUh2UXvGhRXGh19ilKbwQQLH+dz5uix38Q4qECRqV09vmTz3Swbe+BtJ26CqtxI2DYiDUkT56hG4GnrWss\/5mqds3b7uwxVTv8iRTcgWALX6YR8I8LcEwnW6P35r6yzQ8NmLvjaaqZkC\/6YKBBhBFJ4gpdUENYZBLszMz\/0jCicUWKWyfwMDGVvAlcFM7uVWLy8jO0qLX37EScSwg3DeIeQr72\/VcJHLle0Tm+dHFDyuGwxcML\/AaZe6mgicoiyETeB09Smyq9Y78I5wTornR4T1K0JN64JfYcnJe1\/YmYcW1VlHkcIRW6sSa0q5r9kPM+iCHOL7wY9T6OnVogbkFJzee5fZ+Oq9S8PvlK+4jsPkUzDv6d3+PRuP5JWYWDpXd8Qhym58OswJSKelR1rmXKN2C\/uxVLv3kgZxbiHXFdSArCkFj5BWP4WtRYPeuQ5VALz9l8XUPpyq\/09yKtHs\/TW2KvPCNoNxInVtL\/9V7UyFB2cFMukn2UUKBEJJUOWG0p+3sALv+tMcZpDx9cDnCtfccjlF6qNg6Io5OabNDbmM3UDOyuHva8jvqAsKtELxYaeOp5rbZaQ+wK7lDWDooe0BUvE8YL9NWtHK\/I2zrwe4HzXFx1p5ULH4KoSajttOnTnVRnoaPTH5vR+8nV092hE6ZD\/6m9zExloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAACg8yWg="} +02276{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464217,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464217,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHsAAEARKalFq\/oPCgACDwG7jHUE7Icwx\/rOsAIACGUZSqSBwJ2mAETStSk6pRwdyId1aH4WX4pVsk+hVtbLW4hKoqKIUKSo9tdUjjTVL5Yto7M3DICwaAoLYXCD+5dqw0TmZSrfqNiW2qJkNrsg0k\/kAdqV7j6+J9emg0iopVNY8z94Dkdknf05ci\/NoDXo7jX0aTp1J6GxxB8erH\/0SWZ+DyrbIMZ0xZ5SuS1DqMnN61NBKxN4\/jPv9ciPfLFFXyU0okn\/oJgJdQ4WrwMnOPK0yukS3dDQKMu5v+5h3OqBwQW1oLHmZA6rMWwlnpuiFU739YXcxuHETmzC2NOSBa0FZ1xSGByNv0mIS\/veQS6ztyCKi6cmIt52Goz5V26xn8ITbWRMKyzCQ9ygzGjFLSLB+V+ogEf08ganfO6W0dHJdPTEHqx274QToI6nzYBz8eQeCAoVd4nrh3slWslWTkHeQVW8sENY6mHlCHceqCHC8YwsKeoSN\/4JG6l1w4zyPArMZGkKB7jSxPuUQCGzOht7pw5Gk5Gp83Di44gZYUIyNVymDB16sT39aoraDeo5r5qBdNZ91SsMzaUcukPc+uOFPSAz0EuZbTe9n8OtdEkkzeGl9cG18rBcD7tfjxG18gi\/aTc\/Qsb2KdP82bZ\/OipJydJdUpM++DNflKBUq6VmZNq\/mEwBZaf36uML1LJOAoceV1rx2cgE7b5Wa2y583PSIvc0y8yCVCHd7UpFmIJOJrYMAiOgNdkL9i8G7a60vJ0BffKaiILbh52Cd\/gZSExquDEnfPS9pscJ3chfy\/\/FZGZ2CQbE65G5r2LgRj1a0KrZ\/O4ML+0k9MQaf9He5c\/jILvUKyvJwLUWG3lSoXOphrxABdatvx5PAii2lwtYhrYvxbQdkmGsIRtsvgWyth\/48R3yefn+bIHFq+Ln\/mQ4+8W6h+y9VYGjLy+j1gNFUujglm08r+aneixuCDo8NVE+WAW9F9bx6GkTQPaTP2\/obE0Ej5h95N8FRRXbNl8Q32+hc1BcPW7PYZhe4s7f99gVOs1PvusSkQjfl9x1h6vbtCoGsaxvv+KkMXJr040is81X8KUUNFqu8hZlZbEQdDUlK04iWVHyjfijDT4J15Tv7e9ZlWiE8P4TthJEkS\/V\/B6UFWx7NxNha5AI5q7ShAs7c3HMWi7ShahE0cUHWo1N0zwF8\/WnAGHEQUC8y4BhBQ7EaKwJ5nulzruzqp+D0MI00rZhOKTfBp6FWu0gmkwjBtMV14lN3KiO+Fugvl0PPD7usXWaKzR2dw4JslfP5IRxZB5PlrUhggAF+4XvJxhjRYhltzgO0VmcidYbokhyBxc5p8EN7Brdd5jbC5KWU5ziyf1Xh75DhXXM9GVyTUDxQyOG\/19oznEsnm6HNfViWsEBqqhaXc1PD0G1Ath517JUA\/pAp9aK6ha0kEfZOISLrdAh\/wfyRh1qF0vTiaYWT3z2kewwb2CKR6DkEQkLWuW6ksgBnomifnuXO\/A4qhCgYZUw8feNCqTOFonKJtx2NUnViJDtqHr07cnNA2vZFiN+8SsLW130LG60Uj0wsHpIPMQDNy88BvEV2fH8Yk1GkJTndWveloeKe4e8X8FUWonC0LnETHyEJoR6mY698HICIqyNVbCWwwIZl3RhkLsYcNRGWOHE1xH8nz2KWwIwVPQWegjsOIMvejTuWRloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAB\/S7Lg="} +02278{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464239,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHwAAEARKahFq\/oPCgACDwG7jHUE7Pun4vrOsAIACGUZSqSBwJ2mRNPUKyAFTiIR2D9LmWONp\/pKu58K8xL2QH3MMLvlIm5wZVpJfJuwyJ\/1M3tSAzTO7kjPI3eHBb9IFzJ5EM102smu6+dh1QdA\/XWl13B5U7mJXfZdgiMmoH6TMFeO9l59NUWVB3FrB1D+83n8F9jw5BVmkY2OPbmS9uXhO3oLJjNvzhgiz9LiL0Peg4iBHPZ3bnefg84NyqMA6bGiBHjw8O\/pggXBHbm0y039at\/mEzBf62LN0g+jv6L2c7tRnEpUns4cJX54tQ1bXJ5Hhxh3rT54lw4rrebaQCbwFhibEvqZWGljIGdjbOpa6liHVVmRN2tu\/GBhyOGb0StB\/jpkBjcqcM94pTjas7+bYnRrk8ZSgYviOw8nDLpc2na4yCaDVIVl\/pzppcM74NTbQKve3Nar7W9KbDiDSaMAENX7mwhYQ18bwd3uHY8CUMOGjo\/8euzZjkZ0fqCDRE3vdm4KLl5+4\/UkQuBZWoFk\/P2Heh0\/lgddV3IePrdA6fNLSr8BKSgLGA1ZasEncG2JczdCSpW32pij29+anl+pMYgG1xzrztWUD1ETcf6lrUI11Nrj+82\/V73yznpeq7b9VscUvGV9OZECREHrcvb+pZDpYZL6JhF9swDp8CcOJJW+kip95Ov52baFifgdWzSPIduRrqIdERwwU6uq\/xmextGbx1KqKtby8DZc51UT3zzVMYep8bkl6y02VlktPuEK9u+QMd79lD6CIjW6qp5UxTZUtg8jrVUa2qNaqIekUrye4Bzl97pIPdBT4PssDCFsKgu31Bpm8CKL+2xWNmPLUcDOBBgIHzzDBuznQ7cBUCzjZlif+hxsEmJy3g5g3\/xJNTjxK+car7ACp7B+H1R5WQpkSDWn\/gKlYeGIPW5T8mOqp4WAHeTZest5awJfealSj\/CfwMs\/1Df7bfDUHTG14VDKd\/hRegDw1cfzcn3rS+uwWfXIm+mNshIKscMmPDsExmAokd+CvN0JuzdGOibtj3vbwDU4vsLbdbgOXENLxvYoEKqOPmpluuCqkWSQX\/UTadmXu44AWmWGdRQUpe32qb\/M0fPPEznTo\/4YrREjJ5jLnXRjbVI3HR4NPEZW1W\/9+X5lPYycQDN0lnl1dTk4utJeAg2p\/gP3JOV+wA1ygYJ5wU1GjgsOdz+EiDWtAQ93xX+7PqU0RTfcJAMwYHLO8gHD8UmTyvey2jiJJMc\/NrEBM1a76byOqZW2ZpMIDjRCtGhGFGhw4tu7OsejTzxA6T4fkSVAM0RcHzuFFeX1yZp3G8u6suFgzreLYuvmcBrNhHUTfsEKl4+aUnvPAuGzXCYIejrOiP9DSMGN8i\/AdhOoP+4i52mM3bH5MLyVmx9EYwfM0+yRTPLIifi4gzjoQl39CwhJ5abQwEmy5yGBYVxIliLKOrnnK4U00GmZhnCirgfPFCTOe\/qKCIPE7b86iKQ6zDr+wGAH8x1\/Vr6JDpHoyfytADR6TA1MJzboAI\/u+WxBW60Mr8wra7Ky8MTEMtqEAV4MNy3QwSj+5Boi9v6UaR+XFmEdKxTqXYP3bAo1k89toaHV8RAROwWdWZYQWji2vw49SgOlspTK5LeZbdfL6JCEHPDOXosDytI1rgaUPivx6K5pOY3FnYb2NgiqwzaVvc4sqLOH\/hloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAImdn5Q="} +02280{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464304,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464304,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAH0AAEARKadFq\/oPCgACDwG7jHUE7NYs4\/rOsAIACGUZSqSBwJ2mRNOp9fQvn1f7lG72Bw+E6NBO8LR8mD6RkYoGJj7YIoOLkr2BWwfK0spPYy+zYGWX+a+c9rHGaE\/8AFsGVmGd26vTDA2yukmOJUfOmTtJz95HrnPFSG+\/TXHqQjk5klIE16FLBeiNi6m\/ct8wPGJ9RUbZqJaLVts+GZFzeMSRX+eYZERYnLYtPQPOywMGAZR5dzRsdw3jDQYkcN53aPm0lceepojo42lKerw8v6LOu22kD+71z4QDa4KbQzfUDp3LH6BpZQ6IsP9xHtu8kvC1sMujkXVqWo4PwU1vr8utquEF9g6Edj1O8CnayP2acmvLS9hrhF7CGL\/\/\/DnocizH0vNxW1ov+oyWwjbcB4cKqjTFeavm8o80oXs5etE\/0w5eFp+lmQaKzY0Y3yFmQ4u8brDlmcVIExhEgggZeFVC9lL9oOJw+T9YQyahiK65vbSi1+dot2yavrzsTWJiTor0nyNgEiCiviGKK3Ugt6GYCifHXPC+ko\/\/b1QvveO8QmYiv8AP2V\/SWNC14hUcS+VAN8JRlCbBPMNZf5CGc1GwEg+7a4289LEunmnUX2jPN9vYfHH58+XntmHmuXoNXd+GAXGmBpL3pm9he0pLxavwsdTVC6qK8sKWNygxAdWjfNWfqF5l0iTI6JYa4\/y33xaYPcLxg2NKR5k5UeV+DbMoZh5oLZlH+HG0w8grzsBY0UqgdK4AyP+poGSbQAEMRSIkOomtrtelNM\/CJ7PizVrNKpGbp+EpEXMTlKKu9mAH5wfJW5yjomiaaWvGIaq7gLWY9llWYvKDLPe+Ot\/Zlo70lUm2Wen8purBfU4\/v6CMzqcAGFEkRA8xMmhdxqR55Nj0wKZs+RQeJinGAS0a8g3PGJbOybsinObB6I0QXHDA\/BCZjPyuqT029QJULHNw4IqshshnGFg3nbzChRrWQc0AiB5OcsWclYM82EXN8ST8RvLF1WKcSxiSUqZRBPt4kZeVgU6dUletzdTTtDjmZcMX6Dpoo8d0S1zQL01nH0uioe7eYaw9k\/Piatckxd0yCv9fyOSwNFhCKxpC1GXBWqlnzr5Xkx8pHwnfnGUKyYsQ42dNNkbszwP1I6YjcrEdp4kQ3sTLrEmlVAvA4aTA0MKDmYMzxz3zBJIZV6dv1qjp7tD0dSAly35BlkwSJjGxKF9J5GgFKfSnvAs\/OiBf9hVa+A6yxuM4HtZTS\/zRldyW57HwUxn5Qy4K6cscwe\/7EfDGt+KoQI83PH5+fargDPhSWZK8UtA+jWy2oF5ALL8zgGosqXNMsOm5dKcPAdecM\/pz1MIewkul7sxt\/JgvAFL67lq7QvvnpQzr8lJgqwZzwBrBvGj9NKkaDXeHsynidTbkbLez1tjvdUEDeISKE7lW\/ojOz\/Lqe\/T7KSL5gyQyjF97d9xNrPNTeh\/HfJdKZ\/zWpQOiu67yweKqxgA9dorbSGAD+RdOGT7rQYJQusp\/jzG9SNrMyUzV7HK3K\/pEUqwZWMz+QAHUA3RloM07jN1F3nkICmQ4z3jHqqH2nY3JfZ5N0+1Qbuerb\/7N+BqOS9LICONl+GduIvQlJ6k18z\/aBuv25LlGUp9XFoS9b0Hk1oEaH7ReOgL6Cc+6IEzZSF3euyrFMEVMA\/mrlSkSX25Uc7jz7gii7RloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAPxWaP0="} +01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":13,"flow_first_seen":41432902,"flow_src_last_pkt_time":50364890,"flow_dst_last_pkt_time":50392661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":2538,"flow_dst_tot_l4_payload_len":6981,"midstream":0,"thread_ts_usec":50392661,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +00590{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":50392661} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 20/20 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 9519 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7687410 bytes +~~ total memory freed........: 7687410 bytes +~~ total allocations/frees...: 142419/142419 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 531 chars +~~ json string max len.......: 2285 chars +~~ json string avg len.......: 1403 chars diff --git a/test/results/disable_protocols/soap.pcap.out b/test/results/disable_protocols/soap.pcap.out new file mode 100644 index 000000000..0988a7589 --- /dev/null +++ b/test/results/disable_protocols/soap.pcap.out @@ -0,0 +1,39 @@ +00515{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00577{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946731321416000} +00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321416000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946731321416000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321416000,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731321416000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Js1AAH8GJUPAqAJkFwLVpcO0AFABqrpoAAAAAIAC+vBEVAAAAgQFtAEDAwgBAQQC"} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321441000,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731321441000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADwGjxAXAtWlwKgCZABQw7Tpz83XAaq6aYAS+vCMpAAAAgQFrAEBBAIBAwMH"} +02471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":946731323902000,"flow_dst_last_pkt_time":946731321441000,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946731323902000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtJAAH8GH57AqAJkFwLVpcO0AFABqsQz6c\/N2FAYAQQJEwAAOAAwADAAMAAtADAAMAA4ADAANQBmADkAYgAzADQAZgBiAH0AXwBWAEkARAAmAGEAbQBwADsAMAAwADAAMQAwADAANQA3AF8AUABJAEQAJgBhAG0AcAA7ADAAMAAyADMAPAAvAGgAdwBpAGQAPgA8AGgAdwBpAGQAPgBEAE8ASQBEADoAQgBUAEgARQBOAFUATQBcAHsAMAAwADAAMAAxADgAMAAxAC0AMAAwADAAMAAtADEAMAAwADAALQA4ADAAMAAwAC0AMAAwADgAMAA1AGYAOQBiADMANABmAGIAfQBfAFYASQBEACYAYQBtAHAAOwAwADAAMAAxADAAMAA1ADcAXwBQAEkARAAmAGEAbQBwADsAMAAwADIAMwA8AC8AaAB3AGkAZAA+ADwAaAB3AGkAZAA+AEQATwBJAEQAOgBCAFQASABFAE4AVQBNAFwAewAwADAAMAAwADEAMQAwAGIALQAwADAAMAAwAC0AMQAwADAAMAAtADgAMAAwADAALQAwADAAOAAwADUAZgA5AGIAMwA0AGYAYgB9AF8ATABPAEMAQQBMAE0ARgBHACYAYQBtAHAAOwAwADAAMAAyADwALwBoAHcAaQBkAD4APABoAHcAaQBkAD4ARABPAEkARAA6AEIAVABIAEUATgBVAE0AXAB7ADAAMAAwADAAMQAxADAAMQAtADAAMAAwADAALQAxADAAMAAwAC0AOAAwADAAMAAtADAAMAA4ADAANQBmADkAYgAzADQAZgBiAH0AXwBMAE8AQwBBAEwATQBGAEcAJgBhAG0AcAA7ADAAMAAwADIAPAAvAGgAdwBpAGQAPgA8AGgAdwBpAGQAPgBEAE8ASQBEADoAQgBUAEgARQBOAFUATQBcAHsAMAAwADAAMAAxADEAMABjAC0AMAAwADAAMAAtADEAMAAwADAALQA4ADAAMAAwAC0AMAAwADgAMAA1AGYAOQBiADMANABmAGIAfQBfAEwATwBDAEEATABNAEYARwAmAGEAbQBwADsAMAAwADAAMgA8AC8AaAB3AGkAZAA+ADwAaAB3AGkAZAA+AEQATwBJAEQAOgBCAFQASABFAE4AVQBNAFwAewAwADAAMAAwADEAMQAwAGUALQAwADAAMAAwAC0AMQAwADAAMAAtADgAMAAwADAALQAwADAAOAAwADUAZgA5AGIAMwA0AGYAYgB9AF8ATABPAEMAQQBMAE0ARgBHACYAYQBtAHAAOwAwADAAMAAyADwALwBoAHcAaQBkAD4APABoAHcAaQBkAD4ARABPAEkARAA6AEIAVABIAEUATgBVAE0AXAB7ADAAMAAwADAAMQAxADEAZQAtADAAMAAwADAALQAxADAAMAAwAC0AOAAwADAAMAAtADAAMAA4ADAANQBmADkAYgAzADQAZgBiAH0AXwBMAE8AQwBBAEwATQBGAEcAJgBhAG0AcAA7ADAAMAAwADIAPAAvAGgAdwBpAGQAPgA8AGgAdwBpAGQAPgBEAE8ASQBEADoAQgBUAEgARQBOAFUATQBcAHsAMAAwADAAMAAxADgAMAAxAC0AMAAwADAAMAAtADEAMAAwADAALQA4ADAAMAAwAC0AMAAwADgAMAA1AGYAOQBiADMANABmAGIAfQBfAEwATwBDAEEATABNAEYARwAmAGEAbQBwADsAMAAwADAAMgA8AC8AaAB3AGkAZAA+ADwALwBoAHcAaQBkAHMAPgA8AC8AZwBkAG0AZABoAHcAaQBkAD4APAAvAEgAVwBJAEQAUgBlAHEAdQBlAHMAdABzAD4APAAvAEQAZQB2AGkAYwBlAE0AZQB0AGEAZABhAHQAYQBCAGEAdABjAGgAUgBlAHEAdQBlAHMAdAA+ADwALwBzADoAQgBvAGQAeQA+ADwALwBzADoARQBuAHYAZQBsAG8AcABlAD4A"} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":946731323902000,"flow_dst_last_pkt_time":946731323927000,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731323927000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0aS1AADwGJeMXAtWlwKgCZABQw7Tpz83YAaq6aYAQAfb+6gAAAQEFCgGqxDMBqsnf"} +02474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731323927000,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946731326059000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtNAAH8GH53AqAJkFwLVpcO0AFABqrpp6c\/N2FAQAQTI+AAAUE9TVCAvZndsaW5rLz9MaW5rSUQ9MjUyNjY5JmNsY2lkPTB4NDA5IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQveG1sOyBjaGFyc2V0PSJVVEYtMTZMRSINClVzZXItQWdlbnQ6IE1JQ1JPU09GVF9ERVZJQ0VfTUVUQURBVEFfUkVUUklFVkFMX0NMSUVOVA0KU09BUEFjdGlvbjogImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd2luZG93c21ldGFkYXRhL3NlcnZpY2VzLzIwMDcvMDkvMTgvZG1zL0RldmljZU1ldGFkYXRhU2VydmljZS9HZXREZXZpY2VNZXRhZGF0YSINCkNvbnRlbnQtTGVuZ3RoOiAzNjEyDQpIb3N0OiBnby5taWNyb3NvZnQuY29tDQoNCv\/+PAA\/AHgAbQBsACAAdgBlAHIAcwBpAG8AbgA9ACIAMQAuADAAIgAgAGUAbgBjAG8AZABpAG4AZwA9ACIAVQBUAEYALQAxADYAIgA\/AD4APABzADoARQBuAHYAZQBsAG8AcABlACAAeABtAGwAbgBzADoAcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AeABtAGwAcwBvAGEAcAAuAG8AcgBnAC8AcwBvAGEAcAAvAGUAbgB2AGUAbABvAHAAZQAvACIAPgA8AHMAOgBIAGUAYQBkAGUAcgA+ADwAaAA6AGMAZAAgAHgAbQBsAG4AcwA6AGgAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwB3AGkAbgBkAG8AdwBzAG0AZQB0AGEAZABhAHQAYQAvAHMAZQByAHYAaQBjAGUAcwAvADIAMAAwADcALwAwADkALwAxADgALwBkAG0AcwAiAD4APABoADoAYwB2AD4AMQAwAC4AMAAuADEAOQAwADQAMwA8AC8AaAA6AGMAdgA+ADwAaAA6AGMAYwA+AEQARQBVADwALwBoADoAYwBjAD4APAAvAGgAOgBjAGQAPgA8AC8AcwA6AEgAZQBhAGQAZQByAD4APABzADoAQgBvAGQAeQA+ADwARABlAHYAaQBjAGUATQBlAHQAYQBkAGEAdABhAEIAYQB0AGMAaABSAGUAcQB1AGUAcwB0ACAAeABtAGwAbgBzAD0AIgBoAHQAdABwADoALwAvAHMAYwBoAGUAbQBhAHMALgBtAGkAYwByAG8AcwBvAGYAdAAuAGMAbwBtAC8AdwBpAG4AZABvAHcAcwBtAGUAdABhAGQAYQB0AGEALwBzAGUAcgB2AGkAYwBlAHMALwAyADAAMAA3AC8AMAA5AC8AMQA4AC8AZABtAHMAIgA+ADwATABvAGMATABpAHMAdAA+ADwAbABvAGMAPgBNAHUAbAB0AGkATABvAGMAPAAvAGwAbwBjAD4APABsAG8AYwA+AGQAZQAtAEQARQA8AC8AbABvAGMAPgA8AGwAbwBjAD4AZABlADwALwBsAG8AYwA+ADwALwBMAG8AYwBMAGkAcwB0AD4APABNAEkARABSAGUAcQB1AGUAcwB0AHMAPgA8AGcAZABtAGQAbQBpAGQAPgA8AHIAaQBkAD4ANwA8AC8AcgBpAGQAPgA8AG0AaQBkAD4AQQBGAEYANABCAEQAMgAxAC0ARgBGADIANgAtADUAMQBGADYALQA4ADMANgA1AC0AMQA3ADgAOAA1AEYAMwA4ADYAQwA3AEQAPAAvAG0AaQBkAD4APAAvAGcAZABtAGQAbQBpAGQAPgA8AC8ATQBJAEQAUgBlAHEAdQBlAHMAdABzAD4APABIAFcASQBEAFIAZQBxAHUAZQBzAHQA"} +00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +02474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946731326059000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtNAAH8GH53AqAJkFwLVpcO0EFABqrpp6c\/N2FAQAQTI+AAAUE9TVCAvZndsaW5rLz9MaW5rSUQ9MjUyNjY5JmNsY2lkPTB4NDA5IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQveG1sOyBjaGFyc2V0PSJVVEYtMTZMRSINClVzZXItQWdlbnQ6IE1JQ1JPU09GVF9ERVZJQ0VfTUVUQURBVEFfUkVUUklFVkFMX0NMSUVOVA0KU09BUEFjdGlvbjogImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd2luZG93c21ldGFkYXRhL3NlcnZpY2VzLzIwMDcvMDkvMTgvZG1zL0RldmljZU1ldGFkYXRhU2VydmljZS9HZXREZXZpY2VNZXRhZGF0YSINCkNvbnRlbnQtTGVuZ3RoOiAzNjEyDQpIb3N0OiBnby5taWNyb3NvZnQuY29tDQoNCv\/+PAA\/AHgAbQBsACAAdgBlAHIAcwBpAG8AbgA9ACIAMQAuADAAIgAgAGUAbgBjAG8AZABpAG4AZwA9ACIAVQBUAEYALQAxADYAIgA\/AD4APABzADoARQBuAHYAZQBsAG8AcABlACAAeABtAGwAbgBzADoAcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AeABtAGwAcwBvAGEAcAAuAG8AcgBnAC8AcwBvAGEAcAAvAGUAbgB2AGUAbABvAHAAZQAvACIAPgA8AHMAOgBIAGUAYQBkAGUAcgA+ADwAaAA6AGMAZAAgAHgAbQBsAG4AcwA6AGgAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwB3AGkAbgBkAG8AdwBzAG0AZQB0AGEAZABhAHQAYQAvAHMAZQByAHYAaQBjAGUAcwAvADIAMAAwADcALwAwADkALwAxADgALwBkAG0AcwAiAD4APABoADoAYwB2AD4AMQAwAC4AMAAuADEAOQAwADQAMwA8AC8AaAA6AGMAdgA+ADwAaAA6AGMAYwA+AEQARQBVADwALwBoADoAYwBjAD4APAAvAGgAOgBjAGQAPgA8AC8AcwA6AEgAZQBhAGQAZQByAD4APABzADoAQgBvAGQAeQA+ADwARABlAHYAaQBjAGUATQBlAHQAYQBkAGEAdABhAEIAYQB0AGMAaABSAGUAcQB1AGUAcwB0ACAAeABtAGwAbgBzAD0AIgBoAHQAdABwADoALwAvAHMAYwBoAGUAbQBhAHMALgBtAGkAYwByAG8AcwBvAGYAdAAuAGMAbwBtAC8AdwBpAG4AZABvAHcAcwBtAGUAdABhAGQAYQB0AGEALwBzAGUAcgB2AGkAYwBlAHMALwAyADAAMAA3AC8AMAA5AC8AMQA4AC8AZABtAHMAIgA+ADwATABvAGMATABpAHMAdAA+ADwAbABvAGMAPgBNAHUAbAB0AGkATABvAGMAPAAvAGwAbwBjAD4APABsAG8AYwA+AGQAZQAtAEQARQA8AC8AbABvAGMAPgA8AGwAbwBjAD4AZABlADwALwBsAG8AYwA+ADwALwBMAG8AYwBMAGkAcwB0AD4APABNAEkARABSAGUAcQB1AGUAcwB0AHMAPgA8AGcAZABtAGQAbQBpAGQAPgA8AHIAaQBkAD4ANwA8AC8AcgBpAGQAPgA8AG0AaQBkAD4AQQBGAEYANABCAEQAMgAxAC0ARgBGADIANgAtADUAMQBGADYALQA4ADMANgA1AC0AMQA3ADgAOAA1AEYAMwA4ADYAQwA3AEQAPAAvAG0AaQBkAD4APAAvAGcAZABtAGQAbQBpAGQAPgA8AC8ATQBJAEQAUgBlAHEAdQBlAHMAdABzAD4APABIAFcASQBEAFIAZQBxAHUAZQBzAHQA"} +01404{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"go.microsoft.com","http": {"url":"go.microsoft.com\/fwlink\/?LinkID=252669&clcid=0x409","code":0,"content_type":"","user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","request_content_type":"text\/xml"}}} +00585{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1639054092487860} +00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054092487860,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1639054092487860,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAANKG0QADxBqbEuSDAHlWacnEAUNrcPMefU5W6cMWAEjhAOLcAAAIEBbQBAwMABAIAAA=="} +02184{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092538042,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1285,"pkt_l4_len":1247,"thread_ts_usec":1639054092538042,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAE88IlQAB\/BvOUVZpycbkgwB7a3ABQlbpwxTzHn1RQGAIF1wgAADw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+DQo8Wk1lc3NhZ2UgdGFyZ2V0PSJaQkJQLjEuUmVzb2x2ZUtJRCIgbWlub3I9IjM1IiBwYXJhbWhlYWRlcmxlbmd0aD0iMTE0IiBzaWduYXR1cmU9IkxXa1YzenFpNWFtVUUxUlVvTmtRT3cwdVhZNHczc0dXQncyMkdxYnRqZkFyS0VjanVjS2Z6ZUcydkNybjluZUIzNXlzc2xFZytJcUlDZkRHdk9qRkxJcDlBcHB2ZXJZNTBNS09WZHM4L1BGU2dwRG5oNE91UTg3Q3pKRXZUUkJZMldGakpOaS85NmY1ZktmSklqczQ5bElzcFpyZVRGWVNxYWZ4VDRPNCszbnd2MFpQYUtJNzI4akE3RWNUTUxwelZtc0RJaTBJU2srR21nOW85d3V0UXg2NEprdjdGdlFkQU1nYlVnWDhVaU1MTnRHQWVqSHBLTG1rdWo3TSsxSTNib0IraVg3MTAxaytIZGpaVmQrSjhaS0VNSkJnYTBJNjRLdmZPK2tNb1UzRVNSSm5wbWdVVmZVblVZckl4dDFHZFFMckhsa2hhZVZicUdaMzB2V2E4Zz09IiBzaWduZXI9InlNMmYzbGMzSjZSbTR3ODlmRGhlYm5RMXNxY3NBV2N0eFJiM3BDSFloTktUTnZiazlNM1pLRk9xYjIveE5hN3NaR1I4bm10c0U4T2lnaStLR2xrbndSNWx0SW9CODc1Tk8rRitWTCszYVdySlN2Zm5MQ2dCSlRMV1BwKyt1SUlqZUlCanYrTXB1S0xRM2NTMDMwQlRnUEk1dWlrS0l6Q1A0eEZucUFVampoWE9RVTR3WDMrRG1PczdEbm5QczhhZTk2UkNzWmVmZ0xpMzAyL281ZDVMRDJ1SnBEMUlmSnQ1Y1U1Y3V5UW5jYTRhd2M4bGhTcmFQbDlNNEpja29sQWt5cVlCNzg0UitKVVhYTExpKytjbHEzR1l4U2NJNjRyZHRKZWNWVENZRVcvUTJGU2VXV1c2UE9RdlBRNGZ3aFVPZEM0L05MSVJKdU9lTVAyVG9Ed3NNUT09IiBrZXk9ImduR1dLWGJFVzQwbHZHV1FxbkVKZWdtcXJCSXdBRVZtUmQwRzlJaDMzVCsycnBtRTY5WUQybHhNNHpzNy9weDVFOFRaSjdvYnV5ZVNpNTIvazZMeGp2ZWtkNTdVeTR5QSttaEZ5c1o5UGFXdHVobzRac2oyQ0NaenBjcXhRSW5pL1E4UDY4QkJSeWhKd0hVZHNmMjUxS3RLdmwzdWZFN0VpK254Rnk2bUlVZUptckpjT3U5L1dsNndUTkwxRUVrQmJzL0NIT2pQSlFpUi84UlFOdVN4aDRWYVRnNlFKM0VhVUFhYzFkV2REQmx5dmpUYzZHTnczbFUrdUtDQitpR05xeFNwSlIxMHlQS3VRR1h4S1N3ZTVOVGNuQnFmQncwZC9FMVZ6dWdmVEtqUXFDbmt4TjVEUnlWWEJwTkFyVnNjek4xMlZwdkJpdENUa25ObEhWOHMzdz09IiBpbml0dmVjdG9yPSJkWWhYYVRRWmVUaGZsTUc2VGJCdzN3PT0iPg0KPC9aTWVzc2FnZT4NCg=="} +00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":172,"pkt_l4_len":134,"thread_ts_usec":1639054092687121,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAAmsImQAB\/BvfsVZpycbkgwB7a3ABQlbp1kDzHn1RQGAIFKTIAABWnhAex4GkI+Emzf4RIldOZwd02PnXrmBnBHRrx+ET677ALMou1pxMGL4bsefKLEZJCsMhBQeRMREPGyDS\/Ls5rva5OrXg9O7PulAGNv3b+vbLJAQh1CgtCNjRdd437DmknBotv3IGznWL+EIv99mMNCg=="} +02183{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1639054092826306,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1285,"pkt_l4_len":1247,"thread_ts_usec":1639054092826306,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAE86uzQADxBpgGuSDAHlWacnEAUNrcPMefVJW6dgJQGD199lwAADw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+DQo8Wk1lc3NhZ2UgdGFyZ2V0PSJaQkJQLjEuRE1TQ29uZmlnIiBtaW5vcj0iMzUiIHBhcmFtaGVhZGVybGVuZ3RoPSIxMDc0IiBzaWduYXR1cmU9IlB5TnFZSHVKRElUd1Y1SDlMdVNvbmhKZ09jNmloU3ZOcXBSN1NPL3JZVVJvckI4WDFLd3I2NUlqaGJmd1duWEVZVWpYQURhRUpTeGd4cUxUcEpubnVVME1RaUNHcC84WWlkQ2lBKzdQMHlEYXg3NStiM2lBazEzeHJFRTN5S043SmpvMmlvR3piTDdyVUtUOHZvek1hTkhhN2x2Qmg3YTZnUlRLU3NtM000cVoyVXVkV29TelQ5bEdTMGZ3NG0zN1BPOGtvaWRqdVJ2Vk5sbkxOT0Y2WjBVS01JN0x6SjhiSWdjRWx1eiswYnZvT3lBclRLOE5HOFhiTXlGek84c0xnUEZCQ3c3dHlEWGNWYVkxRGZIS3hPVFFHOUtZcTNEbG54VGJkaHBFK2paU0xvclMvKzc3aXRhZFNqSm54N0xYKzZoY28xVGxsb3FLUzFiQ2dXdS9Odz09IiBzaWduZXI9InQ1TDVobWdCWXBORjVicjBjOGlnOUtCNG8waE5reGk3NVBpZ0pudlN4MW4vZCsrcFl0cXhMU3FYMGY1YTFVeXc1ZG00bHdoZC9ZcVFPYVFpR0hqdjRBQk5rWXFjZW1pMDZGdWVXN0wzM0xqL0U2c1NaSk5hTGtwREFIVjNUUS9ZdUFkeC9iN095WFQ0TmtNdU02bHUzaVgxNWlJeWF6Y0lKNjhVblFQYjNQWklrVUZLNzc0ZFRWc1IwKzJNcWFaSmNQTVQyWWU1TVJMa3kzOGVsckRSOXV2RDA4THNobEpneURSV2ZNVFppMEpGWk5PRE5mQ3VLcStBY012WDF6YzZzMmhPMDBYcjBGVzZ2WDlrREthSHlCNCtDdVQrWWtPMStxV1dlcCs0alcwVkwyTldWRmpFeUpuZi9JSHVIWW9aT2xMNDQ4aTdvNitnTDgrMWhCbDZNUT09IiBrZXk9IkZWclNPNTRGNXZCYkFZZ0N1T1BJL3Rrb05mOXk0Q2dXQVorVm9ibVBkRSs3ZVVPcU02TzZ1SytFZkpuYU5TVzltZDNTWVBXdFVOVi9UZmpIL0dFcXNBQ2FDb3dsUDRBQjJWeGtZMzhQRC9Gb1FKekg4YlhiYitDa3JVaEdiUkNlYlFLQ2pCV2x2VERDeGFWZXlLTnN4OXI1dFppTE82blp0ODFwZnhETzRIWFcyQTZUaVNtRFh6K29RSkFoOC8zUXZEODk0VTRMZGxBdEpOdmNNMUhtcTliZTlyQXVRcWFjSUZBY08zd1Y2ZTFVdlFDOFhrNDVJVVYyTHpXc0d1MTF4VE9HcXp5SEtQYWNWRnlmdjMrSERyM2pMcFREcUVyQ25JK3k4akd2YVkzb2Z0R2FXZ1RTSjZsVlo5QTUvSlEvTVJGNjkyQ3Q1TjVvWndBV3VBejVaUT09IiBpbml0dmVjdG9yPSI4Y3U4UXdpWXRXbTNDNGUzTzB3Wi93PT0iPg0KPC9aTWVzc2FnZT4NCg=="} +01996{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":1132,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1132,"pkt_l4_len":1094,"thread_ts_usec":1639054092826381,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAEWqu1QADxBpiduSDAHlWacnEAUNrcPMekH5W6dgJQGD191s4AAIyNda9b\/4Wk\/q7kvzA0zlo0OCy+ohRx\/gWlD6cuZaKXDpcZnDmdSt\/gCNGopu6AS8JATRDB2sNkdvs0VYqXuo85LWLXgz\/GGa9Jc6MG6JYPBLtZ68AEkD4E7Ixgxj5VoD8X1vcUPgbavdxsBF6ml+drczg2gmaNkDFO7B933+q9zZKg+oG2pMj87ESLGu\/fp4BFA7hj0TH0xUqeBDvAR85kXVH5RLFVcwlzf5SkxaK76gkzu60llYNi5wv4hugteIIw1qnuuG0F2lOzsJeXnOmZr2YLWmTVeZYmw5JFWYaOW88oh3lE8wTOL6kkf6422YOL+vSBdTD+5GVjul+dz5efILQi0gJb9SDXms4KOszaLOz7oz\/eH9i5zXlpDJFf24wMnOC2K8IIqs8dhhBblctV5U7MCi6fbjwTNFDnkkrhAsQLfflwcnijU0wkUYZVsP2Mopqss2DfWxrrzjtvU\/3TnJzhxzjOfuyUKfTBG3L8dD4Gwoav79OfgC9+Idtf1PTDn9ex7v\/Fmyd30pyd1s0bbUnz4vg2h1D5DlfOPo7q5SkbGllQNKS2sypM2gujPrdAAhAO0MRmdruKPyfFmHldo0sI4qDDyoWYToWvYReNG4+MAkhnOTEs6LErtCWDATGKcwqKh6PqbM69SZXd5JlPmgt0LzAoUrLTLasxmrJeZtJFQ8MXa1ME4ZfLLSHL9nOyiq2E0UL\/rQPyurLaNNs0NvV7I0Bfi5FZAvQC2QwQhlY8Y7p2Bqy8Cdxd4LbTsK8IE9vImZYfFmbm\/RO6LBSYlfLawEeVfZKSXPyz7v29dbM2LCt3pR5f\/Jn2HtSd2bsC9XpH67WDfGJ5VKnDZGKU7pj7BvwgMeQEj+8L3eTOjjaReBB4MsrpfGwTE9aSt9aw0m1unF81+cY5x9BcRGq4bCtgkFz8DnHAsF0lI9XP52++JBk5mERUR2eEaHIcSiQzhvYPVXGzmTYBHdq6F\/nfwq0p+OjBjzHWUKpaQwrLVdKIyww95od0Sguqb1MCuKRpSrwOQvXZWV9jQNM03ynZj2wo3dQHbNZyEBxcA0jdj8EeZvvk0eVvzuEF6NayagghINncRhZZDA2muQ+gK3F8BvvNO\/9IlbBxiXKRdXubXKUyOTU2MAwix\/0nAhAyuwnq+Q88d7anWWPi3zwTnVBWrrC7vBJoJ1Z7g0f5E+\/HysBN7mVyq5MveGyL62bIoMLmpI1KNsCgMGwDITFykvlhjWDGYryDj+XT6t7Jvx\/xd9+NXSrdaHyxzR3sl\/V+aathuQMWxApeB5TtLieObBBINO6kN5U2O13qaE+PH1T8uNTDUsPwPEKqgRdQIY7ffwW36TMVsARN5+bm1DJ4iy1DNQ4LE8HbDySzNbnrVS7GRtQIF0zepOpR7thyhsgydrZzJ3XiE0fSTioqLAsNToYNCg=="} +00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1227,"flow_src_tot_l4_payload_len":2301,"flow_dst_tot_l4_payload_len":1341,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092826381,"flow_dst_last_pkt_time":1639054092687121,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1227,"flow_dst_max_l4_payload_len":1227,"flow_src_tot_l4_payload_len":2301,"flow_dst_tot_l4_payload_len":1341,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOAP","proto_id":"253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00964{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326407000,"flow_dst_last_pkt_time":946731326431000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":296,"flow_src_tot_l4_payload_len":4356,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} +00787{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326407000,"flow_dst_last_pkt_time":946731326431000,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":296,"flow_src_tot_l4_payload_len":4356,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00587{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":9746,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1639054092826381} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 20/20 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 9746 bytes +~~ total detected protocols..: 2 +~~ total active/idle flows...: 3/3 +~~ total timeout flows.......: 1 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7685169 bytes +~~ total memory freed........: 7685169 bytes +~~ total allocations/frees...: 142428/142428 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 520 chars +~~ json string max len.......: 2479 chars +~~ json string avg len.......: 1498 chars |