diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-01-31 20:38:58 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-01-31 20:54:02 +0100 |
| commit | 1a0d7ddbfaccc20e081a2fcd0a27495c166e1dbe (patch) | |
| tree | 05195d13f935abf90f48b06a381c0a847d55fc18 /test/results/tor.pcap.out | |
| parent | 7022d0b1c57b4b6233fc2bd89d03328a5f90208e (diff) | |
Process additional layer 3 protocols.
* bump libnDPI to c53c82d4823b5a8f856d1375155ac5112b68e8af
* run_tests.sh: improved execution from non-git directories e.g. via `make dist`
* updated JSON schema to be more restrictive
* nDPId: splitted generic get_ip_from_sockaddr into IPv4/IPv6 to prevent compiler warnings on some platforms
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/tor.pcap.out')
| -rw-r--r-- | test/results/tor.pcap.out | 292 |
1 files changed, 146 insertions, 146 deletions
diff --git a/test/results/tor.pcap.out b/test/results/tor.pcap.out index 32359d467..fd521165a 100644 --- a/test/results/tor.pcap.out +++ b/test/results/tor.pcap.out @@ -1,10 +1,10 @@ 00437{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tor.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} 00350{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821660212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00141{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","type":38} +00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00350{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821662212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00141{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2,"source":"tor.pcap","alias":"nDPId-test","type":38} +00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00350{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821664212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00141{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3,"source":"tor.pcap","alias":"nDPId-test","type":38} +00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1383821665420,"flow_last_seen":1383821665420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1383821665420,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1383821665420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383821665420,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A15AAIAGe0DAqAH8W49d8semAbvp\/8nSAAAAAIACIABVtgAAAgQFtAEDAwgBAQQC"} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1383821665491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383821665491,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x6b4Wbj86f\/J04ASOQiLRwAAAgQFtAEBBAIBAwMH"} @@ -12,7 +12,7 @@ 00816{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":4,"flow_first_seen":1383821665420,"flow_last_seen":1383821665498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"ts_msec":1383821665498,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01028{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":6,"flow_first_seen":1383821665420,"flow_last_seen":1383821665606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":160,"midstream":0,"ts_msec":1383821665606,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}} 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821666212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","type":38} +00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00544{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1383821666407,"flow_last_seen":1383821666407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1383821666407,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1383821666407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383821666407,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A2hAAIAG0l3AqAH8Ljs0H8enAbvpjJYYAAAAAIACIADhCQAAAgQFtAEDAwgBAQQC"} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1383821666480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383821666480,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAACwGKcYuOzQfwKgB\/AG7x6cxNPZ86YyWGYASchBnNQAAAgQFtAEBBAIBAwMK"} @@ -20,7 +20,7 @@ 00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":4,"flow_first_seen":1383821666407,"flow_last_seen":1383821666482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"ts_msec":1383821666482,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01112{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":6,"flow_first_seen":1383821666407,"flow_last_seen":1383821666558,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":749,"flow_tot_l4_payload_len":971,"flow_avg_l4_payload_len":161,"midstream":0,"ts_msec":1383821666558,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.gmvuy6mtjbxevwo3w.com","subjectDN":"CN=www.bpcau5b3haif5els.net","fingerprint":"3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C"}} 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821668212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","type":38} +00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":1,"flow_first_seen":1383821668403,"flow_last_seen":1383821668403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1383821668403,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1383821668403,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383821668403,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A3VAAIAGx5DAqAH8JuVGNceoAbuUs9YxAAAAAIACIADrCAAAAgQFtAEDAwgBAQQC"} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1383821668547,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383821668547,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x6iEDREglLPWMoASOQg8wAAAAgQFtAEBBAIBAwMK"} @@ -28,135 +28,135 @@ 00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":4,"flow_first_seen":1383821668403,"flow_last_seen":1383821668548,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"ts_msec":1383821668548,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01109{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":6,"flow_first_seen":1383821668403,"flow_last_seen":1383821668700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":192,"midstream":0,"ts_msec":1383821668700,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}} 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":80,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821670213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":80,"source":"tor.pcap","alias":"nDPId-test","type":38} +00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":80,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821672213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","type":38} +00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":1,"flow_first_seen":1383821673254,"flow_last_seen":1383821673254,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383821673254,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1383821673254,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"ts_msec":1383821673254,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 00587{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":1,"flow_first_seen":1383821673254,"flow_last_seen":1383821673254,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383821673254,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821674212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","type":38} +00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":88,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821676212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":88,"source":"tor.pcap","alias":"nDPId-test","type":38} +00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":88,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":89,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821678212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":89,"source":"tor.pcap","alias":"nDPId-test","type":38} +00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":89,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":90,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821680212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":90,"source":"tor.pcap","alias":"nDPId-test","type":38} +00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":90,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821682212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","type":38} +00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":92,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821684212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":92,"source":"tor.pcap","alias":"nDPId-test","type":38} +00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":92,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":93,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821686212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":93,"source":"tor.pcap","alias":"nDPId-test","type":38} +00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":93,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":94,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821688212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":94,"source":"tor.pcap","alias":"nDPId-test","type":38} +00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":94,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":95,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821690212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":95,"source":"tor.pcap","alias":"nDPId-test","type":38} +00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":95,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":96,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821692212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":96,"source":"tor.pcap","alias":"nDPId-test","type":38} +00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":96,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"ts_msec":1383821693159,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1383821693159,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"ts_msec":1383821693159,"pkt":"\/\/\/\/\/\/\/\/UlQAWul3CABFAADuA4EAAIARsTLAqAH8wKgB\/wCKAIoA2itVEQLJT8CoAfwAigDEAAAgRUZFT0VFRUpFQkVPQ05GQUVEQ0FDQUNBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAKgAAAAAAAAAAAOgDAAAAAAAAAAAqAFYAAwABAAEAAgA7AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABFTkRJQU4tUEMA"} 00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"ts_msec":1383821693159,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821694212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","type":38} +00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00351{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":99,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821696212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":99,"source":"tor.pcap","alias":"nDPId-test","type":38} +00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":99,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":100,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821698212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":100,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":100,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":101,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821700216,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":101,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":101,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":102,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821702213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":102,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":102,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1383821703288,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"ts_msec":1383821703288,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":111,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821704212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":111,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":111,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":156,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821706213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":156,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":156,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":185,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821708213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":185,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":185,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":202,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821710212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":202,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":202,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":203,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821712212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":203,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":203,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":214,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821714212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":214,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":214,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":215,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821716213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":215,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":215,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":220,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821718212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":220,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":220,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":221,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821720213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":221,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":221,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":222,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821722213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":222,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":222,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":227,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821724212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":227,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":227,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":232,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821726212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":232,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":232,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":271,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821728213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":271,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":271,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":356,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821730212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":356,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":356,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":541,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821732212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":541,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":541,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1383821733324,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"ts_msec":1383821733324,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":671,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821734213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":671,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":671,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1383821734359,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"ts_msec":1383821734359,"pkt":"UlQA2EYhUlQAWul3CABFAAAoBE1AAIAGeHjAqAH8nTgeLsegAbuzcgvfGiCX\/lAUAAD2+QAAAAAAAAAA"} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":690,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821736213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":690,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":690,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":755,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821738213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":755,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":755,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":806,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821740212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":806,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":806,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":828,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821742213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":828,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":828,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":848,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821744213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":848,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":848,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00352{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":889,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821746213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":889,"source":"tor.pcap","alias":"nDPId-test","type":38} +00162{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":889,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1027,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821748212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1027,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1027,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1054,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821750212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1054,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1054,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1069,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821752213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1069,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1069,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1074,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821754213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1074,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1074,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1093,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821756213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1093,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1093,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1106,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821758213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1106,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1106,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821760213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821762212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00558{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":4,"flow_first_seen":1383821673254,"flow_last_seen":1383821763366,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383821764213,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821764213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821766213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1709,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821768213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1709,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1709,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1807,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821770213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1807,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1807,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1817,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821772213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1817,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1817,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1818,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821774213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1818,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1818,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1828,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821776213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1828,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1828,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1829,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821778213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1829,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1829,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1830,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821780213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1830,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1830,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1831,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821782213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1831,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1831,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00556{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"ts_msec":1383821784213,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821784213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383821786213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00559{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":141,"flow_first_seen":1383821665420,"flow_last_seen":1383821774457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60720,"flow_avg_l4_payload_len":430,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":4,"flow_first_seen":1383821673254,"flow_last_seen":1383821763366,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -168,11 +168,11 @@ 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1383822123915,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"ts_msec":1383822123915,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 00589{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":1,"flow_first_seen":1383822123915,"flow_last_seen":1383822123915,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383822123915,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822124212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822126212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822128212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":1,"flow_first_seen":1383822129889,"flow_last_seen":1383822129889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1383822129889,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1383822129889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383822129889,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CJdAAIAGvzrAqAH81FOb+sfmAbsbVwNmAAAAAIACIAAzvwAAAgQFtAEDAwgBAQQC"} 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1841,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":1,"flow_first_seen":1383822129897,"flow_last_seen":1383822129897,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1383822129897,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -186,7 +186,7 @@ 01021{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packets_processed":6,"flow_first_seen":1383822129889,"flow_last_seen":1383822130023,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":743,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":158,"midstream":0,"ts_msec":1383822130023,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.wohgpas45j6ucw.com","subjectDN":"CN=www.7d43ah2kikrabj.net","fingerprint":"F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B"}} 01107{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":6,"flow_first_seen":1383822129897,"flow_last_seen":1383822130047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":961,"flow_avg_l4_payload_len":160,"midstream":0,"ts_msec":1383822130047,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822130216,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":1,"flow_first_seen":1383822130889,"flow_last_seen":1383822130889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1383822130889,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1383822130889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383822130889,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CK1AAIAGwljAqAH8JuVGNcfoAbv0twffAAAAAIACIABZFwAAAgQFtAEDAwgBAQQC"} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1383822131033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383822131033,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x+hg0\/cE9LcH4IASOQjoIwAAAgQFtAEBBAIBAwMK"} @@ -194,67 +194,67 @@ 00814{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":4,"flow_first_seen":1383822130889,"flow_last_seen":1383822131034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"ts_msec":1383822131034,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01020{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packets_processed":6,"flow_first_seen":1383822130889,"flow_last_seen":1383822131220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1139,"flow_avg_l4_payload_len":189,"midstream":0,"ts_msec":1383822131220,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822132212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822134212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822136212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1945,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822138212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1945,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1945,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1946,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822140212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1946,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1946,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1947,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822142212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1947,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1947,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1948,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822144212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1948,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1948,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1949,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822146212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1949,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1949,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1950,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822148212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1950,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1950,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822150212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822152212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1953,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1383822153962,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"ts_msec":1383822153962,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822154212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822156212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822158212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1957,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822160212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1957,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1957,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1958,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822162212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1958,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1958,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1959,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822164212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1959,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1959,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1960,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822166212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1960,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1960,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1961,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822168212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1961,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1961,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1975,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822170212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1975,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1975,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1986,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822172212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1986,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1986,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2022,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822174212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2022,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2022,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2042,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822176212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2042,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2042,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2058,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822178212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2058,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2058,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2061,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822180212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2061,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2061,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822182212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2067,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1383822184001,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"ts_msec":1383822184001,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822184212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822186212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822188212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822190212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":1,"flow_first_seen":1383822190886,"flow_last_seen":1383822190886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1383822190886,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1383822190886,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383822190886,"pkt":"UlQA2EYhUlQAWul3CABFAAA0COtAAIAGZnzAqAH8PtKJ5sfxAbspsDzeAAAAAIACIACTeAAAAgQFtAEDAwgBAQQC"} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1383822190950,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1383822190950,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGvmc+0onmwKgB\/AG7x\/Gvhi1nKbA834ASOQidcgAAAgQFtAEBBAIBAwMH"} @@ -262,97 +262,97 @@ 00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":4,"flow_first_seen":1383822190886,"flow_last_seen":1383822190951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":54,"midstream":0,"ts_msec":1383822190951,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01027{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packets_processed":6,"flow_first_seen":1383822190886,"flow_last_seen":1383822191037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":958,"flow_avg_l4_payload_len":159,"midstream":0,"ts_msec":1383822191037,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","subjectDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0"}} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822192212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2107,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822194212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2107,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2107,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2136,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822196212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2136,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2136,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2193,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822198212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2193,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2193,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2231,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822200212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2231,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2231,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2318,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822202212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2318,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2318,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2421,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822204212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2421,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2421,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2544,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822206212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2544,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2544,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2564,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822208213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2564,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2564,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2577,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822210212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2577,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2577,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822212212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00558{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":4,"flow_first_seen":1383822123915,"flow_last_seen":1383822214039,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383822214212,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822214212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822216212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":1,"flow_first_seen":1383822217531,"flow_last_seen":1383822217531,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1383822217531,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1383822217531,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"ts_msec":1383822217531,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDIMBZjPcAAgAAgAAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":1,"flow_first_seen":1383822217531,"flow_last_seen":1383822217531,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1383822217531,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822218212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2800,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1383822218758,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"ts_msec":1383822218758,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDB8BZjPcAAgAAgBkAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822220212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2863,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1383822220774,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"ts_msec":1383822220774,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhC1cBZjPcAAgAAgEsAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822222212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2936,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822224212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2936,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2936,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2965,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822226212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2965,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2965,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2976,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822228212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2976,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2976,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2988,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822230212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2988,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2988,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3004,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822232211,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3004,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3004,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3018,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822234211,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3018,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3018,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3036,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822236212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3036,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3036,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3128,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822238212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3128,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3128,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3234,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822240212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3234,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3234,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822242212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822244212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3654,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822246212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3654,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3654,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3712,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822248212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3712,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3712,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822250211,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822252211,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3735,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822254212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3735,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3735,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3752,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822256211,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3752,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3752,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3810,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822258212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3810,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3810,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822260212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3826,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822262211,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3826,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3826,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3833,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822264211,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3833,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3833,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3853,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822266211,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3853,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3853,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822268211,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3854,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3854,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3855,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822270212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3855,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3855,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822272211,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822274212,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00353{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"ts_msec":1383822276211,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","type":38} +00163{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","layer_type":38} 00558{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packets_processed":38,"flow_first_seen":1383822129897,"flow_last_seen":1383822265221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10408,"flow_avg_l4_payload_len":273,"midstream":0,"ts_msec":1383822276211,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packets_processed":6,"flow_first_seen":1383822123915,"flow_last_seen":1383822274144,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":864,"flow_avg_l4_payload_len":144,"midstream":0,"ts_msec":1383822276211,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packets_processed":6,"flow_first_seen":1383822217531,"flow_last_seen":1383822248944,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":534,"flow_avg_l4_payload_len":89,"midstream":0,"ts_msec":1383822276211,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -368,10 +368,10 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4725388 bytes -~~ total memory freed........: 4725388 bytes -~~ total allocations/frees...: 103282/103282 +~~ total memory allocated....: 4731298 bytes +~~ total memory freed........: 4731298 bytes +~~ total allocations/frees...: 103301/103301 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 146 chars +~~ json string min len.......: 160 chars ~~ json string max len.......: 1117 chars -~~ json string avg len.......: 631 chars +~~ json string avg len.......: 639 chars |