diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2021-10-08 11:12:32 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2021-10-08 11:31:58 +0200 |
| commit | 315f90f9828ddfa2e580f45afb1a3d6804bab923 (patch) | |
| tree | 6433d64724d5988dbc9edca4fe933a35ac05e415 /test/results/tor.pcap.out | |
| parent | fe77c44e3f6e70e4dfa7c7aa4248f9964518d4f3 (diff) | |
Fixed invalid "flow_last_seen" timestamp for the first packet.
* After the first packet was processed, "flow_last_seen" was still 0.
This behaviour is invalid as the first packet may contain l4 payload data e.g. for UDP
and it also breaks nDPId json consistency "flow_first_seen" > 0, but "flow_last_seen" == 0.
* JSON schema: set minimum timestamp value for Epoch timestamps to 24710 for flow_*_seen and
1 for pcap packet ts. Those values are dependant on some manipulated pcap's in libnDPI/tests/pcap.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/tor.pcap.out')
| -rw-r--r-- | test/results/tor.pcap.out | 254 |
1 files changed, 115 insertions, 139 deletions
diff --git a/test/results/tor.pcap.out b/test/results/tor.pcap.out index 0413299fd..beccd6f28 100644 --- a/test/results/tor.pcap.out +++ b/test/results/tor.pcap.out @@ -5,7 +5,7 @@ 00141{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2,"source":"tor.pcap","alias":"nDPId-test","type":38} 00371{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821664,"pkt_ts_usec":212868,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00141{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3,"source":"tor.pcap","alias":"nDPId-test","type":38} -00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1383821665420,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1383821665420,"flow_last_seen":1383821665420,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00419{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":420161,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A15AAIAGe0DAqAH8W49d8semAbvp\/8nSAAAAAIACIABVtgAAAgQFtAEDAwgBAQQC"} 00420{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":491157,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x6b4Wbj86f\/J04ASOQiLRwAAAgQFtAEBBAIBAwMH"} 00412{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":491486,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA19AAIAGe0vAqAH8W49d8semAbvp\/8nT+Fm4\/VAQAQAEIgAAAAAAAAAA"} @@ -25,7 +25,7 @@ 01208{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":877534,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyA2VAAIAGePvAqAH8W49d8semAbvp\/83E+FnCPlAYAQCWHAAAFwMBACBIdsG\/zOXG\/XztpJ8eFepnZhEXQSSgOOQTcWqQ9+Lx5RcDAQIg68Keur3cYqAVMp4H9MAwBHczaDXxrJyCRIcH8VQ2ys9UgruN16hGu3fmB9dMFBX17YHcxjnf9bkvZ5A+RhhNicA7w+vJ2Ns0QrTXkW5SgRWCVRvJhjWw4mb7fMmSgCsMsTul8R6MZbcOMTGg\/YTBVFikQb3GWC+0IB29jRW6YQDkfmINVrldJvRH6sL3\/dejMT3SKkZPcB5Fo2gOldl60pRT9KT95zyd4\/hxFlF6pB1Ax2uRSXOpfgJNaIpWWlP6OPbAVyZJEYFvHsIF7bPRcB9CJlCy2iBlJba+1e89qHcfFu5tLGbxl+3UyI\/Jh2oyc3e9rZvi1L99EMzYdTkkXss9d\/X3UJIgG85A\/wJNaJO4FLEfbddJ\/eyzitzquPQVt9k1\/V6UUJkVdZ20Qp0mpLiBJV+cbq\/Itkeh6TKJS2ha8XVBado8qntl6NIf1ASx7L+2T9gJ07KqYOQqLmNvrpdhUaZV3r0bF0KfhsxqcFz15doyFlP\/lX+Bc01wQhZyOA\/\/krtSsiVkCfRoVfZBIPR2IMa5ntyOfRRaqtvGZ9MdJMQo0FzAt27vxx2nAJSuXxhiBPP7ScJYdTbWORIFEE2KU9GVIf\/oDl1Xu0uk3H0je2K74L5Xv5S0Uwz54Me47i8w5SjiqyXqQtqCc3xM79wE8eqcS14Q+HIe2vFtw1jum5z5\/XGlcFyJBHkjgA8o8YEO9V+Tn8TP0u0HUp5fMg=="} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":212873,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","type":38} -00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1383821666407,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1383821666407,"flow_last_seen":1383821666407,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00419{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":407384,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A2hAAIAG0l3AqAH8Ljs0H8enAbvpjJYYAAAAAIACIADhCQAAAgQFtAEDAwgBAQQC"} 00420{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":480751,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAACwGKcYuOzQfwKgB\/AG7x6cxNPZ86YyWGYASchBnNQAAAgQFtAEBBAIBAwMK"} 00411{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":481792,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA2lAAIAG0mjAqAH8Ljs0H8enAbvpjJYZMTT2fVAQAQAZGwAAAAAAAAAA"} @@ -45,7 +45,7 @@ 01203{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":838948,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyA3BAAIAG0BfAqAH8Ljs0H8enAbvpjJoRMTT\/v1AYAQCjBwAAFwMBACCuEhGVA4NvraHqWBXF0VGKi7yya+9S+1okg4GocBkj\/BcDAQIgqsSvH4svwNynX5ByKfenV2pkK\/zH5qdmrle51GUZdAWp5VTZzjCx\/s3z2YQPJOaJ8hzBRzNfwMHhVLGiZ7rvf8BQlBrfRXfo1Snj5ShDklJKVYJgPv2imkOqDOab6FYtIehUfgy8e7\/Zk1BnQWZBDR65DFznkpxbkLGufZ3ovawC+z9M4mggiRY94e6nM\/jPQLpCTGp\/RkFgwoH9gKmn39AxE+unqF+GFeMXpjFIRmGGU\/+LplD76IzG1gwlZfxa\/6Jxfuy79GRU4FdzUKbzAj11MMv17UuUi4h56ghDeKXYYdM4tC\/LXZ\/5NMyY6nutaKaN2EQUUnYef5MMUaupYOXf1D6kW59zAm5jQYAQSxX+1R54hIg3w0gGqTatO1RcWJIzFrzo0AoVma9K4X3hjZ0WkF9LuCsrVueZ3XSqYRKiAMp5ktEluSU6NzCWY1UVUp+HZJEzDSzrfACABWhRZMuy6rhAvLFaTc7VPRtHQOpZQybaBeHzl50phweF0i3PNlz0NPDXS6WPUwBXGNDr1SzWWaJbRY2Y4GSwU5sBZM3Po9LrosDeNJexY70v7YJeR9hc2lHfRlsUqMsQfVkEOB27ZG5GYJXOEwOc07o0Udlctf3xwBBTlYOwkN1sJz6Mv2PRCxvz5YJLj1BlbRaZ5UYiMKkvLub0aqJX\/mhIykWQUm04S5iR7nVREMC7l7Ehiq2XcjHQmTfj6eJSX+Mh5w=="} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":212884,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","type":38} -00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1383821668403,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1383821668403,"flow_last_seen":1383821668403,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00419{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":403824,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A3VAAIAGx5DAqAH8JuVGNceoAbuUs9YxAAAAAIACIADrCAAAAgQFtAEDAwgBAQQC"} 00420{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":547648,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x6iEDREglLPWMoASOQg8wAAAAgQFtAEBBAIBAwMK"} 00411{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":548030,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA3ZAAIAGx5vAqAH8JuVGNceoAbuUs9YyhA0RIVAQAQC1nQAAAAAAAAAA"} @@ -67,9 +67,9 @@ 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":80,"source":"tor.pcap","alias":"nDPId-test","type":38} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821672,"pkt_ts_usec":213282,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","type":38} -00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1383821673254,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1383821673254,"flow_last_seen":1383821673254,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00591{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821673,"pkt_ts_usec":254958,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1383821673254,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1383821673254,"flow_last_seen":1383821673254,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821674,"pkt_ts_usec":212949,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","type":38} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":88,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821676,"pkt_ts_usec":212885,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -78,7 +78,6 @@ 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":89,"source":"tor.pcap","alias":"nDPId-test","type":38} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":90,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821680,"pkt_ts_usec":212883,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":90,"source":"tor.pcap","alias":"nDPId-test","type":38} -00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1383821673254,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821682,"pkt_ts_usec":212886,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","type":38} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":92,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821684,"pkt_ts_usec":212907,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -91,9 +90,9 @@ 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":95,"source":"tor.pcap","alias":"nDPId-test","type":38} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":96,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821692,"pkt_ts_usec":212907,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":96,"source":"tor.pcap","alias":"nDPId-test","type":38} -00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1383821693159,"flow_last_seen":0,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00679{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821693,"pkt_ts_usec":159821,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"pkt":"\/\/\/\/\/\/\/\/UlQAWul3CABFAADuA4EAAIARsTLAqAH8wKgB\/wCKAIoA2itVEQLJT8CoAfwAigDEAAAgRUZFT0VFRUpFQkVPQ05GQUVEQ0FDQUNBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAKgAAAAAAAAAAAOgDAAAAAAAAAAAqAFYAAwABAAEAAgA7AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABFTkRJQU4tUEMA"} -00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1383821693159,"flow_last_seen":0,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821694,"pkt_ts_usec":212894,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","type":38} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":99,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821696,"pkt_ts_usec":212907,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -104,10 +103,7 @@ 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":101,"source":"tor.pcap","alias":"nDPId-test","type":38} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":102,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821702,"pkt_ts_usec":213488,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":102,"source":"tor.pcap","alias":"nDPId-test","type":38} -00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1383821693159,"flow_last_seen":0,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} -00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1383821703288,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} -00592{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821703,"pkt_ts_usec":288336,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1383821703288,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00592{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821703,"pkt_ts_usec":288336,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":111,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821704,"pkt_ts_usec":212955,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":111,"source":"tor.pcap","alias":"nDPId-test","type":38} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":156,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821706,"pkt_ts_usec":213267,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -118,7 +114,6 @@ 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":202,"source":"tor.pcap","alias":"nDPId-test","type":38} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":203,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821712,"pkt_ts_usec":212949,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":203,"source":"tor.pcap","alias":"nDPId-test","type":38} -00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":212,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1383821703288,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":214,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821714,"pkt_ts_usec":212940,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":214,"source":"tor.pcap","alias":"nDPId-test","type":38} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":215,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821716,"pkt_ts_usec":213464,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -139,14 +134,11 @@ 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":356,"source":"tor.pcap","alias":"nDPId-test","type":38} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":541,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821732,"pkt_ts_usec":212991,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":541,"source":"tor.pcap","alias":"nDPId-test","type":38} -00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1383821733324,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} -00592{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821733,"pkt_ts_usec":324487,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1383821733324,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":662,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1383821733324,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00592{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821733,"pkt_ts_usec":324487,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":671,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821734,"pkt_ts_usec":213076,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":671,"source":"tor.pcap","alias":"nDPId-test","type":38} -00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1383821734359,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00413{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821734,"pkt_ts_usec":359648,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoBE1AAIAGeHjAqAH8nTgeLsegAbuzcgvfGiCX\/lAUAAD2+QAAAAAAAAAA"} +00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00413{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821734,"pkt_ts_usec":359648,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoBE1AAIAGeHjAqAH8nTgeLsegAbuzcgvfGiCX\/lAUAAD2+QAAAAAAAAAA"} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":690,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821736,"pkt_ts_usec":213187,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":690,"source":"tor.pcap","alias":"nDPId-test","type":38} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":755,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821738,"pkt_ts_usec":213238,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -155,8 +147,6 @@ 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":806,"source":"tor.pcap","alias":"nDPId-test","type":38} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":828,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821742,"pkt_ts_usec":213016,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":828,"source":"tor.pcap","alias":"nDPId-test","type":38} -00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":843,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1383821734359,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00478{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":843,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1383821734359,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":848,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821744,"pkt_ts_usec":213025,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":848,"source":"tor.pcap","alias":"nDPId-test","type":38} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":889,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821746,"pkt_ts_usec":213762,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -177,12 +167,9 @@ 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821762,"pkt_ts_usec":212987,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","type":38} -00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1344,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1383821763366,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} -00593{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821763,"pkt_ts_usec":366999,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1344,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1383821763366,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00593{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821763,"pkt_ts_usec":366999,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821764,"pkt_ts_usec":213182,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","type":38} -00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1390,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1383821763366,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821766,"pkt_ts_usec":213046,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1709,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821768,"pkt_ts_usec":213010,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -206,76 +193,79 @@ 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821786,"pkt_ts_usec":213089,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","type":38} 00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":141,"flow_first_seen":1383821665420,"flow_last_seen":1383821774457,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60720,"flow_avg_l4_payload_len":430,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1383821673254,"flow_last_seen":1383821763366,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":34,"flow_first_seen":1383821666407,"flow_last_seen":1383821774461,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9246,"flow_avg_l4_payload_len":271,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1576,"flow_first_seen":1383821668403,"flow_last_seen":1383821774532,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1301150,"flow_avg_l4_payload_len":825,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1383822123915,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} -00594{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822123,"pkt_ts_usec":915516,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1383822123915,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1383822123915,"flow_last_seen":1383822123915,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00593{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822123,"pkt_ts_usec":915516,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} +00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1383822123915,"flow_last_seen":1383822123915,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822124,"pkt_ts_usec":212807,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822126,"pkt_ts_usec":212337,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822128,"pkt_ts_usec":212399,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","type":38} -00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1383822129889,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00422{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":889928,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CJdAAIAGvzrAqAH81FOb+sfmAbsbVwNmAAAAAIACIAAzvwAAAgQFtAEDAwgBAQQC"} -00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1841,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1383822129897,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00422{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1841,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":897135,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CJhAAIAGdgbAqAH8W49d8sfnAbtnuw7MAAAAAIACIACSwAAAAgQFtAEDAwgBAQQC"} -00423{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1842,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":949318,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGFtLUU5v6wKgB\/AG7x+atYj18G1cDZ4ASOQgvyAAAAgQFtAEBBAIBAwMH"} -00414{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1843,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":951535,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCJlAAIAGv0TAqAH81FOb+sfmAbsbVwNnrWI9fVAQAQCoogAAAAAAAAAA"} -00423{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1844,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":961527,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x+fD3pw1Z7sOzYASOQgZlAAAAgQFtAEBBAIBAwMH"} -00414{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1845,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":962943,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCJpAAIAGdhDAqAH8W49d8sfnAbtnuw7Nw96cNlAQAQCSbgAAAAAAAAAA"} -00693{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1846,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":965354,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"pkt":"UlQA2EYhUlQAWul3CABFAAD5CJtAAIAGvnHAqAH81FOb+sfmAbsbVwNnrWI9fVAYAQBc+gAAFgMBAMwBAADIAwFSe4E3FMYInxr2a\/LGdBo7iY6X3woxpwwwB2E4X+3g5wAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAFcAAAATABEAAA53d3cudDNpM3J1LmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1846,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1383822129889,"flow_last_seen":1383822129965,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00697{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":972457,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"pkt":"UlQA2EYhUlQAWul3CABFAAD9CJxAAIAGdTnAqAH8W49d8sfnAbtnuw7Nw96cNlAYAQCN\/AAAFgMBANABAADMAwFSe4E3htlD0jNwndR+1ou7jED0jjAcq7bR5WAiBXnUvwAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAFsAAAAXABUAABJ3d3cuZ2Z1N2hieHBmcC5jb20ACwAEAwABAgAKADQAMgABAAIAAwAEAAUABgAHAAgACQAKAAsADAANAA4ADwAQABEAEgATABQAFQAWABcAGAAZ"} -00839{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1383822129897,"flow_last_seen":1383822129972,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00406{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1848,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":21438,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAooqlAADEGdDTUU5v6wKgB\/AG7x+atYj19G1cEOFAQAHuoVgAA"} -01412{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":23500,"pkt_caplen":797,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":797,"pkt_l4_len":763,"pkt":"UlQAWul3UlQA2EYhCABFAAMPoqpAADEGcUzUU5v6wKgB\/AG7x+atYj19G1cEOFAYAHuyMAAAFgMBADkCAAA1AwFSe3L53X2pEnJ+sMNK7yLUj\/W6pO2+NRex4VwJn0DBEwDAEwAADf8BAAEAAAsABAMAAQIWAwEBywsAAccAAcQAAcEwggG9MIIBJqADAgECAgggWXsb82yVFTANBgkqhkiG9w0BAQUFADAhMR8wHQYDVQQDExZ3d3cud29oZ3BhczQ1ajZ1Y3cuY29tMB4XDTEzMDkxMTAwMDAwMFoXDTEzMTEyNDIzNTk1OVowITEfMB0GA1UEAxMWd3d3LjdkNDNhaDJraWtyYWJqLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyklKQGQkcctz93HgInj2t1gLlEeTreYlTjt5cVuEnkRhvnpxBBhUZcDOSffaAx9+S0RFFDudqL8\/TeDZIwrCCOxcwFVb+zUytTfEc8ly5MA1G7S5d2I\/x5yvg04rZJRI9\/q5ks8spXJHHzSyzwoRTx50l96ITtI3yPQNeVSHVUcCAwEAATANBgkqhkiG9w0BAQUFAAOBgQC38KFCTBghhDrxpOEFUDAKZE4bCRug43WMb6jvNo\/BPXQ48wsYWM\/S+47KwCPqXVUNCDyMF+wvJ2aRBnR37D+\/ayO\/p7RlBCVwDONA9IZk20eslgIepjkM58HbyrjYv5PJpyqgB0BsDzJJ400K0\/0xL29Q2pOCbmf5\/QOa\/soHuhYDAQDLDAAAxwMAF0EEqppowQXXYJtKnNsDr3CjDoKRPdSy8GzPWFf2pW59bta1CDBd2K0DAFHTa+02CMVDmRNatXtDgujISj+n9Smk7QCAb3zAMJEE0ZhtRVfh24BgLQXvLqOzphBWw67izOerVVz4biNemHUEOkNwxD+9oynPQgMUOQR3MDvw5YUW7GSS7yczMzYXquDqWDrOY8Ns7gaPrsQ1YbSUTuO7mrfNLqHYD1sSjpyqfIn2S3zLLZ7+opf6vOO4LybO3Wf9JdFNFCsWAwEABA4AAAA="} -00964{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1383822129889,"flow_last_seen":1383822130023,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":743,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.wohgpas45j6ucw.com","issuerDN":"CN=www.7d43ah2kikrabj.net","fingerprint":"F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B"}} -00591{"flow_id":11,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1850,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":28263,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"UlQA2EYhUlQAWul3CABFAACuCJ1AAIAGvrrAqAH81FOb+sfmAbsbVwQ4rWJAZFAYAP37zgAAFgMBAEYQAABCQQQirs+7bZ92YZQcxZd+2DqfqldWcJ\/uP\/ceE0gwSB7sufju+Ou\/tmWkLRzvFyBtO+ky9kbj5Lk5KBHB2Iw8kEPgFAMBAAEBFgMBADD1vChkZBoQ7JL0US4P8m+ntzIHU6Wo0YrvCmKRLKn0gkpxAE5NLpPezGJYavoceMs="} -00406{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1851,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":43639,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAoVpRAAC4GehZbj13ywKgB\/AG7x+fD3pw2Z7sPolAQAHuSHgAA"} -01420{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":47877,"pkt_caplen":802,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":802,"pkt_l4_len":768,"pkt":"UlQAWul3UlQA2EYhCABFAAMUVpVAAC4Gdylbj13ywKgB\/AG7x+fD3pw2Z7sPolAYAHsRlAAAFgMBADkCAAA1AwFSe3Mya1gXPjAm53azNqffVZKBFeKBDmPnY4w6w9WrzADAEwAADf8BAAEAAAsABAMAAQIWAwEB0AsAAcwAAckAAcYwggHCMIIBK6ADAgECAghNHmd17ZYxhDANBgkqhkiG9w0BAQUFADAkMSIwIAYDVQQDExl3d3cueGtnazdmZHgzNjJ5eXl4aWIuY29tMB4XDTEzMTAwMzAwMDAwMFoXDTEzMTExODIzNTk1OVowIzEhMB8GA1UEAxMYd3d3Lmc2Z2h2aXNldmYzaWJ1dTUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHZ8HsrDd3h3QHNwmeQmsZhanoLQrgAdOGeNpqPnN8EeEfWHfAhERw2P2X\/65ntH30P1+pO341gfmDPiVnWKrKbdemOhWc5+hwLlrFMBHRwZhKfLV209jv90DdPiH2IEACikyepIw6POeuekcFmqTOmoCEJTbNBSj+8LU10shZzwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAAld0vA63k+sJBP0ASZPfowRgyf+KO3kn9u3Vfn7j2WGuu25E+hu31LvqyGY8p7YDhLtCfkLQW1kVQfVdYZigxa2W4XZzHJjJYQrJ4F3JAYrDHIJCSkFotsj+MHGvK8RMtwgWN\/DmTm0H+ElopdeZ6A1Yuf68M1eu+xcwU2J0cvXFgMBAMsMAADHAwAXQQSv97\/ilH42iFMoakelVTbrRTFAZqGEhYWR4S3V07Pyvxs1FvawqYKlRiM9gWAzXMX3bH1mpgVzLKUzeldVvvMfAIBVo+FA8tVYJ+HmyEdPa4Bdq+fFwyKjkuUjQTrHZKNrhamWl\/lB\/Ebo5CHux4Al+fZgZ3+QV\/Qd226bY9RwWJMGz\/2mP\/I1NkneJVmd+dkjXIeap\/WZmuZpe7HnTO5Mr1\/5mFqkmCL0boxqqxqxKDf58gCY\/Dfggk9bCoIClc40qBYDAQAEDgAAAA=="} -01050{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1383822129897,"flow_last_seen":1383822130047,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":961,"flow_avg_l4_payload_len":160,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","issuerDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}} -00592{"flow_id":12,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1853,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":52242,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"UlQA2EYhUlQAWul3CABFAACuCJ5AAIAGdYbAqAH8W49d8sfnAbtnuw+iw96fIlAYAP2\/YgAAFgMBAEYQAABCQQTOrOIMUq8r6n1aKYiNs7U2FFNAVDNnCvPBG2\/LKMvoSWVofCBD3sAosTws5sK\/9czSs3fhclBVGnT2zMaH3JdCFAMBAAEBFgMBADAuL1gg35pDGio6a0sJwrrveSJC9yOSrYPI1ot\/w0ux0mAKfgjlBtwnXbCgD70pNiU="} -00489{"flow_id":11,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":87045,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"UlQAWul3UlQA2EYhCABFAABjoqtAADEGc\/fUU5v6wKgB\/AG7x+atYkBkG1cEvlAYAIO3AgAAFAMBAAEBFgMBADDfL2A9XXe6ItVkvPujf8ZlF9xDBUk6le1K6Q6vBc+xdpwWP5E1hcztjRUOvKJL2iM="} -00511{"flow_id":11,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1855,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":88305,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"UlQA2EYhUlQAWul3CABFAAByCJ9AAIAGvvTAqAH81FOb+sfmAbsbVwS+rWJAn1AYAP2ryQAAFwMBACDOqfI9\/1zpoMalpFDIOq\/+t2OKhFCF0\/8W1gJZQrk9KhcDAQAgdqvsCDJjPYM1XmS1wYHUGxKvFb4w\/k11fkDeEVu2xhM="} -00490{"flow_id":12,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1856,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":138877,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"UlQAWul3UlQA2EYhCABFAABjVpZAAC4Gedlbj13ywKgB\/AG7x+fD3p8iZ7sQKFAYAIMY5AAAFAMBAAEBFgMBADDWPPX7VChtt08EmUmyzO87isAFionW9SQNjfHMNzc+tALKFfoR\/TaNRvPxtsXneT0="} -00508{"flow_id":12,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":140688,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"UlQA2EYhUlQAWul3CABFAAByCKBAAIAGdcDAqAH8W49d8sfnAbtnuxAow96fXVAYAP2G4wAAFwMBACBarV674uFbInB3pTFcBueGFdmsyCgbEeRL6pX3lZqwThcDAQAgWKwRGPpguwkxnyPhKGzQTukNt2gLIny1JyRru0XDTa4="} -02385{"flow_id":11,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1858,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":166468,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"UlQAWul3UlQA2EYhCABFAAXcoqxAADEGbn3UU5v6wKgB\/AG7x+atYkCfG1cFCFAQAIO\/UQAAFwMBACBcn6j0jkUeV4l6rYK\/o2TYq7RU1gGbx+y+zvLjS+xr6BcDAQXgQkfMUBowSmUyYEN1UgVQ9RDqu99qk3qKgzwizGZUmczPEujEH2H3oUA5+tV6Q4n7yN3MOM6o++y+tpncCoU8rCq9aQgMP\/Lkb1S2Bq7BfNeP7W6enCedeC1dALeycobaMLyMAfREMh5jRwr44rp2DmXDU1Ddz1j\/n4inrZC5cnna7boxKQptPl6vkNkYRBOcpFR7VzkLCeEVXiPlUEdpaaIeJbjxRnKPBhq\/C5Yzeiuh9jo4zg8XPAs3EorVwxqpo8kKXPQB00JWdZ3kTlUhO9MEciEedryH9\/B14rbBg8TKkashFgq\/w9bVcApAKjYaJM\/OiKVWPSwRJgjtgteluYJMYamkh+Ad0Ivj2M+yflrYjGH9dTlbzY3V4iymNi0vMp87lTjlsBWcGgkIl3dOYn\/2gwifZBq9\/W\/1xFONTerVQmY30T6aS6kRQtw47maS6kEj5ti9hiMfrdpzh++NuTeifVYnsriDDwqj4\/nWTAjhUo1IJK96Af5\/dJrcaG67z64VXYKNMLYsEYsePjdeNnp3YLiQHaNQ59X6LX+G7paaWeiz1w2+jt4Hb9y3GoX+0emqgHomJASt94IxorDeJ16uMvHwfdmJitTswDnS35E3sbZ8qU5htPS59LGXOH1BLtBT8YCPNa5EwSl2kIbZ\/DZWPf2K+3mZk+rSBEUxJCrv8Yf8fleCEoSPT9Cs6R8uHTKKj20qpdysbC1xmBNpy2ffluRCRaFi34J1qfRJ0mqkdS+mNzoHeOf4fSLssW1IeLCM0ZZiGRhWCQbv+MU5HBJ7viqNwiqAUIokl6ge9cFyMBNYPgKveq8k\/WqtbGpZNF540jgZBPi5zr54yyRAEHJ820l8qCJufsdMnjLmE1xtvk97c43cwJPlNPai9wDefsVlwlFe5bYg8M6VkQtVhM7YxzbEdsf1fUl26BfMzbD+s6GOQCbxJ4\/cgsfJvxEvzZV7hsriM5g+XoXDTtcI04plkjPDR+pUrUtCyVFqG7qzbZGKqNh3rHtXcRVrnn+Lfqv\/EEzmNV5d3zqOEQPmQpv1+hTh3wyw\/Wd0AeW2y1xXR+ewQxSsz6J5B4VTWzg0Q6TOYbi1h8Qd5mwlNcuaCVAnfEQQ3nDI+IocN4vvEkGxqQpoXO4oejLNME7q9KbRqtIeAz+VApFxREwry3KSOqr4p9poEm0r+IfJF8itogrnEHKhnmuVQ84GsocI8iUW2GMWBxFwK7TsN+TF\/18lUz\/6WgJFTc0L7zlAeYlFXbIJG2UX2i2qLpmj4b9UWsQ9ObblraPgSE4Utd1QXyXyg77Fisl9uBJblWaoZC6+ueP1vRVUwAKa700ONXcA5tM6s1FRtw0GcAFlmHV3xFFXn5Vy68xLZFcIXGXkLAz4XTawfIECUBvGp+oACgroF9c+3lJHk7tm6n\/p9\/YRs2wq4E9sedW9+1B8VO1q7CjxeZnoMeUIuwjA14m1YfNdEtSF4Mb2tsHmLGB3dGhvLb40d9EPIBdpjN1onlBrIAGrJFA44kf0sZEX5BJcpzQs9cuzGY0urHRXexcq9puzvlX7BnoVNIIpelJSCFZGLkKiIrQeHzFIIQGXsxdMTZigzkE5eNNPgSdE5lueHaOIXHXQCyrH1s2jAcIDw07rBWsQwxuP7NXHfHBg8v74xic2TIQ+scJNki1VLy6MZnvPuJaxa7WQh6QM0HNdxtcEM205U2S67WZrTD6hFb4VsSiC5\/w1RNdhA+zQrnHdhE8OWNlB+Q905F6V0hpD+ae1LZoPyWpMeoxoxAxCXpVXTe+FNrtkVkG0l6ypJFmuSwaK0EaF0BHISfgco4fbPx4JYydjTLoshICtTT0lQiE5z0XEk2RAuICxXZ+3NrNZPJVAI6EICc60gsnkfLE1RsQ="} -00528{"flow_id":11,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1859,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":166787,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"UlQAWul3UlQA2EYhCABFAAB+oq1AADEGc9rUU5v6wKgB\/AG7x+atYkZTG1cFCFAYAINoGgAA3rVYxihbF8LRtZ6y\/IcR8KqhJKBv9vpV8uSkN2O44VCdviItQt55KTBPOlfgbNronl7jP7P516cHRLbeTLmLrG97gYF0YenprFkN4R3f95Q+XX0RCeQ="} -00415{"flow_id":11,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1860,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":167110,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCKFAAIAGvzzAqAH81FOb+sfmAbsbVwUIrWJGqVAQAQCd1QAAAAAAAAAA"} -01207{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1861,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":168859,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyCKJAAIAGvPHAqAH81FOb+sfmAbsbVwUIrWJGqVAYAQA78AAAFwMBACDfZpXGclgVa90fXp8HxZBiT6LHfj0Fm0ZyDLKG+XyWWhcDAQIgLnl4KVF+KgrZp86I2vq0DLD\/NOgoVPPUCK\/oAh4uZUVUExNqIU1Q4qs1tr2aP37RwD+76RcTykffhhBeG50Mg5sm8aG0194MBpm6cRuzjTZNbqHHyFSYZNH0c4ZU543EfnQMMg2QJN0uzk2dwc\/pX3d+3W4+tfxaKfuik15HA5W20ndmqHOFE\/5g6pgi7bBh3ut+ziPnrKE1MYN7tcHpT9\/iKpntqYGVqBDD5eb4FQhP7qOhlWTiv8ULHK9joY42zciRe6O4NsQHUF2kVqyg7lUBvEAh1wOJQ69j7184R+E6thc1nGVoQm1BaL2y8PkNI54jIZn+O0l\/TOlKMYtSnXlKzk8tNYvK1xo12cuAcupthKmcJ9+DxHVLiIuEAG40UgO8rl7d2p3buVh5Qw2N+Ku8eJBjq6f8PQ3L8hGA0QDCTS1GInRIk\/UqI+umx\/y4E38DjiozvJXnacJcKosVOA2Pu3AiGepVO7Dn43Wf692lFWBuQPQFinv7l5z4Hb5BLYq8EiaJ8m8bkoA4H37nae1FTMEsVQqT5D0MsWSdDAFcC6DOw8o4jNhUGzGMlb\/Bdha+2FgyMVuOTxhhp8eyPScsyZNIcoscJ8EC691brP\/lIG9Cohm9WLT9mq0ZROLqCkPlHbla7uDWTAuxiSiY0z44fIG8x7f1Vii8H\/b9PzOyhBB0hLKsJFEzxc8UBncwgvcJm9LiTU\/ejHwy\/UgKGg=="} +00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1383822129889,"flow_last_seen":1383822129889,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00421{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":889928,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CJdAAIAGvzrAqAH81FOb+sfmAbsbVwNmAAAAAIACIAAzvwAAAgQFtAEDAwgBAQQC"} +00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1841,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1383822129897,"flow_last_seen":1383822129897,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00421{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1841,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":897135,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CJhAAIAGdgbAqAH8W49d8sfnAbtnuw7MAAAAAIACIACSwAAAAgQFtAEDAwgBAQQC"} +00422{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1842,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":949318,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGFtLUU5v6wKgB\/AG7x+atYj18G1cDZ4ASOQgvyAAAAgQFtAEBBAIBAwMH"} +00413{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1843,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":951535,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCJlAAIAGv0TAqAH81FOb+sfmAbsbVwNnrWI9fVAQAQCoogAAAAAAAAAA"} +00422{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1844,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":961527,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x+fD3pw1Z7sOzYASOQgZlAAAAgQFtAEBBAIBAwMH"} +00413{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1845,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":962943,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCJpAAIAGdhDAqAH8W49d8sfnAbtnuw7Nw96cNlAQAQCSbgAAAAAAAAAA"} +00692{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1846,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":965354,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"pkt":"UlQA2EYhUlQAWul3CABFAAD5CJtAAIAGvnHAqAH81FOb+sfmAbsbVwNnrWI9fVAYAQBc+gAAFgMBAMwBAADIAwFSe4E3FMYInxr2a\/LGdBo7iY6X3woxpwwwB2E4X+3g5wAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAFcAAAATABEAAA53d3cudDNpM3J1LmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} +00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1846,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1383822129889,"flow_last_seen":1383822129965,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00696{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":972457,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"pkt":"UlQA2EYhUlQAWul3CABFAAD9CJxAAIAGdTnAqAH8W49d8sfnAbtnuw7Nw96cNlAYAQCN\/AAAFgMBANABAADMAwFSe4E3htlD0jNwndR+1ou7jED0jjAcq7bR5WAiBXnUvwAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAFsAAAAXABUAABJ3d3cuZ2Z1N2hieHBmcC5jb20ACwAEAwABAgAKADQAMgABAAIAAwAEAAUABgAHAAgACQAKAAsADAANAA4ADwAQABEAEgATABQAFQAWABcAGAAZ"} +00838{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1383822129897,"flow_last_seen":1383822129972,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00405{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1848,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":21438,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAooqlAADEGdDTUU5v6wKgB\/AG7x+atYj19G1cEOFAQAHuoVgAA"} +01411{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":23500,"pkt_caplen":797,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":797,"pkt_l4_len":763,"pkt":"UlQAWul3UlQA2EYhCABFAAMPoqpAADEGcUzUU5v6wKgB\/AG7x+atYj19G1cEOFAYAHuyMAAAFgMBADkCAAA1AwFSe3L53X2pEnJ+sMNK7yLUj\/W6pO2+NRex4VwJn0DBEwDAEwAADf8BAAEAAAsABAMAAQIWAwEBywsAAccAAcQAAcEwggG9MIIBJqADAgECAgggWXsb82yVFTANBgkqhkiG9w0BAQUFADAhMR8wHQYDVQQDExZ3d3cud29oZ3BhczQ1ajZ1Y3cuY29tMB4XDTEzMDkxMTAwMDAwMFoXDTEzMTEyNDIzNTk1OVowITEfMB0GA1UEAxMWd3d3LjdkNDNhaDJraWtyYWJqLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyklKQGQkcctz93HgInj2t1gLlEeTreYlTjt5cVuEnkRhvnpxBBhUZcDOSffaAx9+S0RFFDudqL8\/TeDZIwrCCOxcwFVb+zUytTfEc8ly5MA1G7S5d2I\/x5yvg04rZJRI9\/q5ks8spXJHHzSyzwoRTx50l96ITtI3yPQNeVSHVUcCAwEAATANBgkqhkiG9w0BAQUFAAOBgQC38KFCTBghhDrxpOEFUDAKZE4bCRug43WMb6jvNo\/BPXQ48wsYWM\/S+47KwCPqXVUNCDyMF+wvJ2aRBnR37D+\/ayO\/p7RlBCVwDONA9IZk20eslgIepjkM58HbyrjYv5PJpyqgB0BsDzJJ400K0\/0xL29Q2pOCbmf5\/QOa\/soHuhYDAQDLDAAAxwMAF0EEqppowQXXYJtKnNsDr3CjDoKRPdSy8GzPWFf2pW59bta1CDBd2K0DAFHTa+02CMVDmRNatXtDgujISj+n9Smk7QCAb3zAMJEE0ZhtRVfh24BgLQXvLqOzphBWw67izOerVVz4biNemHUEOkNwxD+9oynPQgMUOQR3MDvw5YUW7GSS7yczMzYXquDqWDrOY8Ns7gaPrsQ1YbSUTuO7mrfNLqHYD1sSjpyqfIn2S3zLLZ7+opf6vOO4LybO3Wf9JdFNFCsWAwEABA4AAAA="} +00963{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1383822129889,"flow_last_seen":1383822130023,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":743,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.wohgpas45j6ucw.com","issuerDN":"CN=www.7d43ah2kikrabj.net","fingerprint":"F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B"}} +00590{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1850,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":28263,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"UlQA2EYhUlQAWul3CABFAACuCJ1AAIAGvrrAqAH81FOb+sfmAbsbVwQ4rWJAZFAYAP37zgAAFgMBAEYQAABCQQQirs+7bZ92YZQcxZd+2DqfqldWcJ\/uP\/ceE0gwSB7sufju+Ou\/tmWkLRzvFyBtO+ky9kbj5Lk5KBHB2Iw8kEPgFAMBAAEBFgMBADD1vChkZBoQ7JL0US4P8m+ntzIHU6Wo0YrvCmKRLKn0gkpxAE5NLpPezGJYavoceMs="} +00405{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1851,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":43639,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAoVpRAAC4GehZbj13ywKgB\/AG7x+fD3pw2Z7sPolAQAHuSHgAA"} +01419{"flow_id":9,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":47877,"pkt_caplen":802,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":802,"pkt_l4_len":768,"pkt":"UlQAWul3UlQA2EYhCABFAAMUVpVAAC4Gdylbj13ywKgB\/AG7x+fD3pw2Z7sPolAYAHsRlAAAFgMBADkCAAA1AwFSe3Mya1gXPjAm53azNqffVZKBFeKBDmPnY4w6w9WrzADAEwAADf8BAAEAAAsABAMAAQIWAwEB0AsAAcwAAckAAcYwggHCMIIBK6ADAgECAghNHmd17ZYxhDANBgkqhkiG9w0BAQUFADAkMSIwIAYDVQQDExl3d3cueGtnazdmZHgzNjJ5eXl4aWIuY29tMB4XDTEzMTAwMzAwMDAwMFoXDTEzMTExODIzNTk1OVowIzEhMB8GA1UEAxMYd3d3Lmc2Z2h2aXNldmYzaWJ1dTUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHZ8HsrDd3h3QHNwmeQmsZhanoLQrgAdOGeNpqPnN8EeEfWHfAhERw2P2X\/65ntH30P1+pO341gfmDPiVnWKrKbdemOhWc5+hwLlrFMBHRwZhKfLV209jv90DdPiH2IEACikyepIw6POeuekcFmqTOmoCEJTbNBSj+8LU10shZzwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAAld0vA63k+sJBP0ASZPfowRgyf+KO3kn9u3Vfn7j2WGuu25E+hu31LvqyGY8p7YDhLtCfkLQW1kVQfVdYZigxa2W4XZzHJjJYQrJ4F3JAYrDHIJCSkFotsj+MHGvK8RMtwgWN\/DmTm0H+ElopdeZ6A1Yuf68M1eu+xcwU2J0cvXFgMBAMsMAADHAwAXQQSv97\/ilH42iFMoakelVTbrRTFAZqGEhYWR4S3V07Pyvxs1FvawqYKlRiM9gWAzXMX3bH1mpgVzLKUzeldVvvMfAIBVo+FA8tVYJ+HmyEdPa4Bdq+fFwyKjkuUjQTrHZKNrhamWl\/lB\/Ebo5CHux4Al+fZgZ3+QV\/Qd226bY9RwWJMGz\/2mP\/I1NkneJVmd+dkjXIeap\/WZmuZpe7HnTO5Mr1\/5mFqkmCL0boxqqxqxKDf58gCY\/Dfggk9bCoIClc40qBYDAQAEDgAAAA=="} +01049{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":6,"flow_first_seen":1383822129897,"flow_last_seen":1383822130047,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":961,"flow_avg_l4_payload_len":160,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","issuerDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}} +00591{"flow_id":9,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1853,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":52242,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"UlQA2EYhUlQAWul3CABFAACuCJ5AAIAGdYbAqAH8W49d8sfnAbtnuw+iw96fIlAYAP2\/YgAAFgMBAEYQAABCQQTOrOIMUq8r6n1aKYiNs7U2FFNAVDNnCvPBG2\/LKMvoSWVofCBD3sAosTws5sK\/9czSs3fhclBVGnT2zMaH3JdCFAMBAAEBFgMBADAuL1gg35pDGio6a0sJwrrveSJC9yOSrYPI1ot\/w0ux0mAKfgjlBtwnXbCgD70pNiU="} +00488{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":87045,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"UlQAWul3UlQA2EYhCABFAABjoqtAADEGc\/fUU5v6wKgB\/AG7x+atYkBkG1cEvlAYAIO3AgAAFAMBAAEBFgMBADDfL2A9XXe6ItVkvPujf8ZlF9xDBUk6le1K6Q6vBc+xdpwWP5E1hcztjRUOvKJL2iM="} +00510{"flow_id":8,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1855,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":88305,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"UlQA2EYhUlQAWul3CABFAAByCJ9AAIAGvvTAqAH81FOb+sfmAbsbVwS+rWJAn1AYAP2ryQAAFwMBACDOqfI9\/1zpoMalpFDIOq\/+t2OKhFCF0\/8W1gJZQrk9KhcDAQAgdqvsCDJjPYM1XmS1wYHUGxKvFb4w\/k11fkDeEVu2xhM="} +00489{"flow_id":9,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1856,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":138877,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"UlQAWul3UlQA2EYhCABFAABjVpZAAC4Gedlbj13ywKgB\/AG7x+fD3p8iZ7sQKFAYAIMY5AAAFAMBAAEBFgMBADDWPPX7VChtt08EmUmyzO87isAFionW9SQNjfHMNzc+tALKFfoR\/TaNRvPxtsXneT0="} +00507{"flow_id":9,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":140688,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"UlQA2EYhUlQAWul3CABFAAByCKBAAIAGdcDAqAH8W49d8sfnAbtnuxAow96fXVAYAP2G4wAAFwMBACBarV674uFbInB3pTFcBueGFdmsyCgbEeRL6pX3lZqwThcDAQAgWKwRGPpguwkxnyPhKGzQTukNt2gLIny1JyRru0XDTa4="} +02384{"flow_id":8,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1858,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":166468,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"UlQAWul3UlQA2EYhCABFAAXcoqxAADEGbn3UU5v6wKgB\/AG7x+atYkCfG1cFCFAQAIO\/UQAAFwMBACBcn6j0jkUeV4l6rYK\/o2TYq7RU1gGbx+y+zvLjS+xr6BcDAQXgQkfMUBowSmUyYEN1UgVQ9RDqu99qk3qKgzwizGZUmczPEujEH2H3oUA5+tV6Q4n7yN3MOM6o++y+tpncCoU8rCq9aQgMP\/Lkb1S2Bq7BfNeP7W6enCedeC1dALeycobaMLyMAfREMh5jRwr44rp2DmXDU1Ddz1j\/n4inrZC5cnna7boxKQptPl6vkNkYRBOcpFR7VzkLCeEVXiPlUEdpaaIeJbjxRnKPBhq\/C5Yzeiuh9jo4zg8XPAs3EorVwxqpo8kKXPQB00JWdZ3kTlUhO9MEciEedryH9\/B14rbBg8TKkashFgq\/w9bVcApAKjYaJM\/OiKVWPSwRJgjtgteluYJMYamkh+Ad0Ivj2M+yflrYjGH9dTlbzY3V4iymNi0vMp87lTjlsBWcGgkIl3dOYn\/2gwifZBq9\/W\/1xFONTerVQmY30T6aS6kRQtw47maS6kEj5ti9hiMfrdpzh++NuTeifVYnsriDDwqj4\/nWTAjhUo1IJK96Af5\/dJrcaG67z64VXYKNMLYsEYsePjdeNnp3YLiQHaNQ59X6LX+G7paaWeiz1w2+jt4Hb9y3GoX+0emqgHomJASt94IxorDeJ16uMvHwfdmJitTswDnS35E3sbZ8qU5htPS59LGXOH1BLtBT8YCPNa5EwSl2kIbZ\/DZWPf2K+3mZk+rSBEUxJCrv8Yf8fleCEoSPT9Cs6R8uHTKKj20qpdysbC1xmBNpy2ffluRCRaFi34J1qfRJ0mqkdS+mNzoHeOf4fSLssW1IeLCM0ZZiGRhWCQbv+MU5HBJ7viqNwiqAUIokl6ge9cFyMBNYPgKveq8k\/WqtbGpZNF540jgZBPi5zr54yyRAEHJ820l8qCJufsdMnjLmE1xtvk97c43cwJPlNPai9wDefsVlwlFe5bYg8M6VkQtVhM7YxzbEdsf1fUl26BfMzbD+s6GOQCbxJ4\/cgsfJvxEvzZV7hsriM5g+XoXDTtcI04plkjPDR+pUrUtCyVFqG7qzbZGKqNh3rHtXcRVrnn+Lfqv\/EEzmNV5d3zqOEQPmQpv1+hTh3wyw\/Wd0AeW2y1xXR+ewQxSsz6J5B4VTWzg0Q6TOYbi1h8Qd5mwlNcuaCVAnfEQQ3nDI+IocN4vvEkGxqQpoXO4oejLNME7q9KbRqtIeAz+VApFxREwry3KSOqr4p9poEm0r+IfJF8itogrnEHKhnmuVQ84GsocI8iUW2GMWBxFwK7TsN+TF\/18lUz\/6WgJFTc0L7zlAeYlFXbIJG2UX2i2qLpmj4b9UWsQ9ObblraPgSE4Utd1QXyXyg77Fisl9uBJblWaoZC6+ueP1vRVUwAKa700ONXcA5tM6s1FRtw0GcAFlmHV3xFFXn5Vy68xLZFcIXGXkLAz4XTawfIECUBvGp+oACgroF9c+3lJHk7tm6n\/p9\/YRs2wq4E9sedW9+1B8VO1q7CjxeZnoMeUIuwjA14m1YfNdEtSF4Mb2tsHmLGB3dGhvLb40d9EPIBdpjN1onlBrIAGrJFA44kf0sZEX5BJcpzQs9cuzGY0urHRXexcq9puzvlX7BnoVNIIpelJSCFZGLkKiIrQeHzFIIQGXsxdMTZigzkE5eNNPgSdE5lueHaOIXHXQCyrH1s2jAcIDw07rBWsQwxuP7NXHfHBg8v74xic2TIQ+scJNki1VLy6MZnvPuJaxa7WQh6QM0HNdxtcEM205U2S67WZrTD6hFb4VsSiC5\/w1RNdhA+zQrnHdhE8OWNlB+Q905F6V0hpD+ae1LZoPyWpMeoxoxAxCXpVXTe+FNrtkVkG0l6ypJFmuSwaK0EaF0BHISfgco4fbPx4JYydjTLoshICtTT0lQiE5z0XEk2RAuICxXZ+3NrNZPJVAI6EICc60gsnkfLE1RsQ="} +00527{"flow_id":8,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1859,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":166787,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"UlQAWul3UlQA2EYhCABFAAB+oq1AADEGc9rUU5v6wKgB\/AG7x+atYkZTG1cFCFAYAINoGgAA3rVYxihbF8LRtZ6y\/IcR8KqhJKBv9vpV8uSkN2O44VCdviItQt55KTBPOlfgbNronl7jP7P516cHRLbeTLmLrG97gYF0YenprFkN4R3f95Q+XX0RCeQ="} +00414{"flow_id":8,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1860,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":167110,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCKFAAIAGvzzAqAH81FOb+sfmAbsbVwUIrWJGqVAQAQCd1QAAAAAAAAAA"} +01206{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1861,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":168859,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyCKJAAIAGvPHAqAH81FOb+sfmAbsbVwUIrWJGqVAYAQA78AAAFwMBACDfZpXGclgVa90fXp8HxZBiT6LHfj0Fm0ZyDLKG+XyWWhcDAQIgLnl4KVF+KgrZp86I2vq0DLD\/NOgoVPPUCK\/oAh4uZUVUExNqIU1Q4qs1tr2aP37RwD+76RcTykffhhBeG50Mg5sm8aG0194MBpm6cRuzjTZNbqHHyFSYZNH0c4ZU543EfnQMMg2QJN0uzk2dwc\/pX3d+3W4+tfxaKfuik15HA5W20ndmqHOFE\/5g6pgi7bBh3ut+ziPnrKE1MYN7tcHpT9\/iKpntqYGVqBDD5eb4FQhP7qOhlWTiv8ULHK9joY42zciRe6O4NsQHUF2kVqyg7lUBvEAh1wOJQ69j7184R+E6thc1nGVoQm1BaL2y8PkNI54jIZn+O0l\/TOlKMYtSnXlKzk8tNYvK1xo12cuAcupthKmcJ9+DxHVLiIuEAG40UgO8rl7d2p3buVh5Qw2N+Ku8eJBjq6f8PQ3L8hGA0QDCTS1GInRIk\/UqI+umx\/y4E38DjiozvJXnacJcKosVOA2Pu3AiGepVO7Dn43Wf692lFWBuQPQFinv7l5z4Hb5BLYq8EiaJ8m8bkoA4H37nae1FTMEsVQqT5D0MsWSdDAFcC6DOw8o4jNhUGzGMlb\/Bdha+2FgyMVuOTxhhp8eyPScsyZNIcoscJ8EC691brP\/lIG9Cohm9WLT9mq0ZROLqCkPlHbla7uDWTAuxiSiY0z44fIG8x7f1Vii8H\/b9PzOyhBB0hLKsJFEzxc8UBncwgvcJm9LiTU\/ejHwy\/UgKGg=="} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":216146,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","type":38} -02395{"flow_id":12,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1863,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":218445,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"UlQAWul3UlQA2EYhCABFAAXcVpdAAC4GdF9bj13ywKgB\/AG7x+fD3p9dZ7sQclAQAIMKCgAAFwMBACAuXJ80nCn\/8cVYdADi9lYIiv4DzI2PZ5wkRrgqwR8MohcDAQXwnMJEXwIOPH2XX57DF1XIpBrpAMRbbYCqRfYnaCkQoJiSuv0Qe17RjI1lfeUF9kF7yMTz5uqsFzxzhDoFe20EuvoOsp\/O31oxXC9rYyLvKCJqHd6ae\/PACsuS07uEW+1JccM7z6MkizDRHdsHDWF0ibNqeByUW+t9SmL5IsfE8r0CghDoYVklQQUhXBHTDhANS5BAe2cXZVNZL7s\/nKIQ4cIcoyqIOZf9inT+0ReIgFZLfnx9GVCj2Lalv\/C7eKgOQyGd1r0WnTGkFhLUBIRVbLo\/4M\/Mt10n8MmXf\/nrzQKJLXllxOoBbAgshC8CJUKAQFVslprJoEXykU+UN\/qGAx0blse8BMZt1tuzIJAbat+P4j+LJwXDpEMLPNEf\/tSQfa5BEEP7JGoxISF43TaFmlCkAY8PjGyjGNyDoyQmgdZvLBBlMzzDcjrCWbp4AAHahLfD7P0PZpjEFvK6GzkkjDLgfd5j38MwONq1RwuNdjM\/TaHEAgQra2pQGGcDScxUv50X9iB6umTmzqeBTl7\/NeATB9zU87GbgRz2BVONAjc\/iAh9M8XDaIwZbbvPjUaV3OtxKmxRQPPqasmUe1RAuw8sLTRN0SyaRuYceonrJ4vdg\/VC5t2Z45axwJtk63sfBUCDp892PIkhGI8sUWmLAO0EQVSv5HIMw7lOaJtJgKsBmzaaQLIiP8hJkDjHJuFuNitRTHoQ6ObXQQvBJhbf2dZAvpCPGfWHg8vCS3K0tKOB04vV9SjvvFFC443IcRqQOQKvExoHW5RnAKGjXnAAxJkdcsFtos4TY+uF1oa\/jX\/6FUILnmHP8AASkzVy\/38evNX469aDL1iGhJ8X0DyphEVXoo25cfyfmaeGrOl7AbGoppjty9QIwGqwhvg4U1iYPifIa\/uZivnqvkVBJpshL6yyuZ6u2aHLEX8b78le6+sA1d9+OQdR66DMCr3C5VPsaqSAngjGh+v+srcKwcv+\/cvxDoC4PY1RYIizmZFZyqvaGXvUBAku8TywXbYaR5Nobn4yrOVNjZqs1Sh3z3J8D7OqCG2yi8CwXJv2MzMQS6NtWAkB66qR\/QNMhE0N+rU0xhhaGi1EhuuPVdPAbvaCs6OGVFzP2kjb51uiAqKkZlNMKQheYiCXWYiWYbwJUAqdKT0Bbu5oErwSftYCv1qKxLpC2qUUhlFbq9TAI\/SceXmdwq8ycIM+CclZosxOAdpHNvKtOnx9HHR\/aAKbJE2qkmi9IlRtlNSz3rxrc0LJesj0shC9flrB1MdtKdt8s9sO2mq3xerMKZ8Uv5GOcCaJo9LWa\/hMG3MVJ4eDlM6BYxuoQGtWJo6\/0kHeSxXo2Db55HCtryRcx5bCTMxmoDVbXBzixCy7hHZu1St2BlkvwozEZm6eEzlHgq3xv4WcEAaLEJf0KmFGJ+AwBKNAHT3uardpMHljGfCXRtQB4CcQRq2fBe044tlVGwgxyaUdSGN2V5yVbez+K6RXN0U\/RMyqTGbqzapvUMBdhIsXx+orweE3\/t9bH82Kb2pzeZFu67W\/0sHv0j2D209XfBBmKsEnVpvnfoHdRK\/PkcBGIU4ZKPApflJkD6EX9zR6nEAEcs3ciIXolofC9OU6+gHXdn2lzdwmWlM+LgijhOOEj232GCFfHdfriqkuq86T1tdRtks9QHBwD7ltflVcD\/4A1EDuydqHFUP95xALdP2\/wwUkKUxETjGT5EySfpY01XUSHWfcQKR6f1rLH2yExJTG6VWEUz9Hn+GS4XZAF0ANhTF\/Jhhzjc2kajV0xElCnJPSqJ805bdwoiGjumJ2kTK4hkTyl+keoE6OkN+RO1UrFcfJkTy6w2sZGgHaKSZdJVpokFeZGBMUyZwv4\/thO++FH\/1ZhnuvSn1pNBq0XGQ="} -00548{"flow_id":12,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1864,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":218591,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"UlQAWul3UlQA2EYhCABFAACOVphAAC4Geaxbj13ywKgB\/AG7x+fD3qURZ7sQclAYAIMMCQAAkTLs5DyotF2bx+ngCG4gXdgKUSvNexOGfi782LqvLHWdIhufdgogTQK6cUso\/PYhSv0yGYSLO1Gv14bD0kpYtxpGVUywRJtPWHZigJIrXsQA3bErimLkXxSBc1Os3F8LjXcSBrYe"} -00415{"flow_id":12,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1865,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":218874,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCKNAAIAGdgfAqAH8W49d8sfnAbtnuxByw96ld1AQAQCHiAAAAAAAAAAA"} -01211{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1866,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":219799,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyCKRAAIAGc7zAqAH8W49d8sfnAbtnuxByw96ld1AYAQAg7AAAFwMBACD\/PxVnKTJDf0u98kfy\/GwOwKrRjxW6WWVZK3+fdkEb\/xcDAQIg2paFoPNFm3AShdp\/iFzkK6e6+gmum0SmxqWOFbRoYsyAYvgK5zBB0dCRJ3wWaYnWODl\/MvTBP5g31zbkm6bZAIKetsnCCM\/12FHdJZIkZJTt3J2HXZwnAl8OCzKrbK+c3u9rXRluMyAVbp739+jeE8G9H0XZwMcpeIoOhlRhArzNkBO8W+2PEt9JrohmCpPNaiIu2eK2V+aHl6Za\/TZVuMWQDDj3\/+jONcZrFcZQvUT4QlnrJNem1GkhfMLB5Bgr+FQeNJj7\/1H8KgE3zIz67sBTF1jSyNkBv3ytT8j8EEURN02tlmnwl60JMQL4Xf2rKjoT7eg3m9zHNsFoZmQ0l56qI+RVI\/73B5EAl2nKVytryxLAVgK48XHlCWBmQvPvwpAzPSHL\/a+R3uKkcNOG0gltp95xLSGzXh2VukHaTM+vlKKgWqkaLXpP9qBJx5EdKomJZJNaCEh5B8o9fk6b53tncDZLkGDOD9P0GJ4RttmLSLNBkR4VEaDBSSFyTk1B8l\/mfdMXKvr4Su89gz6KHGVgsHfxm9HMkpvlxLqSPFZZ1HAxNKGVpw5sCwzkyNyTpKHgbwKxMfTxOpfKpMMZMJYSVczqJM03L5\/6Owj0If\/IXit8Ocli1x3roaoMsskgI2PFo+oduNIzuzPI\/\/VjFMO4nHDLqx0xUhUFvJQ7CMdYOx1u6m9DuBJBotWUzjOWKf4Ig7ALSn\/gjkotSr05ew=="} -00410{"flow_id":11,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1867,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":265125,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAooq5AADEGdC\/UU5v6wKgB\/AG7x+atYkapG1cHUlAQAIyb\/wAA"} -01204{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1868,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":265485,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyCKVAAIAGvO7AqAH81FOb+sfmAbsbVwdSrWJGqVAYAQC4GwAAFwMBACDFSvr+d\/a8SxY\/MRGL7d7bbuedWRMGsboWG\/MyOHFANxcDAQIgpjhLHHmpnkUvTkzSmmX06lIrigiP6O2YGeNrjBqcUKAg0V5n04hnKawS4oV3ArwURsxbSqTy7nYCs5KiFnKnwi730wK5bay5XMFaFmjdjmKYZSW64Y0QNegmAn8DqakiaeHV87kzGgz3L9ox61bWiC7ouRVLhzhTBTst37kLzy4TNJ0GnKImOj5PufZsdM+oCGA2mvANTfeJutkC6ZMcW98j+pnuFaSHZzEegAuoGbIri50vuCfmrI2ykVCIM9NHhe9ybbly8c3tpXnB7ABcxCwT9cacO8yaW32GDXf0T2TNHRQBR8ftn3ArezELLiB+r\/QDebccDRa2eZtwv2TQLf+BNxJIfC26FMUwNp\/bjbZ2ljD5pQMxBFWet2NCvrAp+ghJEuezGbgv6C5rt8UW64fKEqFi5BkU51c8Olr31vNS6W7u39ITzaSwxhpbi68BFr3Rgd\/GyFPAVUVRnYWjC3W5C6vQVoV7Aby3obieH9X+LnXS6ZQbtgqerkwfF8KrGQotnTRdzUKW4z9tkcE0UuVe7uIeuC9HJsmkSSo3J519HAgZFVRecMir2db0k+I5GUB0IixS\/iYrCMdQWisoKFLfUljPOUI5aqKo36qAQO14+eb9abwMSo3q9Ox\/s+P\/TpXIDhzGRU3esXRnHYI+TtA6jgEY\/nm1hg0DjrFdYHYoOUETQ2zqC1kbLLgkWACGgfOjypLmJyMKImn7bnn9Kg=="} -00408{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1872,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":328617,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAoVplAAC4GehFbj13ywKgB\/AG7x+fD3qV3Z7sSvFAQAIyFsgAA"} -01210{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1873,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":329179,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyCKdAAIAGc7nAqAH8W49d8sfnAbtnuxK8w96ld1AYAQCeOAAAFwMBACAz5YAEXPD9Qp6lyJHqu1BSVaHO73GRNQm8Htgf0+c9mxcDAQIggGSqd7QMnsJ4kHJMLOklbVLNgwUP\/EkZy7W3NwFozzCote80AtSk7sn6fxe8acuFRFCQKIbQM5JkKbLFJdsaVBQIS8KJ3mJqEcN17ES7yv5X7kmwtAY0Oj+Qn\/O4MiKZiIbqCXUuIXBs30w6k5i1XKkR\/YjI1yzaosB78mCP1N+MitRHHOzKJ9BIN4RckCB0ahIg+SW3srzVgs\/hUNP4hLSwA9r1bn6Wx+XHvuNF74KSSRthK+UB\/PbjZmI13OCt6kBCakhFRLo4xd1Znv2Pfbt7FqyHdLdHCBcsGD5Uvdtw8qWMKPEXLk4NoW11tQXMBdwCgl\/xGuIkXESj2qcd+a6G\/U6B0dEP6RlAAX7I5nDrY50PtBQ94gZLzKB2qfFxI3h0QACydQDa1E2U\/DYgZWjvoy4r8eOXazr+Kwq8DkGePJs8qqu1PjYknNmPq\/hHKHLKZUAJ1IBCeVI4vX+BTiiooRLb09iC6svjWG00Y\/b+8hUWDkM60gjsOfnXmKe2Gmtai4EAK1BhjnT\/RDUesrNd1VdrsxdUqjj8s3SAUTlKeqcxkD3BLawtjcU5vI\/ChZmMJyoWadYf6Jq7tFuHIfLRmpSVDM39OBv8K4ikJC\/r5Tb12+qassYZfOLPbD\/SvIb+tyWIo\/\/o3GZf3Ucp04R7Pi0FoX8Ifpgv2ENVeAXzErpm7zVYy8TvEmUz3OuTxmPK6l0aAG8fU4fQnhW+nQ=="} -00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1383822130889,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00422{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":889737,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CK1AAIAGwljAqAH8JuVGNcfoAbv0twffAAAAAIACIABZFwAAAgQFtAEDAwgBAQQC"} -00423{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":33681,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x+hg0\/cE9LcH4IASOQjoIwAAAgQFtAEBBAIBAwMK"} -00413{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1892,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":34064,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCK9AAIAGwmLAqAH8JuVGNcfoAbv0twfgYNP3BVAQAQBhAQAAAAAAAAAA"} -00692{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":34778,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"UlQA2EYhUlQAWul3CABFAAD6CLBAAIAGwY\/AqAH8JuVGNcfoAbv0twfgYNP3BVAYAQATzQAAFgMBAM0BAADJAwFSe4E45UNCHF+9nmoqAUUyRuC4BvKCHcuaRNsIL6pQWAAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAFgAAAAUABIAAA93d3cuam10czJpZC5jb20ACwAEAwABAgAKADQAMgABAAIAAwAEAAUABgAHAAgACQAKAAsADAANAA4ADwAQABEAEgATABQAFQAWABcAGAAZ"} -00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1383822130889,"flow_last_seen":1383822131034,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00408{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1894,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":183159,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAogW9AADQGlaIm5UY1wKgB\/AG7x+hg0\/cF9LcIslAQABBhHwAA"} -01663{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":220406,"pkt_caplen":983,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":983,"pkt_l4_len":949,"pkt":"UlQAWul3UlQA2EYhCABFAAPJgXBAADQGkgAm5UY1wKgB\/AG7x+hg0\/cF9LcIslAYABCPDQAAFgMBADECAAAtAwFSe3MzJnpApPNpEflNBeQT+wMfGN8EfVfDfSCJ1CHhSgAAOQAABf8BAAEAFgMBAcsLAAHHAAHEAAHBMIIBvTCCASagAwIBAgIIQu7SDsoDvGgwDQYJKoZIhvcNAQEFBQAwITEfMB0GA1UEAxMWd3d3LmdnNTYyaXpjeGR2cWRrLmNvbTAeFw0xMzA5MTUwMDAwMDBaFw0xNDAyMjEyMzU5NTlaMCExHzAdBgNVBAMTFnd3dy5mY3N5dm5sZW13eHY1cC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJQ5+9Jafzi9QKeOG1kHDMDsvWpuxkXpeqU5V0auc99fup3dK8JdNTGzu3St2C7rtsHg\/aOI\/RD9LBPI3jkM\/bU0HyaJ3ATnGMkGr5BqkEX3ztOgHRZwu+TnTmi+fZZYOYr6X\/P1TAaEG\/JhZstA4GTErKlTy7h8CUyjLfJJOEhDAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAczayP3BW1GC9VJrrjJIooGh9+Wn4OGeizzpTmcCFI8IoeRhpPTIKqepFXqDaxPlMKybjBOaBnrwjugwfJouvDQ5AWM8LmNJinE97MZJTCtJdki6wMXqQ\/ENtzXqVsU9szKRr4KBKbjpnMQxheyATYof7q025Meevj610uNi4SCIWAwEBjQwAAYkAgNZ95EDLu9wZNtaT00r9CtUMhNI5pF9SC7iBdMuYvOlRhJ+RLmOccvsTtLTXF34W1VrBebpCCyop\/jJKRnpjXoH\/WQE3e+3c\/TMWikYarTty2uiGAHgEWwen28p4dAh9FRDqn8yd3TMFB91i24iuqnR94PTW4r1osOc5Pg8kIY6zAAECAICTjLv4dzbQkY4v+6c0tODTLPLUqpNj9udRk8Y5oVDxQec9DISv\/Q0OumZb9e9ll5wRwIEXxwVEOFM8Zk7VR4yvxN9ykEmlw9419WCYJtUgx5zCtQLvohpLrdz+KVdNF7f8BvF9kFE63nikb7K7Z17dZMj\/1ql3DTeHgdk9yw81yACAjddiRyq9Wcm6MZOMF0YAyjYY2sKmLvYg01bPUt\/KNhSxOpXIEHegbPMrbIHKvNT+7w8eAmj4pYQmubnfUL+Uj1iDQbNgSR2mn642+8mQSG60moMsBVPLLA9EvmzLv1gcuBhCiJcGvwEu1dlI9t0c613woXTslAdeYNWIZ8noJgsWAwEABA4AAAA="} -00962{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1383822130889,"flow_last_seen":1383822131220,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1139,"flow_avg_l4_payload_len":189,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","issuerDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}} -00679{"flow_id":13,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1897,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":230750,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"pkt":"UlQA2EYhUlQAWul3CABFAADuCLJAAIAGwZnAqAH8JuVGNcfoAbv0twiyYNP6plAYAP1iWwAAFgMBAIYQAACCAIC489sTVZq\/GrKwFJ77i9pUjo8mUMWtC+3TfOvVv3\/lZeMgGHHRgTuax8BoSKz6hvfA1XyfqMyXXhhXL\/hmqpwL9+xMKjSKeC1\/nBFQNGi1R9BX0jpaOpJQL\/tEkXCPrXGMaMRX6FbhYcsf0y1KKo8nlIUSjgfqR7Uu68BU+P0kTBQDAQABARYDAQAwR5He0W0\/mJ2cp4A+CQ7sLCv+qfOQ89lzDZTa6EzlNuKFpcImS+UZUc6RvdwtbKaR"} -00490{"flow_id":13,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1898,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":384005,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"UlQAWul3UlQA2EYhCABFAABjgXFAADQGlWUm5UY1wKgB\/AG7x+hg0\/qm9LcJeFAYABE5sQAAFAMBAAEBFgMBADDGp5YJU4NYfAXlehYJRQ2odQmJNNLuW3og1BToTR83Gb0PCN+omLLmSnduJdxzfxE="} -00509{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1899,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":384736,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"UlQA2EYhUlQAWul3CABFAAByCLNAAIAGwhTAqAH8JuVGNcfoAbv0twl4YNP64VAYAPyWYgAAFwMBACD5OA5hWmwcr3qvvvlx80AhOaZ3HeL86UCzuBfLPvgmkBcDAQAg9ZKvZ3vwmeoBnpaDZ9egruCXkAuHZkA8B+2\/ifVrt+I="} -00409{"flow_id":13,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1900,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":576266,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAogXJAADQGlZ8m5UY1wKgB\/AG7x+hg0\/rh9LcJwlAQABFcMgAA"} -02395{"flow_id":13,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1901,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":632432,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"UlQAWul3UlQA2EYhCABFAAXcgXNAADQGj+om5UY1wKgB\/AG7x+hg0\/rh9LcJwlAQABEGQgAAFwMBACBe7gq\/TNzOMzMYtA4MHQFa4afcQjMYPv5pcPemKGPjORcDAQXgjRugDdlTI3cRSI2v5m1MuvYxIDwlPGGYkuk7FQEiqBX6KUbI0M7Srhevr9vpwZZkqPgwbxZprvk2J+2KTqsP7zyy5xqV1OP\/QMLP6a9n5cw6jCpS2mSYGL6v84i0TcnekCOvcMim3+KA7fXXP1AatbRfzngQLaPE1BZ3wUWJ5ieou\/XNnC3ncYh\/5cc1RxP6VEmTlEc7GOfkiQhFxR1+0V1omFwpMVWtZNndC8B05BhtUNpjYQFFIgdqIlf+\/S6WZTEdQA2MlxuSOZtEFacEmRijp9ZpvI4wtRQ7cBdTXN3OYScaDUo\/dNBrXW0s7dy00n3yeABdU6KFl1EJ7RR4qyrzvhT20WcZTGI6D\/kUjLkI0TOaTuHfFDBTWmW+sfidCdIe2OWTN5N6\/As0H+B5RgYFIB0NJzmQNQA252n4QnXEorj70Oe4PmLPml51G0fas65Z4HscXK\/++Pz8telYanEoQ6ymzFzVRD5YGoMHO69hNx9VzvmErFHFMNKmjOB6KV0lG\/S2qxir25G8k4ZCXtXYJowNyFN51YTk3frSypVZxp3MnlIxCgSOsCjocPhi8YMv+B5MgRO0yd67NOQ\/NJ2MAzPrVLUb8vPMBTKptAh7vxPPZqyiZsxZqcKHAuLjdeA0pIceJxzAVxpfhS1LFitfDxbG9HTNhweSxN29axUtglA95Kg6jCm1FBkyWakD7rVp6uZHxd5QHm8a\/Qd6wPfSZ4T+GSZbhqzZf8KPOKMxntK+1eXJvSNwO1a9QkyYxvz8JwotjW5q1pelBOZdkIte2jwLCaZQmizOkd\/y2F0noB66WlbPVlWEuRLFC6h8cRM0HzR49Qxqx4YCCmtDlbXLJ80NstDdDN8i+K+gGad6BQoidwNQn+S19RgE02tff6iKxC5QRIG3dJu2UiNjqfZgvakcxZi0AyUb\/5VAqskZ6gUOCi+3RWMda32Si2Ot\/BxEzXHKQsc7uc9UKK5fKhX3ghXRXfCRDgfdm++lZ3HpgNnfP8DSJe8eqZOV4WE0OkUcTaiUmit28SVegKAgSpL6T3xnW21KL8Az3nk8LNdBfrQHDTIzO8WXvVoBGTOdnv+UR2pL48cgdV11E7B23Fn\/Dd4ZsIRRuHRUw3\/70rP+JjjwcrvzDaRmc0vwTv3BmnKDme+aaEFnqERsUsjggoCk\/3GjUe1zDSNdpzTC5tCT9k5MYZ+\/iTFoFlLkOb9f\/I7fgnXkicKuuqietni4FrmhMy9qrulCuzHDuh2dRchjWQjT+oRlpV5B57oJwVboYF\/irs6yKXN0X7WpiNIT8eSm\/a7+G6ArqJ6XDuJ82DdxmjKYHtx34v1oWTGMGoN6lVaLcA31WIQyGTpl5C6vFVyP5xqwBcKfUvZv6He3N+OnTLWkHMhT2eoXUhlA5QlxXYB+AN8tSnu073f4hRy1tZPrISsV8AvtFfr5ASUQyIdnKB2i9jMWxajqHHdCFBJsEtmE6r5uXvyKjtL9vBN5ct9BQR1tBPhfUJ\/8MkNN8Eahhn6uEC6medbbOzojGbThFIbk3esveZ\/N8WFbj6lUC04XKP62iRkg305JN3B09xcwQoIbDisXQwGtq60T9mRQpcxDCDUpT9vRx22T\/pK+h\/TfN0eU2SKC\/wpGP2wHsC9z00iT7EOuO9Pes7+CgC6SM+zZHBcevKMVJyruDEOKHIlvg6ee9JCeeI2sLM2HY\/4Z\/1YCn\/+mo8ATyFDn7EL0aS1HYAV1LUSgYhOnw\/O59NIlzCpnKzD7O9P+0g+X0sJufdg8VjpjuOTHPy+TDwnLvvBLdLOuOdSDPZm8vZHDGgYGZvnQViiRsCOeHXiTnmYWHGvmkXkPOgbVWEClGWAvTxhcnaYaSlwVV2iwco34aHvvzQtnls\/TpAw="} -00529{"flow_id":13,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1902,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":632647,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"UlQAWul3UlQA2EYhCABFAAB+gXRAADQGlUcm5UY1wKgB\/AG7x+hg1ACV9LcJwlAYABFBlgAAbg3TpZARg4wm+rG1P6gsIB+320pAOXPhPDqQBHv9AsE5iDtPAoLy7nBsv2qhovx\/6BMuY2APta\/rDTumORvRPJ3QzUphYOqlnO95xE7KxoyOioKj9sY="} -00415{"flow_id":13,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1903,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":639790,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCLRAAIAGwl3AqAH8JuVGNcfoAbv0twnCYNQA61AQAQBVOQAAAAAAAAAA"} -01210{"flow_id":13,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1904,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":641908,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyCLVAAIAGwBLAqAH8JuVGNcfoAbv0twnCYNQA61AYAQD7VgAAFwMBACAE8ueXXocuOQmW3f69oo7FBnuxaQCkH+RVqAU6G5MImhcDAQIgC2DppkLMsppC8aEpH9CTtLj7w4NXvWEUFALM0vLzBHiMeP7tQJp6Ls0ayrXxQbJJ9TCJW55JBiCE2FyjaeBrXK4RiCGVvWaregrcxjRBFlO5uSdmFUqW8jUMYWx3Z7Guo45j3Bk8r9vUcXJ8nlTiTLxin2\/8nNoC3GfKicW4StmYsR3yZ3T+0yi1f+4\/00tlj\/G7U3WiIL9cp7TgOAv3\/JedTkWXdWFQALY1NmSodq20ysTkhpx\/FXGqBy6ebPiwBabFv7fMUSEFH129g7MlbbFCsfTgpa5a9YY4lxVvBdjS0QPWYQn\/CFAx0bUo4hB1apq5H857ok0ehiKb8Qvp7LYKw6EtahDb0urHFEuHm00w67Jy5lOI8kVtxHWOMUTALDjZJ+fF7EUhfQ\/bf+BjZpKlY3reUOR6NgIr7bbC24qZ\/19BEwltbgf\/vC7m\/MyrYZzBGJTqWDjLenP1ufpl0dQk580807ffzKuWAhenolcehfujnJPvtgS2GwRKgHQ59xeSgdZ1iH1Bu12G\/eP6itP9T+qA3FGS5bXP\/rO799odmQ4P\/nl1o9RdH4tRLcHHKcapKsGPSqr\/2asvTHNYdN5Jl0\/vtSzlS8tbyobMRv+oERJGhyzpW5+VcVKl5VSOBwzvgeuuopOtq534jNtHfF7N3t3g5YoaYuEN0Yul0VAMwhJ3GydXwrhPUzM5zJmjtyRl+HikLccclZbsdblb\/Q=="} -00408{"flow_id":13,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1905,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":785482,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAogXVAADQGlZwm5UY1wKgB\/AG7x+hg1ADr9LcMDFAQABJT3QAA"} +02394{"flow_id":9,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1863,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":218445,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"UlQAWul3UlQA2EYhCABFAAXcVpdAAC4GdF9bj13ywKgB\/AG7x+fD3p9dZ7sQclAQAIMKCgAAFwMBACAuXJ80nCn\/8cVYdADi9lYIiv4DzI2PZ5wkRrgqwR8MohcDAQXwnMJEXwIOPH2XX57DF1XIpBrpAMRbbYCqRfYnaCkQoJiSuv0Qe17RjI1lfeUF9kF7yMTz5uqsFzxzhDoFe20EuvoOsp\/O31oxXC9rYyLvKCJqHd6ae\/PACsuS07uEW+1JccM7z6MkizDRHdsHDWF0ibNqeByUW+t9SmL5IsfE8r0CghDoYVklQQUhXBHTDhANS5BAe2cXZVNZL7s\/nKIQ4cIcoyqIOZf9inT+0ReIgFZLfnx9GVCj2Lalv\/C7eKgOQyGd1r0WnTGkFhLUBIRVbLo\/4M\/Mt10n8MmXf\/nrzQKJLXllxOoBbAgshC8CJUKAQFVslprJoEXykU+UN\/qGAx0blse8BMZt1tuzIJAbat+P4j+LJwXDpEMLPNEf\/tSQfa5BEEP7JGoxISF43TaFmlCkAY8PjGyjGNyDoyQmgdZvLBBlMzzDcjrCWbp4AAHahLfD7P0PZpjEFvK6GzkkjDLgfd5j38MwONq1RwuNdjM\/TaHEAgQra2pQGGcDScxUv50X9iB6umTmzqeBTl7\/NeATB9zU87GbgRz2BVONAjc\/iAh9M8XDaIwZbbvPjUaV3OtxKmxRQPPqasmUe1RAuw8sLTRN0SyaRuYceonrJ4vdg\/VC5t2Z45axwJtk63sfBUCDp892PIkhGI8sUWmLAO0EQVSv5HIMw7lOaJtJgKsBmzaaQLIiP8hJkDjHJuFuNitRTHoQ6ObXQQvBJhbf2dZAvpCPGfWHg8vCS3K0tKOB04vV9SjvvFFC443IcRqQOQKvExoHW5RnAKGjXnAAxJkdcsFtos4TY+uF1oa\/jX\/6FUILnmHP8AASkzVy\/38evNX469aDL1iGhJ8X0DyphEVXoo25cfyfmaeGrOl7AbGoppjty9QIwGqwhvg4U1iYPifIa\/uZivnqvkVBJpshL6yyuZ6u2aHLEX8b78le6+sA1d9+OQdR66DMCr3C5VPsaqSAngjGh+v+srcKwcv+\/cvxDoC4PY1RYIizmZFZyqvaGXvUBAku8TywXbYaR5Nobn4yrOVNjZqs1Sh3z3J8D7OqCG2yi8CwXJv2MzMQS6NtWAkB66qR\/QNMhE0N+rU0xhhaGi1EhuuPVdPAbvaCs6OGVFzP2kjb51uiAqKkZlNMKQheYiCXWYiWYbwJUAqdKT0Bbu5oErwSftYCv1qKxLpC2qUUhlFbq9TAI\/SceXmdwq8ycIM+CclZosxOAdpHNvKtOnx9HHR\/aAKbJE2qkmi9IlRtlNSz3rxrc0LJesj0shC9flrB1MdtKdt8s9sO2mq3xerMKZ8Uv5GOcCaJo9LWa\/hMG3MVJ4eDlM6BYxuoQGtWJo6\/0kHeSxXo2Db55HCtryRcx5bCTMxmoDVbXBzixCy7hHZu1St2BlkvwozEZm6eEzlHgq3xv4WcEAaLEJf0KmFGJ+AwBKNAHT3uardpMHljGfCXRtQB4CcQRq2fBe044tlVGwgxyaUdSGN2V5yVbez+K6RXN0U\/RMyqTGbqzapvUMBdhIsXx+orweE3\/t9bH82Kb2pzeZFu67W\/0sHv0j2D209XfBBmKsEnVpvnfoHdRK\/PkcBGIU4ZKPApflJkD6EX9zR6nEAEcs3ciIXolofC9OU6+gHXdn2lzdwmWlM+LgijhOOEj232GCFfHdfriqkuq86T1tdRtks9QHBwD7ltflVcD\/4A1EDuydqHFUP95xALdP2\/wwUkKUxETjGT5EySfpY01XUSHWfcQKR6f1rLH2yExJTG6VWEUz9Hn+GS4XZAF0ANhTF\/Jhhzjc2kajV0xElCnJPSqJ805bdwoiGjumJ2kTK4hkTyl+keoE6OkN+RO1UrFcfJkTy6w2sZGgHaKSZdJVpokFeZGBMUyZwv4\/thO++FH\/1ZhnuvSn1pNBq0XGQ="} +00547{"flow_id":9,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1864,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":218591,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"UlQAWul3UlQA2EYhCABFAACOVphAAC4Geaxbj13ywKgB\/AG7x+fD3qURZ7sQclAYAIMMCQAAkTLs5DyotF2bx+ngCG4gXdgKUSvNexOGfi782LqvLHWdIhufdgogTQK6cUso\/PYhSv0yGYSLO1Gv14bD0kpYtxpGVUywRJtPWHZigJIrXsQA3bErimLkXxSBc1Os3F8LjXcSBrYe"} +00414{"flow_id":9,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1865,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":218874,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCKNAAIAGdgfAqAH8W49d8sfnAbtnuxByw96ld1AQAQCHiAAAAAAAAAAA"} +01210{"flow_id":9,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1866,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":219799,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyCKRAAIAGc7zAqAH8W49d8sfnAbtnuxByw96ld1AYAQAg7AAAFwMBACD\/PxVnKTJDf0u98kfy\/GwOwKrRjxW6WWVZK3+fdkEb\/xcDAQIg2paFoPNFm3AShdp\/iFzkK6e6+gmum0SmxqWOFbRoYsyAYvgK5zBB0dCRJ3wWaYnWODl\/MvTBP5g31zbkm6bZAIKetsnCCM\/12FHdJZIkZJTt3J2HXZwnAl8OCzKrbK+c3u9rXRluMyAVbp739+jeE8G9H0XZwMcpeIoOhlRhArzNkBO8W+2PEt9JrohmCpPNaiIu2eK2V+aHl6Za\/TZVuMWQDDj3\/+jONcZrFcZQvUT4QlnrJNem1GkhfMLB5Bgr+FQeNJj7\/1H8KgE3zIz67sBTF1jSyNkBv3ytT8j8EEURN02tlmnwl60JMQL4Xf2rKjoT7eg3m9zHNsFoZmQ0l56qI+RVI\/73B5EAl2nKVytryxLAVgK48XHlCWBmQvPvwpAzPSHL\/a+R3uKkcNOG0gltp95xLSGzXh2VukHaTM+vlKKgWqkaLXpP9qBJx5EdKomJZJNaCEh5B8o9fk6b53tncDZLkGDOD9P0GJ4RttmLSLNBkR4VEaDBSSFyTk1B8l\/mfdMXKvr4Su89gz6KHGVgsHfxm9HMkpvlxLqSPFZZ1HAxNKGVpw5sCwzkyNyTpKHgbwKxMfTxOpfKpMMZMJYSVczqJM03L5\/6Owj0If\/IXit8Ocli1x3roaoMsskgI2PFo+oduNIzuzPI\/\/VjFMO4nHDLqx0xUhUFvJQ7CMdYOx1u6m9DuBJBotWUzjOWKf4Ig7ALSn\/gjkotSr05ew=="} +00409{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1867,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":265125,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAooq5AADEGdC\/UU5v6wKgB\/AG7x+atYkapG1cHUlAQAIyb\/wAA"} +01203{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1868,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":265485,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyCKVAAIAGvO7AqAH81FOb+sfmAbsbVwdSrWJGqVAYAQC4GwAAFwMBACDFSvr+d\/a8SxY\/MRGL7d7bbuedWRMGsboWG\/MyOHFANxcDAQIgpjhLHHmpnkUvTkzSmmX06lIrigiP6O2YGeNrjBqcUKAg0V5n04hnKawS4oV3ArwURsxbSqTy7nYCs5KiFnKnwi730wK5bay5XMFaFmjdjmKYZSW64Y0QNegmAn8DqakiaeHV87kzGgz3L9ox61bWiC7ouRVLhzhTBTst37kLzy4TNJ0GnKImOj5PufZsdM+oCGA2mvANTfeJutkC6ZMcW98j+pnuFaSHZzEegAuoGbIri50vuCfmrI2ykVCIM9NHhe9ybbly8c3tpXnB7ABcxCwT9cacO8yaW32GDXf0T2TNHRQBR8ftn3ArezELLiB+r\/QDebccDRa2eZtwv2TQLf+BNxJIfC26FMUwNp\/bjbZ2ljD5pQMxBFWet2NCvrAp+ghJEuezGbgv6C5rt8UW64fKEqFi5BkU51c8Olr31vNS6W7u39ITzaSwxhpbi68BFr3Rgd\/GyFPAVUVRnYWjC3W5C6vQVoV7Aby3obieH9X+LnXS6ZQbtgqerkwfF8KrGQotnTRdzUKW4z9tkcE0UuVe7uIeuC9HJsmkSSo3J519HAgZFVRecMir2db0k+I5GUB0IixS\/iYrCMdQWisoKFLfUljPOUI5aqKo36qAQO14+eb9abwMSo3q9Ox\/s+P\/TpXIDhzGRU3esXRnHYI+TtA6jgEY\/nm1hg0DjrFdYHYoOUETQ2zqC1kbLLgkWACGgfOjypLmJyMKImn7bnn9Kg=="} +00407{"flow_id":9,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1872,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":328617,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAoVplAAC4GehFbj13ywKgB\/AG7x+fD3qV3Z7sSvFAQAIyFsgAA"} +01209{"flow_id":9,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1873,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":329179,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyCKdAAIAGc7nAqAH8W49d8sfnAbtnuxK8w96ld1AYAQCeOAAAFwMBACAz5YAEXPD9Qp6lyJHqu1BSVaHO73GRNQm8Htgf0+c9mxcDAQIggGSqd7QMnsJ4kHJMLOklbVLNgwUP\/EkZy7W3NwFozzCote80AtSk7sn6fxe8acuFRFCQKIbQM5JkKbLFJdsaVBQIS8KJ3mJqEcN17ES7yv5X7kmwtAY0Oj+Qn\/O4MiKZiIbqCXUuIXBs30w6k5i1XKkR\/YjI1yzaosB78mCP1N+MitRHHOzKJ9BIN4RckCB0ahIg+SW3srzVgs\/hUNP4hLSwA9r1bn6Wx+XHvuNF74KSSRthK+UB\/PbjZmI13OCt6kBCakhFRLo4xd1Znv2Pfbt7FqyHdLdHCBcsGD5Uvdtw8qWMKPEXLk4NoW11tQXMBdwCgl\/xGuIkXESj2qcd+a6G\/U6B0dEP6RlAAX7I5nDrY50PtBQ94gZLzKB2qfFxI3h0QACydQDa1E2U\/DYgZWjvoy4r8eOXazr+Kwq8DkGePJs8qqu1PjYknNmPq\/hHKHLKZUAJ1IBCeVI4vX+BTiiooRLb09iC6svjWG00Y\/b+8hUWDkM60gjsOfnXmKe2Gmtai4EAK1BhjnT\/RDUesrNd1VdrsxdUqjj8s3SAUTlKeqcxkD3BLawtjcU5vI\/ChZmMJyoWadYf6Jq7tFuHIfLRmpSVDM39OBv8K4ikJC\/r5Tb12+qassYZfOLPbD\/SvIb+tyWIo\/\/o3GZf3Ucp04R7Pi0FoX8Ifpgv2ENVeAXzErpm7zVYy8TvEmUz3OuTxmPK6l0aAG8fU4fQnhW+nQ=="} +00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1383822130889,"flow_last_seen":1383822130889,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00422{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":889737,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CK1AAIAGwljAqAH8JuVGNcfoAbv0twffAAAAAIACIABZFwAAAgQFtAEDAwgBAQQC"} +00423{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":33681,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x+hg0\/cE9LcH4IASOQjoIwAAAgQFtAEBBAIBAwMK"} +00413{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1892,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":34064,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCK9AAIAGwmLAqAH8JuVGNcfoAbv0twfgYNP3BVAQAQBhAQAAAAAAAAAA"} +00692{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":34778,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"UlQA2EYhUlQAWul3CABFAAD6CLBAAIAGwY\/AqAH8JuVGNcfoAbv0twfgYNP3BVAYAQATzQAAFgMBAM0BAADJAwFSe4E45UNCHF+9nmoqAUUyRuC4BvKCHcuaRNsIL6pQWAAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAFgAAAAUABIAAA93d3cuam10czJpZC5jb20ACwAEAwABAgAKADQAMgABAAIAAwAEAAUABgAHAAgACQAKAAsADAANAA4ADwAQABEAEgATABQAFQAWABcAGAAZ"} +00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1383822130889,"flow_last_seen":1383822131034,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00408{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1894,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":183159,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAogW9AADQGlaIm5UY1wKgB\/AG7x+hg0\/cF9LcIslAQABBhHwAA"} +01663{"flow_id":10,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":220406,"pkt_caplen":983,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":983,"pkt_l4_len":949,"pkt":"UlQAWul3UlQA2EYhCABFAAPJgXBAADQGkgAm5UY1wKgB\/AG7x+hg0\/cF9LcIslAYABCPDQAAFgMBADECAAAtAwFSe3MzJnpApPNpEflNBeQT+wMfGN8EfVfDfSCJ1CHhSgAAOQAABf8BAAEAFgMBAcsLAAHHAAHEAAHBMIIBvTCCASagAwIBAgIIQu7SDsoDvGgwDQYJKoZIhvcNAQEFBQAwITEfMB0GA1UEAxMWd3d3LmdnNTYyaXpjeGR2cWRrLmNvbTAeFw0xMzA5MTUwMDAwMDBaFw0xNDAyMjEyMzU5NTlaMCExHzAdBgNVBAMTFnd3dy5mY3N5dm5sZW13eHY1cC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJQ5+9Jafzi9QKeOG1kHDMDsvWpuxkXpeqU5V0auc99fup3dK8JdNTGzu3St2C7rtsHg\/aOI\/RD9LBPI3jkM\/bU0HyaJ3ATnGMkGr5BqkEX3ztOgHRZwu+TnTmi+fZZYOYr6X\/P1TAaEG\/JhZstA4GTErKlTy7h8CUyjLfJJOEhDAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAczayP3BW1GC9VJrrjJIooGh9+Wn4OGeizzpTmcCFI8IoeRhpPTIKqepFXqDaxPlMKybjBOaBnrwjugwfJouvDQ5AWM8LmNJinE97MZJTCtJdki6wMXqQ\/ENtzXqVsU9szKRr4KBKbjpnMQxheyATYof7q025Meevj610uNi4SCIWAwEBjQwAAYkAgNZ95EDLu9wZNtaT00r9CtUMhNI5pF9SC7iBdMuYvOlRhJ+RLmOccvsTtLTXF34W1VrBebpCCyop\/jJKRnpjXoH\/WQE3e+3c\/TMWikYarTty2uiGAHgEWwen28p4dAh9FRDqn8yd3TMFB91i24iuqnR94PTW4r1osOc5Pg8kIY6zAAECAICTjLv4dzbQkY4v+6c0tODTLPLUqpNj9udRk8Y5oVDxQec9DISv\/Q0OumZb9e9ll5wRwIEXxwVEOFM8Zk7VR4yvxN9ykEmlw9419WCYJtUgx5zCtQLvohpLrdz+KVdNF7f8BvF9kFE63nikb7K7Z17dZMj\/1ql3DTeHgdk9yw81yACAjddiRyq9Wcm6MZOMF0YAyjYY2sKmLvYg01bPUt\/KNhSxOpXIEHegbPMrbIHKvNT+7w8eAmj4pYQmubnfUL+Uj1iDQbNgSR2mn642+8mQSG60moMsBVPLLA9EvmzLv1gcuBhCiJcGvwEu1dlI9t0c613woXTslAdeYNWIZ8noJgsWAwEABA4AAAA="} +00962{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":6,"flow_first_seen":1383822130889,"flow_last_seen":1383822131220,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1139,"flow_avg_l4_payload_len":189,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","issuerDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}} +00679{"flow_id":10,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1897,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":230750,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"pkt":"UlQA2EYhUlQAWul3CABFAADuCLJAAIAGwZnAqAH8JuVGNcfoAbv0twiyYNP6plAYAP1iWwAAFgMBAIYQAACCAIC489sTVZq\/GrKwFJ77i9pUjo8mUMWtC+3TfOvVv3\/lZeMgGHHRgTuax8BoSKz6hvfA1XyfqMyXXhhXL\/hmqpwL9+xMKjSKeC1\/nBFQNGi1R9BX0jpaOpJQL\/tEkXCPrXGMaMRX6FbhYcsf0y1KKo8nlIUSjgfqR7Uu68BU+P0kTBQDAQABARYDAQAwR5He0W0\/mJ2cp4A+CQ7sLCv+qfOQ89lzDZTa6EzlNuKFpcImS+UZUc6RvdwtbKaR"} +00490{"flow_id":10,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1898,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":384005,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"UlQAWul3UlQA2EYhCABFAABjgXFAADQGlWUm5UY1wKgB\/AG7x+hg0\/qm9LcJeFAYABE5sQAAFAMBAAEBFgMBADDGp5YJU4NYfAXlehYJRQ2odQmJNNLuW3og1BToTR83Gb0PCN+omLLmSnduJdxzfxE="} +00509{"flow_id":10,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1899,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":384736,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"UlQA2EYhUlQAWul3CABFAAByCLNAAIAGwhTAqAH8JuVGNcfoAbv0twl4YNP64VAYAPyWYgAAFwMBACD5OA5hWmwcr3qvvvlx80AhOaZ3HeL86UCzuBfLPvgmkBcDAQAg9ZKvZ3vwmeoBnpaDZ9egruCXkAuHZkA8B+2\/ifVrt+I="} +00409{"flow_id":10,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1900,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":576266,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAogXJAADQGlZ8m5UY1wKgB\/AG7x+hg0\/rh9LcJwlAQABFcMgAA"} +02395{"flow_id":10,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1901,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":632432,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"UlQAWul3UlQA2EYhCABFAAXcgXNAADQGj+om5UY1wKgB\/AG7x+hg0\/rh9LcJwlAQABEGQgAAFwMBACBe7gq\/TNzOMzMYtA4MHQFa4afcQjMYPv5pcPemKGPjORcDAQXgjRugDdlTI3cRSI2v5m1MuvYxIDwlPGGYkuk7FQEiqBX6KUbI0M7Srhevr9vpwZZkqPgwbxZprvk2J+2KTqsP7zyy5xqV1OP\/QMLP6a9n5cw6jCpS2mSYGL6v84i0TcnekCOvcMim3+KA7fXXP1AatbRfzngQLaPE1BZ3wUWJ5ieou\/XNnC3ncYh\/5cc1RxP6VEmTlEc7GOfkiQhFxR1+0V1omFwpMVWtZNndC8B05BhtUNpjYQFFIgdqIlf+\/S6WZTEdQA2MlxuSOZtEFacEmRijp9ZpvI4wtRQ7cBdTXN3OYScaDUo\/dNBrXW0s7dy00n3yeABdU6KFl1EJ7RR4qyrzvhT20WcZTGI6D\/kUjLkI0TOaTuHfFDBTWmW+sfidCdIe2OWTN5N6\/As0H+B5RgYFIB0NJzmQNQA252n4QnXEorj70Oe4PmLPml51G0fas65Z4HscXK\/++Pz8telYanEoQ6ymzFzVRD5YGoMHO69hNx9VzvmErFHFMNKmjOB6KV0lG\/S2qxir25G8k4ZCXtXYJowNyFN51YTk3frSypVZxp3MnlIxCgSOsCjocPhi8YMv+B5MgRO0yd67NOQ\/NJ2MAzPrVLUb8vPMBTKptAh7vxPPZqyiZsxZqcKHAuLjdeA0pIceJxzAVxpfhS1LFitfDxbG9HTNhweSxN29axUtglA95Kg6jCm1FBkyWakD7rVp6uZHxd5QHm8a\/Qd6wPfSZ4T+GSZbhqzZf8KPOKMxntK+1eXJvSNwO1a9QkyYxvz8JwotjW5q1pelBOZdkIte2jwLCaZQmizOkd\/y2F0noB66WlbPVlWEuRLFC6h8cRM0HzR49Qxqx4YCCmtDlbXLJ80NstDdDN8i+K+gGad6BQoidwNQn+S19RgE02tff6iKxC5QRIG3dJu2UiNjqfZgvakcxZi0AyUb\/5VAqskZ6gUOCi+3RWMda32Si2Ot\/BxEzXHKQsc7uc9UKK5fKhX3ghXRXfCRDgfdm++lZ3HpgNnfP8DSJe8eqZOV4WE0OkUcTaiUmit28SVegKAgSpL6T3xnW21KL8Az3nk8LNdBfrQHDTIzO8WXvVoBGTOdnv+UR2pL48cgdV11E7B23Fn\/Dd4ZsIRRuHRUw3\/70rP+JjjwcrvzDaRmc0vwTv3BmnKDme+aaEFnqERsUsjggoCk\/3GjUe1zDSNdpzTC5tCT9k5MYZ+\/iTFoFlLkOb9f\/I7fgnXkicKuuqietni4FrmhMy9qrulCuzHDuh2dRchjWQjT+oRlpV5B57oJwVboYF\/irs6yKXN0X7WpiNIT8eSm\/a7+G6ArqJ6XDuJ82DdxmjKYHtx34v1oWTGMGoN6lVaLcA31WIQyGTpl5C6vFVyP5xqwBcKfUvZv6He3N+OnTLWkHMhT2eoXUhlA5QlxXYB+AN8tSnu073f4hRy1tZPrISsV8AvtFfr5ASUQyIdnKB2i9jMWxajqHHdCFBJsEtmE6r5uXvyKjtL9vBN5ct9BQR1tBPhfUJ\/8MkNN8Eahhn6uEC6medbbOzojGbThFIbk3esveZ\/N8WFbj6lUC04XKP62iRkg305JN3B09xcwQoIbDisXQwGtq60T9mRQpcxDCDUpT9vRx22T\/pK+h\/TfN0eU2SKC\/wpGP2wHsC9z00iT7EOuO9Pes7+CgC6SM+zZHBcevKMVJyruDEOKHIlvg6ee9JCeeI2sLM2HY\/4Z\/1YCn\/+mo8ATyFDn7EL0aS1HYAV1LUSgYhOnw\/O59NIlzCpnKzD7O9P+0g+X0sJufdg8VjpjuOTHPy+TDwnLvvBLdLOuOdSDPZm8vZHDGgYGZvnQViiRsCOeHXiTnmYWHGvmkXkPOgbVWEClGWAvTxhcnaYaSlwVV2iwco34aHvvzQtnls\/TpAw="} +00529{"flow_id":10,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1902,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":632647,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"UlQAWul3UlQA2EYhCABFAAB+gXRAADQGlUcm5UY1wKgB\/AG7x+hg1ACV9LcJwlAYABFBlgAAbg3TpZARg4wm+rG1P6gsIB+320pAOXPhPDqQBHv9AsE5iDtPAoLy7nBsv2qhovx\/6BMuY2APta\/rDTumORvRPJ3QzUphYOqlnO95xE7KxoyOioKj9sY="} +00415{"flow_id":10,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1903,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":639790,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCLRAAIAGwl3AqAH8JuVGNcfoAbv0twnCYNQA61AQAQBVOQAAAAAAAAAA"} +01210{"flow_id":10,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1904,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":641908,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyCLVAAIAGwBLAqAH8JuVGNcfoAbv0twnCYNQA61AYAQD7VgAAFwMBACAE8ueXXocuOQmW3f69oo7FBnuxaQCkH+RVqAU6G5MImhcDAQIgC2DppkLMsppC8aEpH9CTtLj7w4NXvWEUFALM0vLzBHiMeP7tQJp6Ls0ayrXxQbJJ9TCJW55JBiCE2FyjaeBrXK4RiCGVvWaregrcxjRBFlO5uSdmFUqW8jUMYWx3Z7Guo45j3Bk8r9vUcXJ8nlTiTLxin2\/8nNoC3GfKicW4StmYsR3yZ3T+0yi1f+4\/00tlj\/G7U3WiIL9cp7TgOAv3\/JedTkWXdWFQALY1NmSodq20ysTkhpx\/FXGqBy6ebPiwBabFv7fMUSEFH129g7MlbbFCsfTgpa5a9YY4lxVvBdjS0QPWYQn\/CFAx0bUo4hB1apq5H857ok0ehiKb8Qvp7LYKw6EtahDb0urHFEuHm00w67Jy5lOI8kVtxHWOMUTALDjZJ+fF7EUhfQ\/bf+BjZpKlY3reUOR6NgIr7bbC24qZ\/19BEwltbgf\/vC7m\/MyrYZzBGJTqWDjLenP1ufpl0dQk580807ffzKuWAhenolcehfujnJPvtgS2GwRKgHQ59xeSgdZ1iH1Bu12G\/eP6itP9T+qA3FGS5bXP\/rO799odmQ4P\/nl1o9RdH4tRLcHHKcapKsGPSqr\/2asvTHNYdN5Jl0\/vtSzlS8tbyobMRv+oERJGhyzpW5+VcVKl5VSOBwzvgeuuopOtq534jNtHfF7N3t3g5YoaYuEN0Yul0VAMwhJ3GydXwrhPUzM5zJmjtyRl+HikLccclZbsdblb\/Q=="} +00408{"flow_id":10,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1905,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":785482,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAogXVAADQGlZwm5UY1wKgB\/AG7x+hg1ADr9LcMDFAQABJT3QAA"} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822132,"pkt_ts_usec":212345,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","type":38} -00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1383822123915,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822134,"pkt_ts_usec":212476,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822136,"pkt_ts_usec":212325,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -296,12 +286,9 @@ 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822152,"pkt_ts_usec":212240,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","type":38} -00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1953,"source":"tor.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1383822153962,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} -00594{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1953,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822153,"pkt_ts_usec":962104,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1953,"source":"tor.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1383822153962,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00593{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1953,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822153,"pkt_ts_usec":962104,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822154,"pkt_ts_usec":212265,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","type":38} -00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1383822153962,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822156,"pkt_ts_usec":212208,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822158,"pkt_ts_usec":212282,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -330,36 +317,33 @@ 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2061,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822182,"pkt_ts_usec":212191,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","type":38} -00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2067,"source":"tor.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1383822184001,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} -00592{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2067,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822184,"pkt_ts_usec":1176,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2067,"source":"tor.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1383822184001,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00591{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2067,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822184,"pkt_ts_usec":1176,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822184,"pkt_ts_usec":212229,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822186,"pkt_ts_usec":212454,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822188,"pkt_ts_usec":212408,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","type":38} -00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1383822184001,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822190,"pkt_ts_usec":212084,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","type":38} -00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1383822190886,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00422{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822190,"pkt_ts_usec":886155,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0COtAAIAGZnzAqAH8PtKJ5sfxAbspsDzeAAAAAIACIACTeAAAAgQFtAEDAwgBAQQC"} -00424{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822190,"pkt_ts_usec":950538,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGvmc+0onmwKgB\/AG7x\/Gvhi1nKbA834ASOQidcgAAAgQFtAEBBAIBAwMH"} -00414{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822190,"pkt_ts_usec":951036,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCOxAAIAGZofAqAH8PtKJ5sfxAbspsDzfr4YtaFAQAQAWTQAAAAAAAAAA"} -00705{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822190,"pkt_ts_usec":951387,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"pkt":"UlQA2EYhUlQAWul3CABFAAECCO1AAIAGZazAqAH8PtKJ5sfxAbspsDzfr4YtaFAYAQCdOAAAFgMBANUBAADRAwFSe4F0W8quv62S3\/7ygOUuf1KhU9yi6dM6uUHTsgpIIwAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAGAAAAAcABoAABd3d3cuNmd5aXA3dHFpbTdzaWViLmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1383822190886,"flow_last_seen":1383822190951,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00408{"flow_id":16,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2076,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":21804,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAo\/HtAADEGwfc+0onmwKgB\/AG7x\/Gvhi1oKbA9uVAQAHsV+AAA"} -01408{"flow_id":16,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":37108,"pkt_caplen":794,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":794,"pkt_l4_len":760,"pkt":"UlQAWul3UlQA2EYhCABFAAMM\/HxAADEGvxI+0onmwKgB\/AG7x\/Gvhi1oKbA9uVAYAHv3EwAAFgMBADkCAAA1AwFSe3NuVwW3wewrm0Np+8gZfpw+6\/jzal\/O1PvTkdk53QDAEwAADf8BAAEAAAsABAMAAQIWAwEByAsAAcQAAcEAAb4wggG6MIIBI6ADAgECAgkAnJid7KPSoQwwDQYJKoZIhvcNAQEFBQAwIDEeMBwGA1UEAxMVd3d3LmEzdXljZGYzcm41bWQuY29tMB4XDTEzMTEwMjAwMDAwMFoXDTE0MDIxNzAwMDAwMFowHjEcMBoGA1UEAxMTd3d3Lmw3eHZ5c2ZudmtiLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0E2BOtnhLWOrZ8fxoxHjGhRWK1of38SpSBNg5b\/k4kfDQHGdL4hq3fcEtr78BJMr4Zf+dYRrf\/i8rLos33njMgo8oJqA1j9vg7wEx0spYhdfQskm1dLeQGZDN8DvyEqgknxhybcPAzyUGQZRPqosoPpI5OTClxfRzUMzk7OKJS8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAm4jj3CZ6E1Ur8DviH98154vz0x1VeY822f6PAgvXyJtEympFvro6oRz0e84wk+8Qk0u0CdxDSjoRRjMK6lpFUg\/ercM64yiXv3o0lSyuqYxq\/SsO88j6J4ug5YwlK8Ehm1An0BaEAIegLyliXKN+BU5QRzDZbd+6KUfKBngbsihYDAQDLDAAAxwMAF0EEovB5\/SW2DTHDDu+OYi9steUmfdbRCgSfNJGR4sNXRhl4hDgZfzXk2twIBJG8Grnw6YRIQGWT5IV1zZmnjnqbwgCAJ5r93gRCIdpZBfFMdDkPE2+t\/hq3eVxsiAp1+p8jigUZ61y99H5SXlIgzrbD14E0t9D2JNq7y+mW7anG7udz8ud8\/ae4433FISa8H+fPWATMTLX2XMO5nykP2OL2RzB12Z2Luv3SScQUiuIYkRAZLPfzndYQO4drRpTnAK0HOmMWAwEABA4AAAA="} -00969{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1383822190886,"flow_last_seen":1383822191037,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":958,"flow_avg_l4_payload_len":159,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","issuerDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0"}} -00591{"flow_id":16,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2078,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":41090,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"UlQA2EYhUlQAWul3CABFAACuCO5AAIAGZf\/AqAH8PtKJ5sfxAbspsD25r4YwTFAYAP0z3gAAFgMBAEYQAABCQQRyKTQEXNEYBPZV3\/zEfTQkWpNPJBiGRL97y9vdutfsluomI+BM\/wATV9EXLZXU4z9ZBfdBaPDrleVfhRSEO4dsFAMBAAEBFgMBADDeTPLuhZGymstjqXonoYXbszTd6MvHlO4reIE7DIAVoLx2Ew2CndrSlYijv1enZdc="} -00492{"flow_id":16,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2079,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":163678,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"UlQAWul3UlQA2EYhCABFAABj\/H1AADEGwbo+0onmwKgB\/AG7x\/GvhjBMKbA+P1AYAIMjzwAAFAMBAAEBFgMBADAMkj8NEfgHVt41gvVoGZmSjJhPRcEYixw81Fk5SSn\/jCrlEY8yRundvc02RY4WwzM="} -00509{"flow_id":16,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2080,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":164491,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"UlQA2EYhUlQAWul3CABFAAByCO9AAIAGZjrAqAH8PtKJ5sfxAbspsD4\/r4Ywh1AYAP2+LAAAFwMBACBL1ibhXCdYHNj2E4PTgng+oqeH24GkH8CHyZvt8J3ixBcDAQAgEkRPKK9bVsaEt1jzbATo6gi5Jrhe3QmS4lNa9Qi2Z+w="} -02389{"flow_id":16,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2081,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":261926,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"UlQAWul3UlQA2EYhCABFAAXc\/H5AADEGvEA+0onmwKgB\/AG7x\/GvhjCHKbA+iVAQAIOHNwAAFwMBACAkBlPlDToh5NjQPtxYQe526GbVe90miqswtvBnvkBl9hcDAQXQ6tpRF3oZJal\/nVYbzucrBK2D7YXJC\/IIzQrki5GM\/\/kgKSRW48AywhBBMqPsX3k6JxIOaQfPIgRxcHMY6lsMMXMDgGcNEd6JuRAh+PaYQ3ZOzsdIsyCph1md4B9nTGo\/uu9qSN\/TvjBfdIVs4IovVqI0c5KRsu9IAKHsAC3x7xBz0BeIiO5I73VmbQTICUtGfRcHmn8bjCsNkSKTIxG56LCX4M2DoY7VNECLoxMBwaxIY9CqTbEnOpt9XYowMWFzTDEwdKDzDk1mFL8HsSfGJmFwszJ\/3cbzwiPVlbA+rQncmR2c0uqQbmpZFNPe7gupogdPAHQoIA1eiY0RoBrjGkZSEY2qZYBJFDLrY+9QrsLielG3G7MgXnmzvf9MncfqxIaDup\/7\/ryBeGkvRNidXNoRqJu2qJCSFZFClvVWT3AxnqMlVwJMGjVjsSG2BfarxWfiv1Lcd1nzguGjIP2rhh3yglY4zoAkeT3TlmXChbBl5kagptSlhr8wnmiTikcWgd0vSNs1xd246wGyMY6NRIQZU5+uUghbVH\/HHHrGa+9cPNjzM6zp1KY+rTcix9p+wUNygvVhFPCP+hkUyiSz9THkjBPh8GDbFMtEsqqYXPzQowaN938E347BuV7Y0RXAZkrFJqIuWYJLxUAFXL6DIEKhZ\/ZGFDv41qtdux1ERpzXgZH2xl+gkLJtQE7ZkK8XFAXmseGXDY092a3QpmeSPwxduT7L7\/xWtRtu5GwBc6xpGpngD\/jswhQuDiaCDTLu7z39GYBpaak40bS4KaBgl94uyksOQ2ew6ELguoL5OMJ7MeikdGbMIxEGc7Kcwo5sLfSGWtZj0mX2TfGSmNuS48dDJn0z6PE4MCgIUfe7zTb4+4mO4zHfDPeJazl1VHf\/Cc4HbUFkg64GdlHtU9ejW\/+nIFHDrJrR7FKq5060F5UHx51Vw1bFl1j3pJ15Ga+nrgKMoTsmwswB567CXfXwcdI+rnwnf0IbFMFzoWxYDQTM+VbQEt23ROGqssAzcLIKpwZ8bvepPLFS7h2LJsiOYhl7pLrUsoDBFmL7TAueeugXhe6qUi+hDNWV6hrCUYFxPagO\/XUJjPQpY6gavOgpEavDMn0Cl9oYff1pqXy85FT269EupXBlllB7zowwPcwtcwUAlYUS6ApxUDwceKb3PyweKnMsCvJxh\/lEjKLiBzk4V35dtf8DO+8KGNsH9We7IVtTv1LxzUZbGctbkpLWMrS8rFyS0MUTOOHJ67Shq8vc4CFHo0uB1zbwTllcxYF2u+E1fskznQuX0mo2Sli53Wv3oggLVMzMBMXQhG\/0\/712yp6JL9A6hXgqsjEMLnM9HAgzDkLa0PCYN1Pyx3tCNQB+2LbuRQqG7BrVWCKHeRyeysBpja4JzG5ey8QDflv8PGWViVgg5nIziygVhS9KlJgKI9s7ADkkpU89injRnv4YIpbdqL2pC933M\/8K9KOZGiZhcQMHimt4cOaohsItUf5K802UhQ1b4ToB81jJWwXeokQVXfPRt9rIyXqy\/sxZMdc0+EK6OsPhBLHlH9PI27uIEdnGl6\/ho5exj5FjDJRHY3QMoVh9FCee7nGm4FljuHNMkU4+Rv4NUAFvAHhIwHpMVz0sovf7KzChhmoxXw2umMi3Ft7BCOExD3cHLW9DmDbQe7KEUEdkcqE7QNbdPyDdLA5aYteM3\/voDeM02tQQajhnu\/5sTxN2yJr93su\/Zg7VKh8ZfOy+KfawpIqjnPn9BrWTFddcTiLCKje3xQRbX3ze9nVeWT0QL4Z2ov4Ch9nQgOZrHQZJQOrov81asBvtr7VyonepTHVcCdHTi6eA03x72UqxNTLorPY0dvtS8whMhVVOcv6YwlYmR3TKrYYMxdBnEdGmE0A="} -00509{"flow_id":16,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2082,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":262066,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"pkt":"UlQAWul3UlQA2EYhCABFAABu\/H9AADEGwa0+0onmwKgB\/AG7x\/GvhjY7KbA+iVAYAIP1\/wAAojeYv9WBh72O2RNpegkav3tigk0Kff0bc8dEvqjX7o6Us2kktDlSuMUONO4oliUxutOvDaKijvkhNxjfkueIsfxqviD5QA=="} -00415{"flow_id":16,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2083,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":263364,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCPBAAIAGZoPAqAH8PtKJ5sfxAbspsD6Jr4Y2gVAQAQALigAAAAAAAAAA"} -01209{"flow_id":16,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2084,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":265080,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyCPFAAIAGZDjAqAH8PtKJ5sfxAbspsD6Jr4Y2gVAYAQA6NgAAFwMBACBWoECUm11WtJl6mj1J2h9mnwGLYqglfOMUGXPVsm5AFRcDAQIgsbqaxnApccXkkOJmHLUd6mIhvav7crtZzRw5lgXrYStYtrU4aSs94A4L7Jr0KGBXnOth2eeI2eAeXEJPhKpb\/hW4srouMFAYhROgffcmaLU5hs+gl\/Og6\/CBa0Nr4yvBlAvIYWghCvyevyK\/dW5EoOk+Ihsjxd\/JDIJ6cNIZ2yXWqjQ1b6WAjNxZ\/ZzpifmfFskVyEoFtVa8K4pNy7Smjh\/ulJyLDukD9TJ8BGB6RfZy2uI7P4lYR2wPtKaj8y+DHVdZRcLjr\/3iFg9c7LBbEH0OlsIQJyl1OPs2KLXsLlKEcFtS1Rqp2iiY+i\/C8x6fXx+VXo1sTFdalQ38MUbzKggMNBEsxpBPbz13iexFblE8Cog+BzBAIaJVNPzXi7iSV9\/mcFpBFrZBzaudfzNP8IcMHuD5uPo2cvhJmhAVsaltQ+wiVrI5vy7aanv0f0l5tx99tBwI69ovSJMNSrtGpc7BoZ6sietyZoIajr3Q4WTqwnFq\/KrpghcodRzAfKU83ZCGbLcsGVHZh57nr42poIrTDSKRGGFtNMLOMpHIc6WUBanPBLJKrL2\/4v\/e8h9N3IAdFxoJ40X7+Iuwy5tMu+bQnO2R6cMflBiBxzfjFcQCrfXCHnl79eQBnDfw0\/M6Y4MjSeaIhv6E5qBr56HvAQaN62CyWuYUDx4K7yIyXqkJNUOgnnw4ExLZDyz1jrK7OSqBU9\/Blup3IZYO1zOgXw=="} -00410{"flow_id":16,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2085,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":358975,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAo\/IBAADEGwfI+0onmwKgB\/AG7x\/GvhjaBKbBA01AQAIwJtAAA"} -01208{"flow_id":16,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2086,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":359461,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyCPJAAIAGZDfAqAH8PtKJ5sfxAbspsEDTr4Y2gVAYAQARWwAAFwMBACAuvjLwx5Ij+UiLubXh24xjovbhHshGFWxLeDm0Yn\/KsxcDAQIg4GvrKssdBI6vk16PFTL1ZQoyHDdsLMK87\/Ckbc\/nBbwIBkGCazdevjsqp6O1G0BA8yHKQpnjvgZTWsLCk6QsUMZp4UEWHBLuexU0lZtwTVqBpMK+fW6BOoCAtTr3ECobkL48HhiQINfsvquZMF\/R9gTOctgGhvQoGR\/zSYk3S9An7he82PaHez\/ZL0rv7z8u\/NYrlsnKo4BvgvaB4kulUKF\/iZDy08QpfgxFh3noi0\/EOHwmzUi\/kziJdGz6VYzExgpm8lI59GODUlNXByTSzfNxZV+KDT1Bzi8jLytsSdsNH1PE+FZMwodMLQdpkNfa1RGj9HFQojtb0SDnZfYy63iwUz2sl3WKpa3p0Dg82FDWvqF5znbcCu9CNrLuFjkOBouKPYofcoNc+ShlqMEP8zL0hYeRgPWOjtEF5JFGJwvsqK0RINh9opmX+CTewaSls4yYjP8XAJjEJnpbgKWbMomo9InR\/sYdKkYQ9vSBd84peWT1i7pz6rxZz3oKfYXNB5xk9meqL76dC765FgmHEafXckoiK7bPU06dFkQtnA30wg4Ty7XiVwo3D54gy0K0\/CFXRNsLB6HhaMlf4Q3\/WOXZVGruBa+r7yodynU78lhkoWtJU7yRny6nFEFcedD3ZfIBbXggMeFoiYbazzJTNjXC0cOkTY1HGlFJgpUhB8EGB6IoQ9bge4u88fLohba3crZLpWcFQK5eFkf3LQ\/pNg=="} +00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1383822190886,"flow_last_seen":1383822190886,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00422{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822190,"pkt_ts_usec":886155,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0COtAAIAGZnzAqAH8PtKJ5sfxAbspsDzeAAAAAIACIACTeAAAAgQFtAEDAwgBAQQC"} +00424{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822190,"pkt_ts_usec":950538,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGvmc+0onmwKgB\/AG7x\/Gvhi1nKbA834ASOQidcgAAAgQFtAEBBAIBAwMH"} +00414{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822190,"pkt_ts_usec":951036,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCOxAAIAGZofAqAH8PtKJ5sfxAbspsDzfr4YtaFAQAQAWTQAAAAAAAAAA"} +00705{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822190,"pkt_ts_usec":951387,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"pkt":"UlQA2EYhUlQAWul3CABFAAECCO1AAIAGZazAqAH8PtKJ5sfxAbspsDzfr4YtaFAYAQCdOAAAFgMBANUBAADRAwFSe4F0W8quv62S3\/7ygOUuf1KhU9yi6dM6uUHTsgpIIwAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAGAAAAAcABoAABd3d3cuNmd5aXA3dHFpbTdzaWViLmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} +00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1383822190886,"flow_last_seen":1383822190951,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00408{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2076,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":21804,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAo\/HtAADEGwfc+0onmwKgB\/AG7x\/Gvhi1oKbA9uVAQAHsV+AAA"} +01408{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":37108,"pkt_caplen":794,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":794,"pkt_l4_len":760,"pkt":"UlQAWul3UlQA2EYhCABFAAMM\/HxAADEGvxI+0onmwKgB\/AG7x\/Gvhi1oKbA9uVAYAHv3EwAAFgMBADkCAAA1AwFSe3NuVwW3wewrm0Np+8gZfpw+6\/jzal\/O1PvTkdk53QDAEwAADf8BAAEAAAsABAMAAQIWAwEByAsAAcQAAcEAAb4wggG6MIIBI6ADAgECAgkAnJid7KPSoQwwDQYJKoZIhvcNAQEFBQAwIDEeMBwGA1UEAxMVd3d3LmEzdXljZGYzcm41bWQuY29tMB4XDTEzMTEwMjAwMDAwMFoXDTE0MDIxNzAwMDAwMFowHjEcMBoGA1UEAxMTd3d3Lmw3eHZ5c2ZudmtiLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0E2BOtnhLWOrZ8fxoxHjGhRWK1of38SpSBNg5b\/k4kfDQHGdL4hq3fcEtr78BJMr4Zf+dYRrf\/i8rLos33njMgo8oJqA1j9vg7wEx0spYhdfQskm1dLeQGZDN8DvyEqgknxhybcPAzyUGQZRPqosoPpI5OTClxfRzUMzk7OKJS8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAm4jj3CZ6E1Ur8DviH98154vz0x1VeY822f6PAgvXyJtEympFvro6oRz0e84wk+8Qk0u0CdxDSjoRRjMK6lpFUg\/ercM64yiXv3o0lSyuqYxq\/SsO88j6J4ug5YwlK8Ehm1An0BaEAIegLyliXKN+BU5QRzDZbd+6KUfKBngbsihYDAQDLDAAAxwMAF0EEovB5\/SW2DTHDDu+OYi9steUmfdbRCgSfNJGR4sNXRhl4hDgZfzXk2twIBJG8Grnw6YRIQGWT5IV1zZmnjnqbwgCAJ5r93gRCIdpZBfFMdDkPE2+t\/hq3eVxsiAp1+p8jigUZ61y99H5SXlIgzrbD14E0t9D2JNq7y+mW7anG7udz8ud8\/ae4433FISa8H+fPWATMTLX2XMO5nykP2OL2RzB12Z2Luv3SScQUiuIYkRAZLPfzndYQO4drRpTnAK0HOmMWAwEABA4AAAA="} +00969{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1383822190886,"flow_last_seen":1383822191037,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":958,"flow_avg_l4_payload_len":159,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (older than 1.2)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","issuerDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0"}} +00591{"flow_id":11,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2078,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":41090,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"UlQA2EYhUlQAWul3CABFAACuCO5AAIAGZf\/AqAH8PtKJ5sfxAbspsD25r4YwTFAYAP0z3gAAFgMBAEYQAABCQQRyKTQEXNEYBPZV3\/zEfTQkWpNPJBiGRL97y9vdutfsluomI+BM\/wATV9EXLZXU4z9ZBfdBaPDrleVfhRSEO4dsFAMBAAEBFgMBADDeTPLuhZGymstjqXonoYXbszTd6MvHlO4reIE7DIAVoLx2Ew2CndrSlYijv1enZdc="} +00492{"flow_id":11,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2079,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":163678,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"UlQAWul3UlQA2EYhCABFAABj\/H1AADEGwbo+0onmwKgB\/AG7x\/GvhjBMKbA+P1AYAIMjzwAAFAMBAAEBFgMBADAMkj8NEfgHVt41gvVoGZmSjJhPRcEYixw81Fk5SSn\/jCrlEY8yRundvc02RY4WwzM="} +00509{"flow_id":11,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2080,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":164491,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"UlQA2EYhUlQAWul3CABFAAByCO9AAIAGZjrAqAH8PtKJ5sfxAbspsD4\/r4Ywh1AYAP2+LAAAFwMBACBL1ibhXCdYHNj2E4PTgng+oqeH24GkH8CHyZvt8J3ixBcDAQAgEkRPKK9bVsaEt1jzbATo6gi5Jrhe3QmS4lNa9Qi2Z+w="} +02389{"flow_id":11,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2081,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":261926,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"UlQAWul3UlQA2EYhCABFAAXc\/H5AADEGvEA+0onmwKgB\/AG7x\/GvhjCHKbA+iVAQAIOHNwAAFwMBACAkBlPlDToh5NjQPtxYQe526GbVe90miqswtvBnvkBl9hcDAQXQ6tpRF3oZJal\/nVYbzucrBK2D7YXJC\/IIzQrki5GM\/\/kgKSRW48AywhBBMqPsX3k6JxIOaQfPIgRxcHMY6lsMMXMDgGcNEd6JuRAh+PaYQ3ZOzsdIsyCph1md4B9nTGo\/uu9qSN\/TvjBfdIVs4IovVqI0c5KRsu9IAKHsAC3x7xBz0BeIiO5I73VmbQTICUtGfRcHmn8bjCsNkSKTIxG56LCX4M2DoY7VNECLoxMBwaxIY9CqTbEnOpt9XYowMWFzTDEwdKDzDk1mFL8HsSfGJmFwszJ\/3cbzwiPVlbA+rQncmR2c0uqQbmpZFNPe7gupogdPAHQoIA1eiY0RoBrjGkZSEY2qZYBJFDLrY+9QrsLielG3G7MgXnmzvf9MncfqxIaDup\/7\/ryBeGkvRNidXNoRqJu2qJCSFZFClvVWT3AxnqMlVwJMGjVjsSG2BfarxWfiv1Lcd1nzguGjIP2rhh3yglY4zoAkeT3TlmXChbBl5kagptSlhr8wnmiTikcWgd0vSNs1xd246wGyMY6NRIQZU5+uUghbVH\/HHHrGa+9cPNjzM6zp1KY+rTcix9p+wUNygvVhFPCP+hkUyiSz9THkjBPh8GDbFMtEsqqYXPzQowaN938E347BuV7Y0RXAZkrFJqIuWYJLxUAFXL6DIEKhZ\/ZGFDv41qtdux1ERpzXgZH2xl+gkLJtQE7ZkK8XFAXmseGXDY092a3QpmeSPwxduT7L7\/xWtRtu5GwBc6xpGpngD\/jswhQuDiaCDTLu7z39GYBpaak40bS4KaBgl94uyksOQ2ew6ELguoL5OMJ7MeikdGbMIxEGc7Kcwo5sLfSGWtZj0mX2TfGSmNuS48dDJn0z6PE4MCgIUfe7zTb4+4mO4zHfDPeJazl1VHf\/Cc4HbUFkg64GdlHtU9ejW\/+nIFHDrJrR7FKq5060F5UHx51Vw1bFl1j3pJ15Ga+nrgKMoTsmwswB567CXfXwcdI+rnwnf0IbFMFzoWxYDQTM+VbQEt23ROGqssAzcLIKpwZ8bvepPLFS7h2LJsiOYhl7pLrUsoDBFmL7TAueeugXhe6qUi+hDNWV6hrCUYFxPagO\/XUJjPQpY6gavOgpEavDMn0Cl9oYff1pqXy85FT269EupXBlllB7zowwPcwtcwUAlYUS6ApxUDwceKb3PyweKnMsCvJxh\/lEjKLiBzk4V35dtf8DO+8KGNsH9We7IVtTv1LxzUZbGctbkpLWMrS8rFyS0MUTOOHJ67Shq8vc4CFHo0uB1zbwTllcxYF2u+E1fskznQuX0mo2Sli53Wv3oggLVMzMBMXQhG\/0\/712yp6JL9A6hXgqsjEMLnM9HAgzDkLa0PCYN1Pyx3tCNQB+2LbuRQqG7BrVWCKHeRyeysBpja4JzG5ey8QDflv8PGWViVgg5nIziygVhS9KlJgKI9s7ADkkpU89injRnv4YIpbdqL2pC933M\/8K9KOZGiZhcQMHimt4cOaohsItUf5K802UhQ1b4ToB81jJWwXeokQVXfPRt9rIyXqy\/sxZMdc0+EK6OsPhBLHlH9PI27uIEdnGl6\/ho5exj5FjDJRHY3QMoVh9FCee7nGm4FljuHNMkU4+Rv4NUAFvAHhIwHpMVz0sovf7KzChhmoxXw2umMi3Ft7BCOExD3cHLW9DmDbQe7KEUEdkcqE7QNbdPyDdLA5aYteM3\/voDeM02tQQajhnu\/5sTxN2yJr93su\/Zg7VKh8ZfOy+KfawpIqjnPn9BrWTFddcTiLCKje3xQRbX3ze9nVeWT0QL4Z2ov4Ch9nQgOZrHQZJQOrov81asBvtr7VyonepTHVcCdHTi6eA03x72UqxNTLorPY0dvtS8whMhVVOcv6YwlYmR3TKrYYMxdBnEdGmE0A="} +00509{"flow_id":11,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2082,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":262066,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"pkt":"UlQAWul3UlQA2EYhCABFAABu\/H9AADEGwa0+0onmwKgB\/AG7x\/GvhjY7KbA+iVAYAIP1\/wAAojeYv9WBh72O2RNpegkav3tigk0Kff0bc8dEvqjX7o6Us2kktDlSuMUONO4oliUxutOvDaKijvkhNxjfkueIsfxqviD5QA=="} +00415{"flow_id":11,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2083,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":263364,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCPBAAIAGZoPAqAH8PtKJ5sfxAbspsD6Jr4Y2gVAQAQALigAAAAAAAAAA"} +01209{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2084,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":265080,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyCPFAAIAGZDjAqAH8PtKJ5sfxAbspsD6Jr4Y2gVAYAQA6NgAAFwMBACBWoECUm11WtJl6mj1J2h9mnwGLYqglfOMUGXPVsm5AFRcDAQIgsbqaxnApccXkkOJmHLUd6mIhvav7crtZzRw5lgXrYStYtrU4aSs94A4L7Jr0KGBXnOth2eeI2eAeXEJPhKpb\/hW4srouMFAYhROgffcmaLU5hs+gl\/Og6\/CBa0Nr4yvBlAvIYWghCvyevyK\/dW5EoOk+Ihsjxd\/JDIJ6cNIZ2yXWqjQ1b6WAjNxZ\/ZzpifmfFskVyEoFtVa8K4pNy7Smjh\/ulJyLDukD9TJ8BGB6RfZy2uI7P4lYR2wPtKaj8y+DHVdZRcLjr\/3iFg9c7LBbEH0OlsIQJyl1OPs2KLXsLlKEcFtS1Rqp2iiY+i\/C8x6fXx+VXo1sTFdalQ38MUbzKggMNBEsxpBPbz13iexFblE8Cog+BzBAIaJVNPzXi7iSV9\/mcFpBFrZBzaudfzNP8IcMHuD5uPo2cvhJmhAVsaltQ+wiVrI5vy7aanv0f0l5tx99tBwI69ovSJMNSrtGpc7BoZ6sietyZoIajr3Q4WTqwnFq\/KrpghcodRzAfKU83ZCGbLcsGVHZh57nr42poIrTDSKRGGFtNMLOMpHIc6WUBanPBLJKrL2\/4v\/e8h9N3IAdFxoJ40X7+Iuwy5tMu+bQnO2R6cMflBiBxzfjFcQCrfXCHnl79eQBnDfw0\/M6Y4MjSeaIhv6E5qBr56HvAQaN62CyWuYUDx4K7yIyXqkJNUOgnnw4ExLZDyz1jrK7OSqBU9\/Blup3IZYO1zOgXw=="} +00410{"flow_id":11,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2085,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":358975,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAo\/IBAADEGwfI+0onmwKgB\/AG7x\/GvhjaBKbBA01AQAIwJtAAA"} +01208{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2086,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":359461,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyCPJAAIAGZDfAqAH8PtKJ5sfxAbspsEDTr4Y2gVAYAQARWwAAFwMBACAuvjLwx5Ij+UiLubXh24xjovbhHshGFWxLeDm0Yn\/KsxcDAQIg4GvrKssdBI6vk16PFTL1ZQoyHDdsLMK87\/Ckbc\/nBbwIBkGCazdevjsqp6O1G0BA8yHKQpnjvgZTWsLCk6QsUMZp4UEWHBLuexU0lZtwTVqBpMK+fW6BOoCAtTr3ECobkL48HhiQINfsvquZMF\/R9gTOctgGhvQoGR\/zSYk3S9An7he82PaHez\/ZL0rv7z8u\/NYrlsnKo4BvgvaB4kulUKF\/iZDy08QpfgxFh3noi0\/EOHwmzUi\/kziJdGz6VYzExgpm8lI59GODUlNXByTSzfNxZV+KDT1Bzi8jLytsSdsNH1PE+FZMwodMLQdpkNfa1RGj9HFQojtb0SDnZfYy63iwUz2sl3WKpa3p0Dg82FDWvqF5znbcCu9CNrLuFjkOBouKPYofcoNc+ShlqMEP8zL0hYeRgPWOjtEF5JFGJwvsqK0RINh9opmX+CTewaSls4yYjP8XAJjEJnpbgKWbMomo9InR\/sYdKkYQ9vSBd84peWT1i7pz6rxZz3oKfYXNB5xk9meqL76dC765FgmHEafXckoiK7bPU06dFkQtnA30wg4Ty7XiVwo3D54gy0K0\/CFXRNsLB6HhaMlf4Q3\/WOXZVGruBa+r7yodynU78lhkoWtJU7yRny6nFEFcedD3ZfIBbXggMeFoiYbazzJTNjXC0cOkTY1HGlFJgpUhB8EGB6IoQ9bge4u88fLohba3crZLpWcFQK5eFkf3LQ\/pNg=="} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822192,"pkt_ts_usec":212065,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2107,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822194,"pkt_ts_usec":212377,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -382,28 +366,25 @@ 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2577,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822212,"pkt_ts_usec":212113,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","type":38} -00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2685,"source":"tor.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1383822214039,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} -00593{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2685,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822214,"pkt_ts_usec":39100,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2685,"source":"tor.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1383822214039,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00592{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2685,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822214,"pkt_ts_usec":39100,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822214,"pkt_ts_usec":212221,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822216,"pkt_ts_usec":212093,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","type":38} -00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1383822217531,"flow_last_seen":0,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} -00542{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822217,"pkt_ts_usec":531372,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDIMBZjPcAAgAAgAAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} -00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1383822217531,"flow_last_seen":0,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} +00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1383822217531,"flow_last_seen":1383822217531,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00542{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822217,"pkt_ts_usec":531372,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDIMBZjPcAAgAAgAAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} +00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1383822217531,"flow_last_seen":1383822217531,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822218,"pkt_ts_usec":212163,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","type":38} -00542{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2800,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822218,"pkt_ts_usec":758583,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDB8BZjPcAAgAAgBkAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} +00542{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2800,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822218,"pkt_ts_usec":758583,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDB8BZjPcAAgAAgBkAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822220,"pkt_ts_usec":212053,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","type":38} -00542{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2863,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822220,"pkt_ts_usec":774203,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhC1cBZjPcAAgAAgEsAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} -00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2870,"source":"tor.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1383822214039,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00542{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2863,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822220,"pkt_ts_usec":774203,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhC1cBZjPcAAgAAgEsAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822222,"pkt_ts_usec":212047,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2936,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822224,"pkt_ts_usec":212144,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2936,"source":"tor.pcap","alias":"nDPId-test","type":38} -00542{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2952,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822224,"pkt_ts_usec":935668,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhCWMBZjPcAAgAAgMgAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} +00542{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2952,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822224,"pkt_ts_usec":935668,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhCWMBZjPcAAgAAgMgAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2965,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822226,"pkt_ts_usec":212245,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2965,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2976,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822228,"pkt_ts_usec":212061,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -412,7 +393,7 @@ 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2988,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3004,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822232,"pkt_ts_usec":211971,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3004,"source":"tor.pcap","alias":"nDPId-test","type":38} -00542{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3010,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822232,"pkt_ts_usec":938483,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhBkMBZjPcAAgAAgZAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} +00542{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3010,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822232,"pkt_ts_usec":938483,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhBkMBZjPcAAgAAgZAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3018,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822234,"pkt_ts_usec":211967,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3018,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3036,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822236,"pkt_ts_usec":212113,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -423,19 +404,16 @@ 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3234,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822242,"pkt_ts_usec":212027,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","type":38} -00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3491,"source":"tor.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1383822244096,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} -00593{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3491,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822244,"pkt_ts_usec":96142,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3491,"source":"tor.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1383822244096,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00592{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3491,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822244,"pkt_ts_usec":96142,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822244,"pkt_ts_usec":212056,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3654,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822246,"pkt_ts_usec":212005,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3654,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3712,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822248,"pkt_ts_usec":212313,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3712,"source":"tor.pcap","alias":"nDPId-test","type":38} -00542{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3714,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822248,"pkt_ts_usec":944702,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhAAMBZjPcAAgAAgyAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} +00542{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3714,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822248,"pkt_ts_usec":944702,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhAAMBZjPcAAgAAgyAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822250,"pkt_ts_usec":211939,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","type":38} -00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1383822244096,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822252,"pkt_ts_usec":211970,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3735,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822254,"pkt_ts_usec":212017,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -458,30 +436,28 @@ 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3855,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822272,"pkt_ts_usec":211953,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","type":38} -00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3857,"source":"tor.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1383822274144,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} -00594{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3857,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822274,"pkt_ts_usec":144364,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3857,"source":"tor.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1383822274144,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00593{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3857,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822274,"pkt_ts_usec":144364,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822274,"pkt_ts_usec":212080,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822276,"pkt_ts_usec":211998,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","type":38} -00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":38,"flow_first_seen":1383822129897,"flow_last_seen":1383822265221,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10408,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1383822274144,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} -00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1383822217531,"flow_last_seen":1383822248944,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":534,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} -00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":29,"flow_first_seen":1383822190886,"flow_last_seen":1383822265123,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8029,"flow_avg_l4_payload_len":276,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":32,"flow_first_seen":1383822129889,"flow_last_seen":1383822265160,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8625,"flow_avg_l4_payload_len":269,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1826,"flow_first_seen":1383822130889,"flow_last_seen":1383822265215,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1411596,"flow_avg_l4_payload_len":773,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":38,"flow_first_seen":1383822129897,"flow_last_seen":1383822265221,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10408,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1383822123915,"flow_last_seen":1383822274144,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":864,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1383822217531,"flow_last_seen":1383822248944,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":534,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":29,"flow_first_seen":1383822190886,"flow_last_seen":1383822265123,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8029,"flow_avg_l4_payload_len":276,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":32,"flow_first_seen":1383822129889,"flow_last_seen":1383822265160,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8625,"flow_avg_l4_payload_len":269,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1826,"flow_first_seen":1383822130889,"flow_last_seen":1383822265215,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1411596,"flow_avg_l4_payload_len":773,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test"} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3859/3694 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 2886102 bytes -~~ total detected protocols..: 19 -~~ total active/idle flows...: 20/20 +~~ total detected protocols..: 11 +~~ total active/idle flows...: 12/12 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 2080305 bytes -~~ total memory freed........: 2080305 bytes -~~ total allocations/frees...: 39110/39110 +~~ total memory allocated....: 2067505 bytes +~~ total memory freed........: 2067505 bytes +~~ total allocations/frees...: 39086/39086 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 130 chars ~~ json string max len.......: 2400 chars |