diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2021-05-20 14:55:05 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2021-05-20 14:55:05 +0200 |
| commit | 9a1c2d0ea731724edfaca97195c87569e4321681 (patch) | |
| tree | d1371082f38a429a2c491ef918ed2a963936bc9a /test/results/tor.pcap.out | |
| parent | db39772aa7b10ee6fb9e21db8f44c0f5fca7a1d2 (diff) | |
Reworked layer 4 flow length naming/calculation.
* nDPIsrvd services usually do not care about layer4 data length,
payload length is quite more essential for further processing
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/tor.pcap.out')
| -rw-r--r-- | test/results/tor.pcap.out | 134 |
1 files changed, 67 insertions, 67 deletions
diff --git a/test/results/tor.pcap.out b/test/results/tor.pcap.out index c671150cb..e41c0e3b3 100644 --- a/test/results/tor.pcap.out +++ b/test/results/tor.pcap.out @@ -5,15 +5,15 @@ 00141{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2,"source":"tor.pcap","alias":"nDPId-test","type":38} 00371{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821664,"pkt_ts_usec":212868,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00141{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3,"source":"tor.pcap","alias":"nDPId-test","type":38} -00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1383821665420,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1383821665420,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00419{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":420161,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A15AAIAGe0DAqAH8W49d8semAbvp\/8nSAAAAAIACIABVtgAAAgQFtAEDAwgBAQQC"} 00420{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":491157,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x6b4Wbj86f\/J04ASOQiLRwAAAgQFtAEBBAIBAwMH"} 00412{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":491486,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA19AAIAGe0vAqAH8W49d8semAbvp\/8nT+Fm4\/VAQAQAEIgAAAAAAAAAA"} 00700{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":498155,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"UlQA2EYhUlQAWul3CABFAAD\/A2BAAIAGenPAqAH8W49d8semAbvp\/8nT+Fm4\/VAYAQAYUgAAFgMBANIBAADOAwFSe39m5Uhx5LWaEhy\/VSH7GBPue0xnQwvtdptmyyiBdQAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAF0AAAAZABcAABR3d3cuY3Q3Y3RyZ2I2Y3I3LmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -00739{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1383821665420,"flow_last_seen":1383821665498,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":20,"flow_max_l4_data_len":235,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00750{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1383821665420,"flow_last_seen":1383821665498,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00404{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":595471,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAovfFAAC4GErlbj13ywKgB\/AG7x6b4Wbj96f\/KqlAQAHsD0AAA"} 01416{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":606254,"pkt_caplen":802,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":802,"pkt_l4_len":768,"pkt":"UlQAWul3UlQA2EYhCABFAAMUvfJAAC4GD8xbj13ywKgB\/AG7x6b4Wbj96f\/KqlAYAHsRmwAAFgMBADkCAAA1AwFSe3FhblJ+qnc\/Xzrv\/Y8DDcBFhBvTPyDsEKscsd0kcQDAEwAADf8BAAEAAAsABAMAAQIWAwEB0AsAAcwAAckAAcYwggHCMIIBK6ADAgECAghNHmd17ZYxhDANBgkqhkiG9w0BAQUFADAkMSIwIAYDVQQDExl3d3cueGtnazdmZHgzNjJ5eXl4aWIuY29tMB4XDTEzMTAwMzAwMDAwMFoXDTEzMTExODIzNTk1OVowIzEhMB8GA1UEAxMYd3d3Lmc2Z2h2aXNldmYzaWJ1dTUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHZ8HsrDd3h3QHNwmeQmsZhanoLQrgAdOGeNpqPnN8EeEfWHfAhERw2P2X\/65ntH30P1+pO341gfmDPiVnWKrKbdemOhWc5+hwLlrFMBHRwZhKfLV209jv90DdPiH2IEACikyepIw6POeuekcFmqTOmoCEJTbNBSj+8LU10shZzwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAAld0vA63k+sJBP0ASZPfowRgyf+KO3kn9u3Vfn7j2WGuu25E+hu31LvqyGY8p7YDhLtCfkLQW1kVQfVdYZigxa2W4XZzHJjJYQrJ4F3JAYrDHIJCSkFotsj+MHGvK8RMtwgWN\/DmTm0H+ElopdeZ6A1Yuf68M1eu+xcwU2J0cvXFgMBAMsMAADHAwAXQQSvlfSdTowV7IWy1hEB2lrCnfDzGtBqT\/O8oAtmrv2JLdqdXF9TVeFWadHWqnWPGu6R+q42bK4+xjL04xQfF3pJAIC\/xQ6mh+tNVoGiUr0NNcGTl\/oiliWHeVQ\/Ju\/zL08UfHENRqFwbSMKVqwe1ATJEGwjD2o4uXXxFa7TuOOqF2A7NSc1tB1EOMyaSxSj2ErpMMeriZLtJkC2ATIqhThSiA2Zyhk6VZhBmt03QbLE5z3Buy1faaJlcTBsDXGPf+lHOxYDAQAEDgAAAA=="} -00951{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1383821665420,"flow_last_seen":1383821665606,"flow_tot_l4_data_len":1107,"flow_min_l4_data_len":20,"flow_max_l4_data_len":768,"flow_avg_l4_data_len":184,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","issuerDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}} +00961{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1383821665420,"flow_last_seen":1383821665606,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":160,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","issuerDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}} 00589{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":610798,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"UlQA2EYhUlQAWul3CABFAACuA2FAAIAGesPAqAH8W49d8semAbvp\/8qq+Fm76VAYAP0DsgAAFgMBAEYQAABCQQQBz\/iRhshChnDAfb40Y8MWCXprjP8lZG1DtE+U+j6BWPrq+5OFeCsW2pZ7Suy0BvJsDRr0urFqDxcFndXejXYEFAMBAAEBFgMBADB1hh6st8IRTt9zFzeTFecieoX\/gRdWKeoIyOPbMfbM9ZtQFSMUifno+9FawQ2f0SI="} 00487{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":694821,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"UlQAWul3UlQA2EYhCABFAABjvfNAAC4GEnxbj13ywKgB\/AG7x6b4Wbvp6f\/LMFAYAIOUGAAAFAMBAAEBFgMBADBVGONY7qr+VSoL0tusO+zWBvMzRndz3BHOEZVHB+8buEuy3EGlBEJ4IOcNmaSoQEo="} 00508{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":695404,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"UlQA2EYhUlQAWul3CABFAAByA2JAAIAGev7AqAH8W49d8semAbvp\/8sw+Fm8JFAYAP1YCwAAFwMBACB0ZHngnVul9\/NrqvzHaXwgcwIQhnFnY8TbxAF8aR5I8hcDAQAgrt1BCg17CnWnOF9fCAs5b\/AwpXaxSWcaCu6nHvL7OA4="} @@ -25,15 +25,15 @@ 01208{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":877534,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyA2VAAIAGePvAqAH8W49d8semAbvp\/83E+FnCPlAYAQCWHAAAFwMBACBIdsG\/zOXG\/XztpJ8eFepnZhEXQSSgOOQTcWqQ9+Lx5RcDAQIg68Keur3cYqAVMp4H9MAwBHczaDXxrJyCRIcH8VQ2ys9UgruN16hGu3fmB9dMFBX17YHcxjnf9bkvZ5A+RhhNicA7w+vJ2Ns0QrTXkW5SgRWCVRvJhjWw4mb7fMmSgCsMsTul8R6MZbcOMTGg\/YTBVFikQb3GWC+0IB29jRW6YQDkfmINVrldJvRH6sL3\/dejMT3SKkZPcB5Fo2gOldl60pRT9KT95zyd4\/hxFlF6pB1Ax2uRSXOpfgJNaIpWWlP6OPbAVyZJEYFvHsIF7bPRcB9CJlCy2iBlJba+1e89qHcfFu5tLGbxl+3UyI\/Jh2oyc3e9rZvi1L99EMzYdTkkXss9d\/X3UJIgG85A\/wJNaJO4FLEfbddJ\/eyzitzquPQVt9k1\/V6UUJkVdZ20Qp0mpLiBJV+cbq\/Itkeh6TKJS2ha8XVBado8qntl6NIf1ASx7L+2T9gJ07KqYOQqLmNvrpdhUaZV3r0bF0KfhsxqcFz15doyFlP\/lX+Bc01wQhZyOA\/\/krtSsiVkCfRoVfZBIPR2IMa5ntyOfRRaqtvGZ9MdJMQo0FzAt27vxx2nAJSuXxhiBPP7ScJYdTbWORIFEE2KU9GVIf\/oDl1Xu0uk3H0je2K74L5Xv5S0Uwz54Me47i8w5SjiqyXqQtqCc3xM79wE8eqcS14Q+HIe2vFtw1jum5z5\/XGlcFyJBHkjgA8o8YEO9V+Tn8TP0u0HUp5fMg=="} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":212873,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","type":38} -00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1383821666407,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1383821666407,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00419{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":407384,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A2hAAIAG0l3AqAH8Ljs0H8enAbvpjJYYAAAAAIACIADhCQAAAgQFtAEDAwgBAQQC"} 00420{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":480751,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAACwGKcYuOzQfwKgB\/AG7x6cxNPZ86YyWGYASchBnNQAAAgQFtAEBBAIBAwMK"} 00411{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":481792,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA2lAAIAG0mjAqAH8Ljs0H8enAbvpjJYZMTT2fVAQAQAZGwAAAAAAAAAA"} 00706{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":482149,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"pkt":"UlQA2EYhUlQAWul3CABFAAEGA2pAAIAG0YnAqAH8Ljs0H8enAbvpjJYZMTT2fVAYAQDoYgAAFgMBANkBAADVAwFSe39nmuU3sweaQVD0jHq0Cq72Q\/dbDCXKTgOCZqGRcwAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAGQAAAAgAB4AABt3d3cuZTZyNXA1N2tiYWZ3cnhqM3Bsei5jb20ACwAEAwABAgAKADQAMgABAAIAAwAEAAUABgAHAAgACQAKAAsADAANAA4ADwAQABEAEgATABQAFQAWABcAGAAZ"} -00823{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1383821666407,"flow_last_seen":1383821666482,"flow_tot_l4_data_len":326,"flow_min_l4_data_len":20,"flow_max_l4_data_len":242,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00834{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1383821666407,"flow_last_seen":1383821666482,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00404{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":554821,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAoI35AACwGBlQuOzQfwKgB\/AG7x6cxNPZ96YyW91AQAB4ZHwAA"} 01418{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":558024,"pkt_caplen":803,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":803,"pkt_l4_len":769,"pkt":"UlQAWul3UlQA2EYhCABFAAMVI39AACwGA2YuOzQfwKgB\/AG7x6cxNPZ96YyW91AYAB45HQAAFgMBADkCAAA1AwFSe3GQvlkjsNvaqzz1Jg8ocO0ckhO5WNgjw2W3RHOCfQDAEwAADf8BAAEAAAsABAMAAQIWAwEB0QsAAc0AAcoAAccwggHDMIIBLKADAgECAgkAyJuPbVBYWYkwDQYJKoZIhvcNAQEFBQAwJDEiMCAGA1UEAxMZd3d3LmdtdnV5Nm10amJ4ZXZ3bzN3LmNvbTAeFw0xMzA2MDcwMDAwMDBaFw0xNDAyMDcwMDAwMDBaMCMxITAfBgNVBAMTGHd3dy5icGNhdTViM2hhaWY1ZWxzLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtCoMNoMB\/bPWkwxZa12ExSs9Zb210E0A0rPDg\/7EzQuI8FPhS\/b9Slh2Zmvd0oyi6lLKja47rCq7aGurj20gIvMTF3alteVEWgxcVTpzPdHCTWiWEM3BqrqpAB9leOgfzVv1dV3nD\/giRvObx58gFxwD3JELm7e2NCKMmsXzs8kCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBAvjgQRO82hCrJcL+59OA\/RWLlWFm\/P21ukV0xsN07DzGhwE9bjq3ra0wFqNHW3zZIWYSNX98ynuB8ouYxXYrz849\/jFhxPLbJX3GKAh4pjUc+K8VCKG22ffnB9DKVxVvH3rTXnFEX4Wc57zOJjmoHoLAegzPRCVD3MAhPM+avehYDAQDLDAAAxwMAF0EEh\/lTj1UNAgjsYqR\/yEmabZJVS5dmXeCRVk+J6ufSUkL56OUbWroIwh4izJDA6FYBnBdIZDGf5wXV1D3SwsF\/ewCAradRhN3chNFMTWX1OFng4xEzuMm030V84VdrAyOo7+m5etluRr+EXSWfkc1CIgMl7cxdFTVP31JtGREZ5+\/Jg+3Dp55Scwe4RT7WiqFCa1tb7UnP8P8bB8+rR6vtEOWjTaeyVzbjxFRUqvBwouD+uvazREdAU4vow6DB4vIlyXAWAwEABA4AAAA="} -01035{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1383821666407,"flow_last_seen":1383821666558,"flow_tot_l4_data_len":1115,"flow_min_l4_data_len":20,"flow_max_l4_data_len":769,"flow_avg_l4_data_len":185,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.gmvuy6mtjbxevwo3w.com","issuerDN":"CN=www.bpcau5b3haif5els.net","fingerprint":"3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C"}} +01045{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1383821666407,"flow_last_seen":1383821666558,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":749,"flow_tot_l4_payload_len":971,"flow_avg_l4_payload_len":161,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.gmvuy6mtjbxevwo3w.com","issuerDN":"CN=www.bpcau5b3haif5els.net","fingerprint":"3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C"}} 00586{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":562358,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"UlQA2EYhUlQAWul3CABFAACuA2tAAIAG0eDAqAH8Ljs0H8enAbvpjJb3MTT5alAYAP3tDAAAFgMBAEYQAABCQQQbCwji4LUZT0epSH0gj4mvHkh2ZeQtzOVA1S7vs3bZ23H+4gJJqoM2Dz1h4aKovW61xcrmP4JLevLNNBaCJDBjFAMBAAEBFgMBADDcfk8P+jYf+z7UeGSu8le4RjkGrW6Vw3SLThiYsnvGmMLEq9EIBVULs+mRW0ZhKbc="} 00487{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":644122,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"UlQAWul3UlQA2EYhCABFAABjI4BAACwGBhcuOzQfwKgB\/AG7x6cxNPlq6YyXfVAYAB8mlgAAFAMBAAEBFgMBADB7EOw8+wEtEdpBi+G7JcCsTcVRGogcbGSmNZC1iS7tC4fMNHvHjM1Gc\/QZkOBwWaQ="} 00505{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":645596,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"UlQA2EYhUlQAWul3CABFAAByA2xAAIAG0hvAqAH8Ljs0H8enAbvpjJd9MTT5pVAYAP0wUQAAFwMBACC8MSttPKbpeuJql1UlAtNdadSILn5gK8Svy7ekD6MzsRcDAQAg7tsD6870z1FfLFv1BukG3ypusdNwWJbe+1lZO4ENyNk="} @@ -45,15 +45,15 @@ 01203{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":838948,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyA3BAAIAG0BfAqAH8Ljs0H8enAbvpjJoRMTT\/v1AYAQCjBwAAFwMBACCuEhGVA4NvraHqWBXF0VGKi7yya+9S+1okg4GocBkj\/BcDAQIgqsSvH4svwNynX5ByKfenV2pkK\/zH5qdmrle51GUZdAWp5VTZzjCx\/s3z2YQPJOaJ8hzBRzNfwMHhVLGiZ7rvf8BQlBrfRXfo1Snj5ShDklJKVYJgPv2imkOqDOab6FYtIehUfgy8e7\/Zk1BnQWZBDR65DFznkpxbkLGufZ3ovawC+z9M4mggiRY94e6nM\/jPQLpCTGp\/RkFgwoH9gKmn39AxE+unqF+GFeMXpjFIRmGGU\/+LplD76IzG1gwlZfxa\/6Jxfuy79GRU4FdzUKbzAj11MMv17UuUi4h56ghDeKXYYdM4tC\/LXZ\/5NMyY6nutaKaN2EQUUnYef5MMUaupYOXf1D6kW59zAm5jQYAQSxX+1R54hIg3w0gGqTatO1RcWJIzFrzo0AoVma9K4X3hjZ0WkF9LuCsrVueZ3XSqYRKiAMp5ktEluSU6NzCWY1UVUp+HZJEzDSzrfACABWhRZMuy6rhAvLFaTc7VPRtHQOpZQybaBeHzl50phweF0i3PNlz0NPDXS6WPUwBXGNDr1SzWWaJbRY2Y4GSwU5sBZM3Po9LrosDeNJexY70v7YJeR9hc2lHfRlsUqMsQfVkEOB27ZG5GYJXOEwOc07o0Udlctf3xwBBTlYOwkN1sJz6Mv2PRCxvz5YJLj1BlbRaZ5UYiMKkvLub0aqJX\/mhIykWQUm04S5iR7nVREMC7l7Ehiq2XcjHQmTfj6eJSX+Mh5w=="} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":212884,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","type":38} -00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1383821668403,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1383821668403,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00419{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":403824,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A3VAAIAGx5DAqAH8JuVGNceoAbuUs9YxAAAAAIACIADrCAAAAgQFtAEDAwgBAQQC"} 00420{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":547648,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x6iEDREglLPWMoASOQg8wAAAAgQFtAEBBAIBAwMK"} 00411{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":548030,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA3ZAAIAGx5vAqAH8JuVGNceoAbuUs9YyhA0RIVAQAQC1nQAAAAAAAAAA"} 00711{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":548416,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"pkt":"UlQA2EYhUlQAWul3CABFAAEIA3dAAIAGxrrAqAH8JuVGNceoAbuUs9YyhA0RIVAYAQDlUgAAFgMBANsBAADXAwFSe39pbZn4CAZLPeIeRH8NC+wysEGwDtFI6Y81\/Q\/FOwAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAGYAAAAiACAAAB13d3cucTRjeWFtbmM2bXRva2p1cnZkY2x0LmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -00826{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1383821668403,"flow_last_seen":1383821668548,"flow_tot_l4_data_len":328,"flow_min_l4_data_len":20,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1383821668403,"flow_last_seen":1383821668548,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00404{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":700311,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAodvRAADQGoB0m5UY1wKgB\/AG7x6iEDREhlLPXElAQABC1rQAA"} 01657{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":700468,"pkt_caplen":983,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":983,"pkt_l4_len":949,"pkt":"UlQAWul3UlQA2EYhCABFAAPJdvVAADQGnHsm5UY1wKgB\/AG7x6iEDREhlLPXElAYABC9qQAAFgMBADECAAAtAwFSe3FkFBSyW8wepaOLNrHGBX6ujzo8E8jJ3hV5JUvPxQAAOQAABf8BAAEAFgMBAcsLAAHHAAHEAAHBMIIBvTCCASagAwIBAgIIQu7SDsoDvGgwDQYJKoZIhvcNAQEFBQAwITEfMB0GA1UEAxMWd3d3LmdnNTYyaXpjeGR2cWRrLmNvbTAeFw0xMzA5MTUwMDAwMDBaFw0xNDAyMjEyMzU5NTlaMCExHzAdBgNVBAMTFnd3dy5mY3N5dm5sZW13eHY1cC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJQ5+9Jafzi9QKeOG1kHDMDsvWpuxkXpeqU5V0auc99fup3dK8JdNTGzu3St2C7rtsHg\/aOI\/RD9LBPI3jkM\/bU0HyaJ3ATnGMkGr5BqkEX3ztOgHRZwu+TnTmi+fZZYOYr6X\/P1TAaEG\/JhZstA4GTErKlTy7h8CUyjLfJJOEhDAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAczayP3BW1GC9VJrrjJIooGh9+Wn4OGeizzpTmcCFI8IoeRhpPTIKqepFXqDaxPlMKybjBOaBnrwjugwfJouvDQ5AWM8LmNJinE97MZJTCtJdki6wMXqQ\/ENtzXqVsU9szKRr4KBKbjpnMQxheyATYof7q025Meevj610uNi4SCIWAwEBjQwAAYkAgNZ95EDLu9wZNtaT00r9CtUMhNI5pF9SC7iBdMuYvOlRhJ+RLmOccvsTtLTXF34W1VrBebpCCyop\/jJKRnpjXoH\/WQE3e+3c\/TMWikYarTty2uiGAHgEWwen28p4dAh9FRDqn8yd3TMFB91i24iuqnR94PTW4r1osOc5Pg8kIY6zAAECAIC7NDsQgl1IAWKbRx1wHPylgZjfFRnDGoYNfQ7CNaqRXHVejZyQnn6wNxAX2btR4cHb94VBJHyDz7731tfwYVhKU0Q0uQ+9iUV+KttLf4WfEH1OPgH35Lx+gZDuhiP6HSf7zcDaWz9UsBaGz5RpkdjpNOWfJEY2DOahHxjPJn9rAgCAPu2BuVcYmwTooEwYEE91V6CDblIATWpwKW\/TTRBsnSpOw2KnYuG7m0Xlmbfg1qWpqJep8soTArmFtgLXw0ykgqE3hliGUbTWkGTb5TgEp5QccknHUgEE5eiM4FmSQpPQAOha3Vv0rrVEZTpoq6WO4d3vecLDTlOfJdSF3sF8QF0WAwEABA4AAAA="} -01031{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1383821668403,"flow_last_seen":1383821668700,"flow_tot_l4_data_len":1297,"flow_min_l4_data_len":20,"flow_max_l4_data_len":949,"flow_avg_l4_data_len":216,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","issuerDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}} +01042{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1383821668403,"flow_last_seen":1383821668700,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":192,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","issuerDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}} 00672{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":708049,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"pkt":"UlQA2EYhUlQAWul3CABFAADuA3lAAIAGxtLAqAH8JuVGNceoAbuUs9cShA0UwlAYAP1UZwAAFgMBAIYQAACCAICVqs\/lAnDz1OCq70x00UceWrtuOw3N0LPh14jZeUdb0SIrh+q2nw7OzMPTMbvR2F3l+e9Ge2cO3B9dU3NuyuxmC2T11LmEuzT\/Hf14mMzupeO2yAdSPyikLwGzVW35ZClY6hUlpdVjzbtMcZLgCVrp1P2c6gx2eE0q2TMx74J8ShQDAQABARYDAQAwUYDo0syC7vcphX7PaChw29yHdSCulVCitJfgxPBnmRO2gFPOcCsNzcRdYYMrxKaX"} 00486{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":872166,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"UlQAWul3UlQA2EYhCABFAABjdvZAADQGn+Am5UY1wKgB\/AG7x6iEDRTClLPX2FAYABG6QQAAFAMBAAEBFgMBADAaY3i5fXWZ4AML4bIyljsoDgZZBOXmk153GE8srIolG5kCI8vhcZkuXXaLWjel7Is="} 00506{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":872735,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"UlQA2EYhUlQAWul3CABFAAByA3pAAIAGx03AqAH8JuVGNceoAbuUs9fYhA0U\/VAYAPwTKQAAFwMBACAk0DxcKn+Ish+ZeQZv7WaMFXe8WkhVh9eJrY8qC7+55RcDAQAgv+Szj7Xko2kB53mat2M83QOGXHAJE0170QxkHpJFs+o="} @@ -67,9 +67,9 @@ 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":80,"source":"tor.pcap","alias":"nDPId-test","type":38} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821672,"pkt_ts_usec":213282,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","type":38} -00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1383821673254,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1383821673254,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00591{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821673,"pkt_ts_usec":254958,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1383821673254,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1383821673254,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821674,"pkt_ts_usec":212949,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","type":38} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":88,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821676,"pkt_ts_usec":212885,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -78,7 +78,7 @@ 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":89,"source":"tor.pcap","alias":"nDPId-test","type":38} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":90,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821680,"pkt_ts_usec":212883,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":90,"source":"tor.pcap","alias":"nDPId-test","type":38} -00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1383821673254,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1383821673254,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821682,"pkt_ts_usec":212886,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","type":38} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":92,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821684,"pkt_ts_usec":212907,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -91,9 +91,9 @@ 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":95,"source":"tor.pcap","alias":"nDPId-test","type":38} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":96,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821692,"pkt_ts_usec":212907,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":96,"source":"tor.pcap","alias":"nDPId-test","type":38} -00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1383821693159,"flow_last_seen":0,"flow_tot_l4_data_len":218,"flow_min_l4_data_len":218,"flow_max_l4_data_len":218,"flow_avg_l4_data_len":218,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1383821693159,"flow_last_seen":0,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00679{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821693,"pkt_ts_usec":159821,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"pkt":"\/\/\/\/\/\/\/\/UlQAWul3CABFAADuA4EAAIARsTLAqAH8wKgB\/wCKAIoA2itVEQLJT8CoAfwAigDEAAAgRUZFT0VFRUpFQkVPQ05GQUVEQ0FDQUNBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAKgAAAAAAAAAAAOgDAAAAAAAAAAAqAFYAAwABAAEAAgA7AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABFTkRJQU4tUEMA"} -00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1383821693159,"flow_last_seen":0,"flow_tot_l4_data_len":218,"flow_min_l4_data_len":218,"flow_max_l4_data_len":218,"flow_avg_l4_data_len":218,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} +00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1383821693159,"flow_last_seen":0,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821694,"pkt_ts_usec":212894,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","type":38} 00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":99,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821696,"pkt_ts_usec":212907,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -104,10 +104,10 @@ 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":101,"source":"tor.pcap","alias":"nDPId-test","type":38} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":102,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821702,"pkt_ts_usec":213488,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":102,"source":"tor.pcap","alias":"nDPId-test","type":38} -00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1383821693159,"flow_last_seen":0,"flow_tot_l4_data_len":218,"flow_min_l4_data_len":218,"flow_max_l4_data_len":218,"flow_avg_l4_data_len":218,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} -00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1383821703288,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1383821693159,"flow_last_seen":0,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1383821703288,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00592{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821703,"pkt_ts_usec":288336,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1383821703288,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1383821703288,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":111,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821704,"pkt_ts_usec":212955,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":111,"source":"tor.pcap","alias":"nDPId-test","type":38} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":156,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821706,"pkt_ts_usec":213267,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -118,7 +118,7 @@ 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":202,"source":"tor.pcap","alias":"nDPId-test","type":38} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":203,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821712,"pkt_ts_usec":212949,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":203,"source":"tor.pcap","alias":"nDPId-test","type":38} -00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":212,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1383821703288,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":212,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1383821703288,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":214,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821714,"pkt_ts_usec":212940,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":214,"source":"tor.pcap","alias":"nDPId-test","type":38} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":215,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821716,"pkt_ts_usec":213464,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -139,13 +139,13 @@ 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":356,"source":"tor.pcap","alias":"nDPId-test","type":38} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":541,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821732,"pkt_ts_usec":212991,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":541,"source":"tor.pcap","alias":"nDPId-test","type":38} -00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1383821733324,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1383821733324,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00592{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821733,"pkt_ts_usec":324487,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1383821733324,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":662,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1383821733324,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1383821733324,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":662,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1383821733324,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":671,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821734,"pkt_ts_usec":213076,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":671,"source":"tor.pcap","alias":"nDPId-test","type":38} -00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1383821734359,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1383821734359,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00413{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821734,"pkt_ts_usec":359648,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoBE1AAIAGeHjAqAH8nTgeLsegAbuzcgvfGiCX\/lAUAAD2+QAAAAAAAAAA"} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":690,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821736,"pkt_ts_usec":213187,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":690,"source":"tor.pcap","alias":"nDPId-test","type":38} @@ -155,8 +155,8 @@ 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":806,"source":"tor.pcap","alias":"nDPId-test","type":38} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":828,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821742,"pkt_ts_usec":213016,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":828,"source":"tor.pcap","alias":"nDPId-test","type":38} -00490{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":843,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1383821734359,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} -00470{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":843,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1383821734359,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":843,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1383821734359,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}} +00478{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":843,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1383821734359,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":848,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821744,"pkt_ts_usec":213025,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":848,"source":"tor.pcap","alias":"nDPId-test","type":38} 00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":889,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821746,"pkt_ts_usec":213762,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -177,12 +177,12 @@ 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821762,"pkt_ts_usec":212987,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","type":38} -00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1344,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1383821763366,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1344,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1383821763366,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00593{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821763,"pkt_ts_usec":366999,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00509{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1344,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1383821763366,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1344,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1383821763366,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821764,"pkt_ts_usec":213182,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","type":38} -00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1390,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1383821763366,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1390,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1383821763366,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821766,"pkt_ts_usec":213046,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1709,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821768,"pkt_ts_usec":213010,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -205,37 +205,37 @@ 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821786,"pkt_ts_usec":213089,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","type":38} -00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":141,"flow_first_seen":1383821665420,"flow_last_seen":1383821774457,"flow_tot_l4_data_len":63576,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":450,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":34,"flow_first_seen":1383821666407,"flow_last_seen":1383821774461,"flow_tot_l4_data_len":9950,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":292,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1576,"flow_first_seen":1383821668403,"flow_last_seen":1383821774532,"flow_tot_l4_data_len":1332694,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":845,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1383822123915,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":141,"flow_first_seen":1383821665420,"flow_last_seen":1383821774457,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60720,"flow_avg_l4_payload_len":430,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":34,"flow_first_seen":1383821666407,"flow_last_seen":1383821774461,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9246,"flow_avg_l4_payload_len":271,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1576,"flow_first_seen":1383821668403,"flow_last_seen":1383821774532,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1301150,"flow_avg_l4_payload_len":825,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1383822123915,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00594{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822123,"pkt_ts_usec":915516,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1383822123915,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1383822123915,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822124,"pkt_ts_usec":212807,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822126,"pkt_ts_usec":212337,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822128,"pkt_ts_usec":212399,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","type":38} -00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1383822129889,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1383822129889,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00422{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":889928,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CJdAAIAGvzrAqAH81FOb+sfmAbsbVwNmAAAAAIACIAAzvwAAAgQFtAEDAwgBAQQC"} -00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1841,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1383822129897,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1841,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1383822129897,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00422{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1841,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":897135,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CJhAAIAGdgbAqAH8W49d8sfnAbtnuw7MAAAAAIACIACSwAAAAgQFtAEDAwgBAQQC"} 00423{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1842,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":949318,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGFtLUU5v6wKgB\/AG7x+atYj18G1cDZ4ASOQgvyAAAAgQFtAEBBAIBAwMH"} 00414{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1843,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":951535,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCJlAAIAGv0TAqAH81FOb+sfmAbsbVwNnrWI9fVAQAQCoogAAAAAAAAAA"} 00423{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1844,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":961527,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x+fD3pw1Z7sOzYASOQgZlAAAAgQFtAEBBAIBAwMH"} 00414{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1845,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":962943,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCJpAAIAGdhDAqAH8W49d8sfnAbtnuw7Nw96cNlAQAQCSbgAAAAAAAAAA"} 00693{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1846,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":965354,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"pkt":"UlQA2EYhUlQAWul3CABFAAD5CJtAAIAGvnHAqAH81FOb+sfmAbsbVwNnrWI9fVAYAQBc+gAAFgMBAMwBAADIAwFSe4E3FMYInxr2a\/LGdBo7iY6X3woxpwwwB2E4X+3g5wAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAFcAAAATABEAAA53d3cudDNpM3J1LmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1846,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1383822129889,"flow_last_seen":1383822129965,"flow_tot_l4_data_len":313,"flow_min_l4_data_len":20,"flow_max_l4_data_len":229,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1846,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1383822129889,"flow_last_seen":1383822129965,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00697{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":972457,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"pkt":"UlQA2EYhUlQAWul3CABFAAD9CJxAAIAGdTnAqAH8W49d8sfnAbtnuw7Nw96cNlAYAQCN\/AAAFgMBANABAADMAwFSe4E3htlD0jNwndR+1ou7jED0jjAcq7bR5WAiBXnUvwAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAFsAAAAXABUAABJ3d3cuZ2Z1N2hieHBmcC5jb20ACwAEAwABAgAKADQAMgABAAIAAwAEAAUABgAHAAgACQAKAAsADAANAA4ADwAQABEAEgATABQAFQAWABcAGAAZ"} -00819{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1383822129897,"flow_last_seen":1383822129972,"flow_tot_l4_data_len":317,"flow_min_l4_data_len":20,"flow_max_l4_data_len":233,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00830{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1383822129897,"flow_last_seen":1383822129972,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00406{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1848,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":21438,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAooqlAADEGdDTUU5v6wKgB\/AG7x+atYj19G1cEOFAQAHuoVgAA"} 01412{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":23500,"pkt_caplen":797,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":797,"pkt_l4_len":763,"pkt":"UlQAWul3UlQA2EYhCABFAAMPoqpAADEGcUzUU5v6wKgB\/AG7x+atYj19G1cEOFAYAHuyMAAAFgMBADkCAAA1AwFSe3L53X2pEnJ+sMNK7yLUj\/W6pO2+NRex4VwJn0DBEwDAEwAADf8BAAEAAAsABAMAAQIWAwEBywsAAccAAcQAAcEwggG9MIIBJqADAgECAgggWXsb82yVFTANBgkqhkiG9w0BAQUFADAhMR8wHQYDVQQDExZ3d3cud29oZ3BhczQ1ajZ1Y3cuY29tMB4XDTEzMDkxMTAwMDAwMFoXDTEzMTEyNDIzNTk1OVowITEfMB0GA1UEAxMWd3d3LjdkNDNhaDJraWtyYWJqLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyklKQGQkcctz93HgInj2t1gLlEeTreYlTjt5cVuEnkRhvnpxBBhUZcDOSffaAx9+S0RFFDudqL8\/TeDZIwrCCOxcwFVb+zUytTfEc8ly5MA1G7S5d2I\/x5yvg04rZJRI9\/q5ks8spXJHHzSyzwoRTx50l96ITtI3yPQNeVSHVUcCAwEAATANBgkqhkiG9w0BAQUFAAOBgQC38KFCTBghhDrxpOEFUDAKZE4bCRug43WMb6jvNo\/BPXQ48wsYWM\/S+47KwCPqXVUNCDyMF+wvJ2aRBnR37D+\/ayO\/p7RlBCVwDONA9IZk20eslgIepjkM58HbyrjYv5PJpyqgB0BsDzJJ400K0\/0xL29Q2pOCbmf5\/QOa\/soHuhYDAQDLDAAAxwMAF0EEqppowQXXYJtKnNsDr3CjDoKRPdSy8GzPWFf2pW59bta1CDBd2K0DAFHTa+02CMVDmRNatXtDgujISj+n9Smk7QCAb3zAMJEE0ZhtRVfh24BgLQXvLqOzphBWw67izOerVVz4biNemHUEOkNwxD+9oynPQgMUOQR3MDvw5YUW7GSS7yczMzYXquDqWDrOY8Ns7gaPrsQ1YbSUTuO7mrfNLqHYD1sSjpyqfIn2S3zLLZ7+opf6vOO4LybO3Wf9JdFNFCsWAwEABA4AAAA="} -00945{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1383822129889,"flow_last_seen":1383822130023,"flow_tot_l4_data_len":1096,"flow_min_l4_data_len":20,"flow_max_l4_data_len":763,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.wohgpas45j6ucw.com","issuerDN":"CN=www.7d43ah2kikrabj.net","fingerprint":"F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B"}} +00955{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1383822129889,"flow_last_seen":1383822130023,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":743,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.wohgpas45j6ucw.com","issuerDN":"CN=www.7d43ah2kikrabj.net","fingerprint":"F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B"}} 00591{"flow_id":11,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1850,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":28263,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"UlQA2EYhUlQAWul3CABFAACuCJ1AAIAGvrrAqAH81FOb+sfmAbsbVwQ4rWJAZFAYAP37zgAAFgMBAEYQAABCQQQirs+7bZ92YZQcxZd+2DqfqldWcJ\/uP\/ceE0gwSB7sufju+Ou\/tmWkLRzvFyBtO+ky9kbj5Lk5KBHB2Iw8kEPgFAMBAAEBFgMBADD1vChkZBoQ7JL0US4P8m+ntzIHU6Wo0YrvCmKRLKn0gkpxAE5NLpPezGJYavoceMs="} 00406{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1851,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":43639,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAoVpRAAC4GehZbj13ywKgB\/AG7x+fD3pw2Z7sPolAQAHuSHgAA"} 01420{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":47877,"pkt_caplen":802,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":802,"pkt_l4_len":768,"pkt":"UlQAWul3UlQA2EYhCABFAAMUVpVAAC4Gdylbj13ywKgB\/AG7x+fD3pw2Z7sPolAYAHsRlAAAFgMBADkCAAA1AwFSe3Mya1gXPjAm53azNqffVZKBFeKBDmPnY4w6w9WrzADAEwAADf8BAAEAAAsABAMAAQIWAwEB0AsAAcwAAckAAcYwggHCMIIBK6ADAgECAghNHmd17ZYxhDANBgkqhkiG9w0BAQUFADAkMSIwIAYDVQQDExl3d3cueGtnazdmZHgzNjJ5eXl4aWIuY29tMB4XDTEzMTAwMzAwMDAwMFoXDTEzMTExODIzNTk1OVowIzEhMB8GA1UEAxMYd3d3Lmc2Z2h2aXNldmYzaWJ1dTUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHZ8HsrDd3h3QHNwmeQmsZhanoLQrgAdOGeNpqPnN8EeEfWHfAhERw2P2X\/65ntH30P1+pO341gfmDPiVnWKrKbdemOhWc5+hwLlrFMBHRwZhKfLV209jv90DdPiH2IEACikyepIw6POeuekcFmqTOmoCEJTbNBSj+8LU10shZzwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAAld0vA63k+sJBP0ASZPfowRgyf+KO3kn9u3Vfn7j2WGuu25E+hu31LvqyGY8p7YDhLtCfkLQW1kVQfVdYZigxa2W4XZzHJjJYQrJ4F3JAYrDHIJCSkFotsj+MHGvK8RMtwgWN\/DmTm0H+ElopdeZ6A1Yuf68M1eu+xcwU2J0cvXFgMBAMsMAADHAwAXQQSv97\/ilH42iFMoakelVTbrRTFAZqGEhYWR4S3V07Pyvxs1FvawqYKlRiM9gWAzXMX3bH1mpgVzLKUzeldVvvMfAIBVo+FA8tVYJ+HmyEdPa4Bdq+fFwyKjkuUjQTrHZKNrhamWl\/lB\/Ebo5CHux4Al+fZgZ3+QV\/Qd226bY9RwWJMGz\/2mP\/I1NkneJVmd+dkjXIeap\/WZmuZpe7HnTO5Mr1\/5mFqkmCL0boxqqxqxKDf58gCY\/Dfggk9bCoIClc40qBYDAQAEDgAAAA=="} -01031{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1383822129897,"flow_last_seen":1383822130047,"flow_tot_l4_data_len":1105,"flow_min_l4_data_len":20,"flow_max_l4_data_len":768,"flow_avg_l4_data_len":184,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","issuerDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}} +01041{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1383822129897,"flow_last_seen":1383822130047,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":961,"flow_avg_l4_payload_len":160,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","issuerDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}} 00592{"flow_id":12,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1853,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":52242,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"UlQA2EYhUlQAWul3CABFAACuCJ5AAIAGdYbAqAH8W49d8sfnAbtnuw+iw96fIlAYAP2\/YgAAFgMBAEYQAABCQQTOrOIMUq8r6n1aKYiNs7U2FFNAVDNnCvPBG2\/LKMvoSWVofCBD3sAosTws5sK\/9czSs3fhclBVGnT2zMaH3JdCFAMBAAEBFgMBADAuL1gg35pDGio6a0sJwrrveSJC9yOSrYPI1ot\/w0ux0mAKfgjlBtwnXbCgD70pNiU="} 00489{"flow_id":11,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":87045,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"UlQAWul3UlQA2EYhCABFAABjoqtAADEGc\/fUU5v6wKgB\/AG7x+atYkBkG1cEvlAYAIO3AgAAFAMBAAEBFgMBADDfL2A9XXe6ItVkvPujf8ZlF9xDBUk6le1K6Q6vBc+xdpwWP5E1hcztjRUOvKJL2iM="} 00511{"flow_id":11,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1855,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":88305,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"UlQA2EYhUlQAWul3CABFAAByCJ9AAIAGvvTAqAH81FOb+sfmAbsbVwS+rWJAn1AYAP2ryQAAFwMBACDOqfI9\/1zpoMalpFDIOq\/+t2OKhFCF0\/8W1gJZQrk9KhcDAQAgdqvsCDJjPYM1XmS1wYHUGxKvFb4w\/k11fkDeEVu2xhM="} @@ -255,15 +255,15 @@ 01204{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1868,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":265485,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyCKVAAIAGvO7AqAH81FOb+sfmAbsbVwdSrWJGqVAYAQC4GwAAFwMBACDFSvr+d\/a8SxY\/MRGL7d7bbuedWRMGsboWG\/MyOHFANxcDAQIgpjhLHHmpnkUvTkzSmmX06lIrigiP6O2YGeNrjBqcUKAg0V5n04hnKawS4oV3ArwURsxbSqTy7nYCs5KiFnKnwi730wK5bay5XMFaFmjdjmKYZSW64Y0QNegmAn8DqakiaeHV87kzGgz3L9ox61bWiC7ouRVLhzhTBTst37kLzy4TNJ0GnKImOj5PufZsdM+oCGA2mvANTfeJutkC6ZMcW98j+pnuFaSHZzEegAuoGbIri50vuCfmrI2ykVCIM9NHhe9ybbly8c3tpXnB7ABcxCwT9cacO8yaW32GDXf0T2TNHRQBR8ftn3ArezELLiB+r\/QDebccDRa2eZtwv2TQLf+BNxJIfC26FMUwNp\/bjbZ2ljD5pQMxBFWet2NCvrAp+ghJEuezGbgv6C5rt8UW64fKEqFi5BkU51c8Olr31vNS6W7u39ITzaSwxhpbi68BFr3Rgd\/GyFPAVUVRnYWjC3W5C6vQVoV7Aby3obieH9X+LnXS6ZQbtgqerkwfF8KrGQotnTRdzUKW4z9tkcE0UuVe7uIeuC9HJsmkSSo3J519HAgZFVRecMir2db0k+I5GUB0IixS\/iYrCMdQWisoKFLfUljPOUI5aqKo36qAQO14+eb9abwMSo3q9Ox\/s+P\/TpXIDhzGRU3esXRnHYI+TtA6jgEY\/nm1hg0DjrFdYHYoOUETQ2zqC1kbLLgkWACGgfOjypLmJyMKImn7bnn9Kg=="} 00408{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1872,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":328617,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAoVplAAC4GehFbj13ywKgB\/AG7x+fD3qV3Z7sSvFAQAIyFsgAA"} 01210{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1873,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":329179,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyCKdAAIAGc7nAqAH8W49d8sfnAbtnuxK8w96ld1AYAQCeOAAAFwMBACAz5YAEXPD9Qp6lyJHqu1BSVaHO73GRNQm8Htgf0+c9mxcDAQIggGSqd7QMnsJ4kHJMLOklbVLNgwUP\/EkZy7W3NwFozzCote80AtSk7sn6fxe8acuFRFCQKIbQM5JkKbLFJdsaVBQIS8KJ3mJqEcN17ES7yv5X7kmwtAY0Oj+Qn\/O4MiKZiIbqCXUuIXBs30w6k5i1XKkR\/YjI1yzaosB78mCP1N+MitRHHOzKJ9BIN4RckCB0ahIg+SW3srzVgs\/hUNP4hLSwA9r1bn6Wx+XHvuNF74KSSRthK+UB\/PbjZmI13OCt6kBCakhFRLo4xd1Znv2Pfbt7FqyHdLdHCBcsGD5Uvdtw8qWMKPEXLk4NoW11tQXMBdwCgl\/xGuIkXESj2qcd+a6G\/U6B0dEP6RlAAX7I5nDrY50PtBQ94gZLzKB2qfFxI3h0QACydQDa1E2U\/DYgZWjvoy4r8eOXazr+Kwq8DkGePJs8qqu1PjYknNmPq\/hHKHLKZUAJ1IBCeVI4vX+BTiiooRLb09iC6svjWG00Y\/b+8hUWDkM60gjsOfnXmKe2Gmtai4EAK1BhjnT\/RDUesrNd1VdrsxdUqjj8s3SAUTlKeqcxkD3BLawtjcU5vI\/ChZmMJyoWadYf6Jq7tFuHIfLRmpSVDM39OBv8K4ikJC\/r5Tb12+qassYZfOLPbD\/SvIb+tyWIo\/\/o3GZf3Ucp04R7Pi0FoX8Ifpgv2ENVeAXzErpm7zVYy8TvEmUz3OuTxmPK6l0aAG8fU4fQnhW+nQ=="} -00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1383822130889,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1383822130889,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00422{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":889737,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CK1AAIAGwljAqAH8JuVGNcfoAbv0twffAAAAAIACIABZFwAAAgQFtAEDAwgBAQQC"} 00423{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":33681,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x+hg0\/cE9LcH4IASOQjoIwAAAgQFtAEBBAIBAwMK"} 00413{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1892,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":34064,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCK9AAIAGwmLAqAH8JuVGNcfoAbv0twfgYNP3BVAQAQBhAQAAAAAAAAAA"} 00692{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":34778,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"UlQA2EYhUlQAWul3CABFAAD6CLBAAIAGwY\/AqAH8JuVGNcfoAbv0twfgYNP3BVAYAQATzQAAFgMBAM0BAADJAwFSe4E45UNCHF+9nmoqAUUyRuC4BvKCHcuaRNsIL6pQWAAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAFgAAAAUABIAAA93d3cuam10czJpZC5jb20ACwAEAwABAgAKADQAMgABAAIAAwAEAAUABgAHAAgACQAKAAsADAANAA4ADwAQABEAEgATABQAFQAWABcAGAAZ"} -00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1383822130889,"flow_last_seen":1383822131034,"flow_tot_l4_data_len":314,"flow_min_l4_data_len":20,"flow_max_l4_data_len":230,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00748{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1383822130889,"flow_last_seen":1383822131034,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00408{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1894,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":183159,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAogW9AADQGlaIm5UY1wKgB\/AG7x+hg0\/cF9LcIslAQABBhHwAA"} 01663{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":220406,"pkt_caplen":983,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":983,"pkt_l4_len":949,"pkt":"UlQAWul3UlQA2EYhCABFAAPJgXBAADQGkgAm5UY1wKgB\/AG7x+hg0\/cF9LcIslAYABCPDQAAFgMBADECAAAtAwFSe3MzJnpApPNpEflNBeQT+wMfGN8EfVfDfSCJ1CHhSgAAOQAABf8BAAEAFgMBAcsLAAHHAAHEAAHBMIIBvTCCASagAwIBAgIIQu7SDsoDvGgwDQYJKoZIhvcNAQEFBQAwITEfMB0GA1UEAxMWd3d3LmdnNTYyaXpjeGR2cWRrLmNvbTAeFw0xMzA5MTUwMDAwMDBaFw0xNDAyMjEyMzU5NTlaMCExHzAdBgNVBAMTFnd3dy5mY3N5dm5sZW13eHY1cC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJQ5+9Jafzi9QKeOG1kHDMDsvWpuxkXpeqU5V0auc99fup3dK8JdNTGzu3St2C7rtsHg\/aOI\/RD9LBPI3jkM\/bU0HyaJ3ATnGMkGr5BqkEX3ztOgHRZwu+TnTmi+fZZYOYr6X\/P1TAaEG\/JhZstA4GTErKlTy7h8CUyjLfJJOEhDAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAczayP3BW1GC9VJrrjJIooGh9+Wn4OGeizzpTmcCFI8IoeRhpPTIKqepFXqDaxPlMKybjBOaBnrwjugwfJouvDQ5AWM8LmNJinE97MZJTCtJdki6wMXqQ\/ENtzXqVsU9szKRr4KBKbjpnMQxheyATYof7q025Meevj610uNi4SCIWAwEBjQwAAYkAgNZ95EDLu9wZNtaT00r9CtUMhNI5pF9SC7iBdMuYvOlRhJ+RLmOccvsTtLTXF34W1VrBebpCCyop\/jJKRnpjXoH\/WQE3e+3c\/TMWikYarTty2uiGAHgEWwen28p4dAh9FRDqn8yd3TMFB91i24iuqnR94PTW4r1osOc5Pg8kIY6zAAECAICTjLv4dzbQkY4v+6c0tODTLPLUqpNj9udRk8Y5oVDxQec9DISv\/Q0OumZb9e9ll5wRwIEXxwVEOFM8Zk7VR4yvxN9ykEmlw9419WCYJtUgx5zCtQLvohpLrdz+KVdNF7f8BvF9kFE63nikb7K7Z17dZMj\/1ql3DTeHgdk9yw81yACAjddiRyq9Wcm6MZOMF0YAyjYY2sKmLvYg01bPUt\/KNhSxOpXIEHegbPMrbIHKvNT+7w8eAmj4pYQmubnfUL+Uj1iDQbNgSR2mn642+8mQSG60moMsBVPLLA9EvmzLv1gcuBhCiJcGvwEu1dlI9t0c613woXTslAdeYNWIZ8noJgsWAwEABA4AAAA="} -00942{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1383822130889,"flow_last_seen":1383822131220,"flow_tot_l4_data_len":1283,"flow_min_l4_data_len":20,"flow_max_l4_data_len":949,"flow_avg_l4_data_len":213,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","issuerDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}} +00953{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1383822130889,"flow_last_seen":1383822131220,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1139,"flow_avg_l4_payload_len":189,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","issuerDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}} 00679{"flow_id":13,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1897,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":230750,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"pkt":"UlQA2EYhUlQAWul3CABFAADuCLJAAIAGwZnAqAH8JuVGNcfoAbv0twiyYNP6plAYAP1iWwAAFgMBAIYQAACCAIC489sTVZq\/GrKwFJ77i9pUjo8mUMWtC+3TfOvVv3\/lZeMgGHHRgTuax8BoSKz6hvfA1XyfqMyXXhhXL\/hmqpwL9+xMKjSKeC1\/nBFQNGi1R9BX0jpaOpJQL\/tEkXCPrXGMaMRX6FbhYcsf0y1KKo8nlIUSjgfqR7Uu68BU+P0kTBQDAQABARYDAQAwR5He0W0\/mJ2cp4A+CQ7sLCv+qfOQ89lzDZTa6EzlNuKFpcImS+UZUc6RvdwtbKaR"} 00490{"flow_id":13,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1898,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":384005,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"UlQAWul3UlQA2EYhCABFAABjgXFAADQGlWUm5UY1wKgB\/AG7x+hg0\/qm9LcJeFAYABE5sQAAFAMBAAEBFgMBADDGp5YJU4NYfAXlehYJRQ2odQmJNNLuW3og1BToTR83Gb0PCN+omLLmSnduJdxzfxE="} 00509{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1899,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":384736,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"UlQA2EYhUlQAWul3CABFAAByCLNAAIAGwhTAqAH8JuVGNcfoAbv0twl4YNP64VAYAPyWYgAAFwMBACD5OA5hWmwcr3qvvvlx80AhOaZ3HeL86UCzuBfLPvgmkBcDAQAg9ZKvZ3vwmeoBnpaDZ9egruCXkAuHZkA8B+2\/ifVrt+I="} @@ -275,7 +275,7 @@ 00408{"flow_id":13,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1905,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":785482,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAogXVAADQGlZwm5UY1wKgB\/AG7x+hg1ADr9LcMDFAQABJT3QAA"} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822132,"pkt_ts_usec":212345,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","type":38} -00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1383822123915,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1383822123915,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822134,"pkt_ts_usec":212476,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822136,"pkt_ts_usec":212325,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -296,12 +296,12 @@ 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822152,"pkt_ts_usec":212240,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","type":38} -00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1953,"source":"tor.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1383822153962,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1953,"source":"tor.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1383822153962,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00594{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1953,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822153,"pkt_ts_usec":962104,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1953,"source":"tor.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1383822153962,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1953,"source":"tor.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1383822153962,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822154,"pkt_ts_usec":212265,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","type":38} -00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1383822153962,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1383822153962,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822156,"pkt_ts_usec":212208,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822158,"pkt_ts_usec":212282,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -330,27 +330,27 @@ 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2061,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822182,"pkt_ts_usec":212191,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","type":38} -00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2067,"source":"tor.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1383822184001,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2067,"source":"tor.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1383822184001,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00592{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2067,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822184,"pkt_ts_usec":1176,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2067,"source":"tor.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1383822184001,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2067,"source":"tor.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1383822184001,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822184,"pkt_ts_usec":212229,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822186,"pkt_ts_usec":212454,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822188,"pkt_ts_usec":212408,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","type":38} -00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1383822184001,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1383822184001,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822190,"pkt_ts_usec":212084,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","type":38} -00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1383822190886,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1383822190886,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00422{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822190,"pkt_ts_usec":886155,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0COtAAIAGZnzAqAH8PtKJ5sfxAbspsDzeAAAAAIACIACTeAAAAgQFtAEDAwgBAQQC"} 00424{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822190,"pkt_ts_usec":950538,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGvmc+0onmwKgB\/AG7x\/Gvhi1nKbA834ASOQidcgAAAgQFtAEBBAIBAwMH"} 00414{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822190,"pkt_ts_usec":951036,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCOxAAIAGZofAqAH8PtKJ5sfxAbspsDzfr4YtaFAQAQAWTQAAAAAAAAAA"} 00705{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822190,"pkt_ts_usec":951387,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"pkt":"UlQA2EYhUlQAWul3CABFAAECCO1AAIAGZazAqAH8PtKJ5sfxAbspsDzfr4YtaFAYAQCdOAAAFgMBANUBAADRAwFSe4F0W8quv62S3\/7ygOUuf1KhU9yi6dM6uUHTsgpIIwAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAGAAAAAcABoAABd3d3cuNmd5aXA3dHFpbTdzaWViLmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="} -00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1383822190886,"flow_last_seen":1383822190951,"flow_tot_l4_data_len":322,"flow_min_l4_data_len":20,"flow_max_l4_data_len":238,"flow_avg_l4_data_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1383822190886,"flow_last_seen":1383822190951,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00408{"flow_id":16,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2076,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":21804,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAo\/HtAADEGwfc+0onmwKgB\/AG7x\/Gvhi1oKbA9uVAQAHsV+AAA"} 01408{"flow_id":16,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":37108,"pkt_caplen":794,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":794,"pkt_l4_len":760,"pkt":"UlQAWul3UlQA2EYhCABFAAMM\/HxAADEGvxI+0onmwKgB\/AG7x\/Gvhi1oKbA9uVAYAHv3EwAAFgMBADkCAAA1AwFSe3NuVwW3wewrm0Np+8gZfpw+6\/jzal\/O1PvTkdk53QDAEwAADf8BAAEAAAsABAMAAQIWAwEByAsAAcQAAcEAAb4wggG6MIIBI6ADAgECAgkAnJid7KPSoQwwDQYJKoZIhvcNAQEFBQAwIDEeMBwGA1UEAxMVd3d3LmEzdXljZGYzcm41bWQuY29tMB4XDTEzMTEwMjAwMDAwMFoXDTE0MDIxNzAwMDAwMFowHjEcMBoGA1UEAxMTd3d3Lmw3eHZ5c2ZudmtiLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0E2BOtnhLWOrZ8fxoxHjGhRWK1of38SpSBNg5b\/k4kfDQHGdL4hq3fcEtr78BJMr4Zf+dYRrf\/i8rLos33njMgo8oJqA1j9vg7wEx0spYhdfQskm1dLeQGZDN8DvyEqgknxhybcPAzyUGQZRPqosoPpI5OTClxfRzUMzk7OKJS8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAm4jj3CZ6E1Ur8DviH98154vz0x1VeY822f6PAgvXyJtEympFvro6oRz0e84wk+8Qk0u0CdxDSjoRRjMK6lpFUg\/ercM64yiXv3o0lSyuqYxq\/SsO88j6J4ug5YwlK8Ehm1An0BaEAIegLyliXKN+BU5QRzDZbd+6KUfKBngbsihYDAQDLDAAAxwMAF0EEovB5\/SW2DTHDDu+OYi9steUmfdbRCgSfNJGR4sNXRhl4hDgZfzXk2twIBJG8Grnw6YRIQGWT5IV1zZmnjnqbwgCAJ5r93gRCIdpZBfFMdDkPE2+t\/hq3eVxsiAp1+p8jigUZ61y99H5SXlIgzrbD14E0t9D2JNq7y+mW7anG7udz8ud8\/ae4433FISa8H+fPWATMTLX2XMO5nykP2OL2RzB12Z2Luv3SScQUiuIYkRAZLPfzndYQO4drRpTnAK0HOmMWAwEABA4AAAA="} -00950{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1383822190886,"flow_last_seen":1383822191037,"flow_tot_l4_data_len":1102,"flow_min_l4_data_len":20,"flow_max_l4_data_len":760,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","issuerDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0"}} +00960{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1383822190886,"flow_last_seen":1383822191037,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":958,"flow_avg_l4_payload_len":159,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","issuerDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0"}} 00591{"flow_id":16,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2078,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":41090,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"UlQA2EYhUlQAWul3CABFAACuCO5AAIAGZf\/AqAH8PtKJ5sfxAbspsD25r4YwTFAYAP0z3gAAFgMBAEYQAABCQQRyKTQEXNEYBPZV3\/zEfTQkWpNPJBiGRL97y9vdutfsluomI+BM\/wATV9EXLZXU4z9ZBfdBaPDrleVfhRSEO4dsFAMBAAEBFgMBADDeTPLuhZGymstjqXonoYXbszTd6MvHlO4reIE7DIAVoLx2Ew2CndrSlYijv1enZdc="} 00492{"flow_id":16,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2079,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":163678,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"UlQAWul3UlQA2EYhCABFAABj\/H1AADEGwbo+0onmwKgB\/AG7x\/GvhjBMKbA+P1AYAIMjzwAAFAMBAAEBFgMBADAMkj8NEfgHVt41gvVoGZmSjJhPRcEYixw81Fk5SSn\/jCrlEY8yRundvc02RY4WwzM="} 00509{"flow_id":16,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2080,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":164491,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"UlQA2EYhUlQAWul3CABFAAByCO9AAIAGZjrAqAH8PtKJ5sfxAbspsD4\/r4Ywh1AYAP2+LAAAFwMBACBL1ibhXCdYHNj2E4PTgng+oqeH24GkH8CHyZvt8J3ixBcDAQAgEkRPKK9bVsaEt1jzbATo6gi5Jrhe3QmS4lNa9Qi2Z+w="} @@ -382,23 +382,23 @@ 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2577,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822212,"pkt_ts_usec":212113,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","type":38} -00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2685,"source":"tor.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1383822214039,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2685,"source":"tor.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1383822214039,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00593{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2685,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822214,"pkt_ts_usec":39100,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2685,"source":"tor.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1383822214039,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2685,"source":"tor.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1383822214039,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822214,"pkt_ts_usec":212221,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822216,"pkt_ts_usec":212093,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","type":38} -00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1383822217531,"flow_last_seen":0,"flow_tot_l4_data_len":97,"flow_min_l4_data_len":97,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1383822217531,"flow_last_seen":0,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00542{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822217,"pkt_ts_usec":531372,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDIMBZjPcAAgAAgAAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} -00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1383822217531,"flow_last_seen":0,"flow_tot_l4_data_len":97,"flow_min_l4_data_len":97,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} +00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1383822217531,"flow_last_seen":0,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822218,"pkt_ts_usec":212163,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","type":38} 00542{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2800,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822218,"pkt_ts_usec":758583,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDB8BZjPcAAgAAgBkAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822220,"pkt_ts_usec":212053,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","type":38} 00542{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2863,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822220,"pkt_ts_usec":774203,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhC1cBZjPcAAgAAgEsAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} -00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2870,"source":"tor.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1383822214039,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2870,"source":"tor.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1383822214039,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822222,"pkt_ts_usec":212047,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2936,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822224,"pkt_ts_usec":212144,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -423,9 +423,9 @@ 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3234,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822242,"pkt_ts_usec":212027,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","type":38} -00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3491,"source":"tor.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1383822244096,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3491,"source":"tor.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1383822244096,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00593{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3491,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822244,"pkt_ts_usec":96142,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3491,"source":"tor.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1383822244096,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3491,"source":"tor.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1383822244096,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822244,"pkt_ts_usec":212056,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3654,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822246,"pkt_ts_usec":212005,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -435,7 +435,7 @@ 00542{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3714,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822248,"pkt_ts_usec":944702,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhAAMBZjPcAAgAAgyAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822250,"pkt_ts_usec":211939,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","type":38} -00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1383822244096,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1383822244096,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822252,"pkt_ts_usec":211970,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3735,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822254,"pkt_ts_usec":212017,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} @@ -458,17 +458,17 @@ 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3855,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822272,"pkt_ts_usec":211953,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","type":38} -00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3857,"source":"tor.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1383822274144,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3857,"source":"tor.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1383822274144,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00594{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3857,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822274,"pkt_ts_usec":144364,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3857,"source":"tor.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1383822274144,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} +00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3857,"source":"tor.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1383822274144,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822274,"pkt_ts_usec":212080,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","type":38} 00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822276,"pkt_ts_usec":211998,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","type":38} -00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":38,"flow_first_seen":1383822129897,"flow_last_seen":1383822265221,"flow_tot_l4_data_len":11192,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":294,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1383822274144,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} -00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1383822217531,"flow_last_seen":1383822248944,"flow_tot_l4_data_len":582,"flow_min_l4_data_len":97,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} -00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":29,"flow_first_seen":1383822190886,"flow_last_seen":1383822265123,"flow_tot_l4_data_len":8633,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":297,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":32,"flow_first_seen":1383822129889,"flow_last_seen":1383822265160,"flow_tot_l4_data_len":9301,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":290,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1826,"flow_first_seen":1383822130889,"flow_last_seen":1383822265215,"flow_tot_l4_data_len":1448416,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":793,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":38,"flow_first_seen":1383822129897,"flow_last_seen":1383822265221,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10408,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1383822274144,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1383822217531,"flow_last_seen":1383822248944,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":534,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} +00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":29,"flow_first_seen":1383822190886,"flow_last_seen":1383822265123,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8029,"flow_avg_l4_payload_len":276,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":32,"flow_first_seen":1383822129889,"flow_last_seen":1383822265160,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8625,"flow_avg_l4_payload_len":269,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} +00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1826,"flow_first_seen":1383822130889,"flow_last_seen":1383822265215,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1411596,"flow_avg_l4_payload_len":773,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test"} |