diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-03-13 02:28:10 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-03-13 02:28:10 +0100 |
| commit | ed1647b9446f84d81d41e8e28ccf063eff97b2f7 (patch) | |
| tree | 7f22929aca611955ea129dc0afee839bb63872bf /test/results/tor.pcap.out | |
| parent | dd35d9da3fd43f1091b8ec496ec25d72e54d8e22 (diff) | |
Disconnect nDPIsrvd clients immediately instead waiting for a failed write().
* nDPIsrvd: Collector/Distributor logging improved
* nDPIsrvd: Command line option for max remote descriptors
* nDPId: Stop spamming nDPIsrvd Collector with the same events over and over again
* nDPId: Refactored some variable names and events
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/tor.pcap.out')
| -rw-r--r-- | test/results/tor.pcap.out | 568 |
1 files changed, 284 insertions, 284 deletions
diff --git a/test/results/tor.pcap.out b/test/results/tor.pcap.out index 74de7c81d..4a57e1d25 100644 --- a/test/results/tor.pcap.out +++ b/test/results/tor.pcap.out @@ -1,167 +1,167 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tor.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00461{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1383821660212} -00345{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00191{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821660212} -00345{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00191{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821662212} -00345{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00191{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821664212} +00331{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00177{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821660212} +00331{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00177{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821662212} +00331{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00177{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821664212} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821665420,"flow_last_seen":1383821665420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383821665420,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1383821665420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821665420,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A15AAIAGe0DAqAH8W49d8semAbvp\/8nSAAAAAIACIABVtgAAAgQFtAEDAwgBAQQC"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1383821665491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821665491,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x6b4Wbj86f\/J04ASOQiLRwAAAgQFtAEBBAIBAwMH"} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1383821665491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821665491,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA19AAIAGe0vAqAH8W49d8semAbvp\/8nT+Fm4\/VAQAQAEIgAAAAAAAAAA"} 00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821665420,"flow_last_seen":1383821665498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1383821665498,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01160{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821665420,"flow_last_seen":1383821665606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1383821665606,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}} -00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821666164,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821666212} +00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821666164,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821666212} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821666407,"flow_last_seen":1383821666407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383821666407,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1383821666407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821666407,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A2hAAIAG0l3AqAH8Ljs0H8enAbvpjJYYAAAAAIACIADhCQAAAgQFtAEDAwgBAQQC"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1383821666480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821666480,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAACwGKcYuOzQfwKgB\/AG7x6cxNPZ86YyWGYASchBnNQAAAgQFtAEBBAIBAwMK"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1383821666481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821666481,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA2lAAIAG0mjAqAH8Ljs0H8enAbvpjJYZMTT2fVAQAQAZGwAAAAAAAAAA"} 01195{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821666407,"flow_last_seen":1383821666482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1383821666482,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01407{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821666407,"flow_last_seen":1383821666558,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":749,"flow_tot_l4_payload_len":971,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1383821666558,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.gmvuy6mtjbxevwo3w.com","subjectDN":"CN=www.bpcau5b3haif5els.net","fingerprint":"3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C"}} -00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821668066,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821668212} +00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821668066,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821668212} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821668403,"flow_last_seen":1383821668403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383821668403,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1383821668403,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821668403,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A3VAAIAGx5DAqAH8JuVGNceoAbuUs9YxAAAAAIACIADrCAAAAgQFtAEDAwgBAQQC"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1383821668547,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821668547,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x6iEDREglLPWMoASOQg8wAAAAgQFtAEBBAIBAwMK"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1383821668548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821668548,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA3ZAAIAGx5vAqAH8JuVGNceoAbuUs9YyhA0RIVAQAQC1nQAAAAAAAAAA"} 01198{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821668403,"flow_last_seen":1383821668548,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1383821668548,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01404{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821668403,"flow_last_seen":1383821668700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1383821668700,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}} -00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":80,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821669834,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":80,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821670213} -00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821669834,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821672213} +00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":80,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821669834,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":80,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821670213} +00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821669834,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821672213} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821673254,"flow_last_seen":1383821673254,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383821673254,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1383821673254,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1383821673254,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821673254,"flow_last_seen":1383821673254,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383821673254,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821674212} -00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":88,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":88,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821676212} -00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":89,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":89,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821678212} -00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":90,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":90,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821680212} -00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821682212} -00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":92,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":92,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821684212} -00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":93,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":93,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821686212} -00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":94,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":94,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821688212} -00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":95,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":95,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821690212} -00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":96,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":96,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821692212} +00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821674212} +00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":88,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":88,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821676212} +00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":89,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":89,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821678212} +00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":90,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":90,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821680212} +00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821682212} +00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":92,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821684212} +00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":93,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":93,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821686212} +00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":94,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":94,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821688212} +00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":95,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":95,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821690212} +00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":96,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":96,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821692212} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1383821693159,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1383821693159,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_msec":1383821693159,"pkt":"\/\/\/\/\/\/\/\/UlQAWul3CABFAADuA4EAAIARsTLAqAH8wKgB\/wCKAIoA2itVEQLJT8CoAfwAigDEAAAgRUZFT0VFRUpFQkVPQ05GQUVEQ0FDQUNBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAKgAAAAAAAAAAAOgDAAAAAAAAAAAqAFYAAwABAAEAAgA7AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABFTkRJQU4tUEMA"} 00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1383821693159,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821694212} -00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":99,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":99,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821696212} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":100,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":100,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821698212} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":101,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":101,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821700216} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":102,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":102,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821702213} +00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":98,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821694212} +00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":99,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":99,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821696212} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":100,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":100,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821698212} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":101,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":101,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821700216} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":102,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":102,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821702213} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1383821703288,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1383821703288,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":111,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821703723,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":111,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821704212} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":156,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821706194,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":156,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821706213} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":185,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821708161,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":185,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821708213} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":202,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821709736,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":202,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821710212} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":203,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821709736,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":203,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821712212} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":214,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821713855,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":214,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821714212} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":215,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821713855,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":215,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821716213} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":220,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821716551,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":220,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821718212} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":221,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821716551,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":221,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821720213} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":222,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821716551,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":222,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821722213} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":227,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821723995,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":227,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821724212} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":232,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821725008,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":232,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821726212} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":271,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821728040,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":271,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821728213} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":356,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821730181,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":356,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821730212} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":541,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821732198,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":541,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821732212} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":111,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821703723,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":111,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821704212} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":156,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821706194,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":156,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821706213} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":185,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821708161,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":185,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821708213} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":202,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821709736,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":202,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821710212} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":203,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821709736,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":203,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821712212} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":214,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821713855,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":214,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821714212} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":215,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821713855,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":215,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821716213} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":220,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821716551,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":220,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821718212} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":221,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821716551,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":221,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821720213} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":222,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821716551,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":222,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821722213} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":227,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821723995,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":227,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821724212} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":232,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821725008,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":232,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821726212} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":271,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821728040,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":271,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821728213} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":356,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821730181,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":356,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821730212} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":541,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821732198,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":541,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821732212} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1383821733324,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1383821733324,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":671,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821734087,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":671,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821734213} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":671,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821734087,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":671,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821734213} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1383821734359,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821734359,"pkt":"UlQA2EYhUlQAWul3CABFAAAoBE1AAIAGeHjAqAH8nTgeLsegAbuzcgvfGiCX\/lAUAAD2+QAAAAAAAAAA"} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":690,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821736176,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":690,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821736213} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":755,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821738213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":755,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821738213} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":806,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821740176,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":806,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821740212} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":828,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821741917,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":828,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821742213} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":848,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821744083,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":848,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821744213} -00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":889,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821746178,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":889,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821746213} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1027,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821748103,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1027,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821748212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1054,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821750028,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1054,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821750212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1069,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821752032,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1069,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821752213} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1074,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821752949,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1074,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821754213} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1093,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821756147,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1093,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821756213} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1106,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821757892,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1106,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821758213} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821760056,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821760213} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821762157,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821762212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821764094,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821764213} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821766193,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821766213} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1709,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821768150,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1709,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821768213} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1807,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821770180,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1807,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821770213} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1817,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821771201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1817,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821772213} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1818,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821771201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1818,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821774213} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1828,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1828,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821776213} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1829,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1829,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821778213} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1830,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1830,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821780213} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1831,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1831,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821782213} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821784213} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821786213} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822123915,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822124212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822123915,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822126212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822123915,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822128212} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":690,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821736176,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":690,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821736213} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":755,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821738213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":755,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821738213} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":806,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821740176,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":806,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821740212} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":828,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821741917,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":828,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821742213} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":848,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821744083,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":848,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821744213} +00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":889,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821746178,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":889,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821746213} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1027,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821748103,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1027,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821748212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1054,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821750028,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1054,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821750212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1069,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821752032,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1069,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821752213} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1074,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821752949,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1074,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821754213} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1093,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821756147,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1093,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821756213} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1106,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821757892,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1106,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821758213} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821760056,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821760213} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821762157,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821762212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821764094,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821764213} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821766193,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821766213} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1709,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821768150,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1709,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821768213} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1807,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821770180,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1807,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821770213} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1817,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821771201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1817,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821772213} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1818,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821771201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1818,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821774213} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1828,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1828,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821776213} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1829,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1829,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821778213} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1830,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1830,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821780213} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1831,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1831,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821782213} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821784213} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821786213} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822123915,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822124212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822123915,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822126212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822123915,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822128212} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822129889,"flow_last_seen":1383822129889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822129889,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1383822129889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822129889,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CJdAAIAGvzrAqAH81FOb+sfmAbsbVwNmAAAAAIACIAAzvwAAAgQFtAEDAwgBAQQC"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1841,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822129897,"flow_last_seen":1383822129897,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822129897,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -174,16 +174,16 @@ 01190{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822129897,"flow_last_seen":1383822129972,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1383822129972,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01153{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822129889,"flow_last_seen":1383822130023,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":743,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1383822130023,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.wohgpas45j6ucw.com","subjectDN":"CN=www.7d43ah2kikrabj.net","fingerprint":"F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B"}} 01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822129897,"flow_last_seen":1383822130047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":961,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1383822130047,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822130168,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822130216} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822130168,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822130216} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822130889,"flow_last_seen":1383822130889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822130889,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1383822130889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822130889,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CK1AAIAGwljAqAH8JuVGNcfoAbv0twffAAAAAIACIABZFwAAAgQFtAEDAwgBAQQC"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1383822131033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822131033,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x+hg0\/cE9LcH4IASOQjoIwAAAgQFtAEBBAIBAwMK"} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1892,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1383822131034,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383822131034,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCK9AAIAGwmLAqAH8JuVGNcfoAbv0twfgYNP3BVAQAQBhAQAAAAAAAAAA"} 00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822130889,"flow_last_seen":1383822131034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1383822131034,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01151{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822130889,"flow_last_seen":1383822131220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1139,"flow_avg_l4_payload_len":189,"midstream":0,"thread_ts_msec":1383822131220,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822132203,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822132212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822132203,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822132212} 00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":141,"flow_first_seen":1383821665420,"flow_last_seen":1383821774457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60720,"flow_avg_l4_payload_len":430,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}} @@ -191,162 +191,162 @@ 01047{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1383821666407,"flow_last_seen":1383821774461,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9246,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}} 01053{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1576,"flow_first_seen":1383821668403,"flow_last_seen":1383821774532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1301150,"flow_avg_l4_payload_len":825,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}} 00683{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1383821673254,"flow_last_seen":1383822123915,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":720,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822133931,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822134212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822136212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1945,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1945,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822138212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1946,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1946,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822140212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1947,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1947,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822142212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1948,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1948,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822144212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1949,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1949,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822146212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1950,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1950,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822148212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822150212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822152212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822154212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822156212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822158212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1957,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1957,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822160212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1958,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1958,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822162212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1959,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1959,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822164212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1960,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1960,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822166212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1961,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1961,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822168212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1975,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822170108,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1975,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822170212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1986,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822172115,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1986,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822172212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2022,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822174148,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2022,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822174212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2042,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822175546,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2042,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822176212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2058,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822178103,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2058,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822178212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2061,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822179522,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2061,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822180212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822180832,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822182212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822184212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822186212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822188212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822190212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822133931,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822134212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822136212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1945,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1945,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822138212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1946,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1946,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822140212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1947,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1947,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822142212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1948,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1948,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822144212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1949,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1949,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822146212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1950,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1950,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822148212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822150212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822152212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822154212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822156212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822158212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1957,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1957,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822160212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1958,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1958,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822162212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1959,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1959,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822164212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1960,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1960,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822166212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1961,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1961,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822168212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1975,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822170108,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1975,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822170212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1986,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822172115,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1986,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822172212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2022,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822174148,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2022,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822174212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2042,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822175546,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2042,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822176212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2058,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822178103,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2058,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822178212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2061,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822179522,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2061,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822180212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822180832,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822182212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822184212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822186212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822188212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822190212} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822190886,"flow_last_seen":1383822190886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822190886,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1383822190886,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822190886,"pkt":"UlQA2EYhUlQAWul3CABFAAA0COtAAIAGZnzAqAH8PtKJ5sfxAbspsDzeAAAAAIACIACTeAAAAgQFtAEDAwgBAQQC"} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1383822190950,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822190950,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGvmc+0onmwKgB\/AG7x\/Gvhi1nKbA834ASOQidcgAAAgQFtAEBBAIBAwMH"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1383822190951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383822190951,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCOxAAIAGZofAqAH8PtKJ5sfxAbspsDzfr4YtaFAQAQAWTQAAAAAAAAAA"} 00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822190886,"flow_last_seen":1383822190951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1383822190951,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01159{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822190886,"flow_last_seen":1383822191037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":958,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1383822191037,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","subjectDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0"}} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822192034,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822192212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2107,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822193390,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2107,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822194212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2136,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822196160,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2136,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822196212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2193,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822198129,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2193,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822198212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2231,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822200128,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2231,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822200212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2318,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822202193,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2318,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822202212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2421,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822204195,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2421,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822204212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2544,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822206019,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2544,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822206212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2564,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822207793,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2564,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822208213} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2577,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822209488,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2577,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822210212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822212140,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822212212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822214082,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822214212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822216211,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822216212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822192034,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822192212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2107,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822193390,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2107,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822194212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2136,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822196160,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2136,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822196212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2193,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822198129,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2193,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822198212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2231,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822200128,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2231,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822200212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2318,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822202193,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2318,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822202212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2421,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822204195,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2421,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822204212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2544,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822206019,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2544,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822206212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2564,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822207793,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2564,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822208213} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2577,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822209488,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2577,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822210212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822212140,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822212212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822214082,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822214212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822216211,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822216212} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822217531,"flow_last_seen":1383822217531,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1383822217531,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1383822217531,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_msec":1383822217531,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDIMBZjPcAAgAAgAAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822217531,"flow_last_seen":1383822217531,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1383822217531,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822218202,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822218212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822218202,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822218212} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2800,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1383822218758,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_msec":1383822218758,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDB8BZjPcAAgAAgBkAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822220042,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822220212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822220042,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822220212} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2863,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1383822220774,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_msec":1383822220774,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhC1cBZjPcAAgAAgEsAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822222154,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822222212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2936,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822224128,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2936,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822224212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2965,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822226175,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2965,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822226212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2976,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822227885,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2976,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822228212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2988,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822230193,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2988,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822230212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3004,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822232017,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3004,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822232211} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3018,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822233939,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3018,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822234211} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3036,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822236183,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3036,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822236212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3128,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822238164,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3128,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822238212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3234,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822240198,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3234,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822240212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822242141,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822242212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822244182,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822244212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3654,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822246194,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3654,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822246212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3712,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822248153,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3712,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822248212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822248944,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822250211} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822248944,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822252211} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3735,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822254127,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3735,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822254212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3752,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822255869,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3752,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822256211} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3810,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822257040,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3810,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822258212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822222154,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822222212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2936,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822224128,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2936,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822224212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2965,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822226175,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2965,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822226212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2976,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822227885,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2976,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822228212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2988,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822230193,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2988,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822230212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3004,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822232017,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3004,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822232211} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3018,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822233939,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3018,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822234211} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3036,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822236183,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3036,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822236212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3128,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822238164,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3128,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822238212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3234,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822240198,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3234,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822240212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822242141,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822242212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822244182,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822244212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3654,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822246194,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3654,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822246212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3712,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822248153,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3712,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822248212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822248944,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822250211} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822248944,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822252211} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3735,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822254127,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3735,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822254212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3752,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822255869,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3752,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822256211} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3810,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822257040,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3810,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822258212} 00480{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","packets-captured":3821,"packets-processed":3664,"total-skipped-flows":0,"total-l4-data-len":2806614,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":1,"current-active-flows":6,"total-active-flows":11,"total-idle-flows":5,"total-events-serialized":331,"global_ts_msec":1383822260212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822259716,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822260212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3826,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822262143,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3826,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822262211} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3833,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822264155,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3833,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822264211} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3853,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822265221,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3853,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822266211} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822265221,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3854,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822268211} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3855,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822265221,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3855,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822270212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822265221,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822272211} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822274144,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822274212} -00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822274144,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822276211} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822259716,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822260212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3826,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822262143,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3826,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822262211} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3833,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822264155,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3833,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822264211} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3853,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822265221,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3853,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822266211} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822265221,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3854,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822268211} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3855,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822265221,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3855,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822270212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822265221,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822272211} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822274144,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822274212} +00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822274144,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} +00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822276211} 01050{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1383822129897,"flow_last_seen":1383822265221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10408,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1383821673254,"flow_last_seen":1383822274144,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1383822217531,"flow_last_seen":1383822248944,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":534,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} @@ -366,6 +366,6 @@ ~~ total memory freed........: 4811059 bytes ~~ total allocations/frees...: 104890/104890 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 196 chars +~~ json string min len.......: 182 chars ~~ json string max len.......: 1412 chars -~~ json string avg len.......: 804 chars +~~ json string avg len.......: 797 chars |