diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2021-03-24 12:46:25 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2021-03-24 13:16:55 +0100 |
| commit | 1ab6b9e042060fab28be84f72af6df655d933f1d (patch) | |
| tree | 343cd32d3ea7a5de25e2dd223da3395dd2c39a1d /test | |
| parent | 77b4b88b1469161c19a3f6e5a319967a3f4445e9 (diff) | |
Updated test outputs and pinned travis-ci's nDPI git repo sync to a specific commit hash.
* fixed Makefile.old COpts hell
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test')
| -rw-r--r-- | test/results/aimini-http.pcap.out | 2 | ||||
| -rw-r--r-- | test/results/alexa-app.pcapng.out | 94 | ||||
| -rw-r--r-- | test/results/dtls_certificate_fragments.pcap.out | 2 | ||||
| -rw-r--r-- | test/results/ookla.pcap.out | 2 | ||||
| -rw-r--r-- | test/results/teams.pcap.out | 4 | ||||
| -rwxr-xr-x | test/run_tests.sh | 10 |
6 files changed, 57 insertions, 57 deletions
diff --git a/test/results/aimini-http.pcap.out b/test/results/aimini-http.pcap.out index c314298d5..b29bdccc0 100644 --- a/test/results/aimini-http.pcap.out +++ b/test/results/aimini-http.pcap.out @@ -5,7 +5,7 @@ 00423{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":384749,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95NL5kBKB+riCABFAAAwBQQAAH8GIfYKZgACCmUAAgBQb1Wbu5n7m7uF0nASgAEoVQAAAgQFtAMDAQA="} 00420{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":384755,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"5kBKB+riApXG95NLCABFAAAoBPoAAIAGAAAKZQACCmYAAm9VAFCbu4XSm7uZ\/FAQgAEU6QAAAAAAAAAA"} 01211{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":384782,"pkt_caplen":649,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":649,"pkt_l4_len":615,"pkt":"5kBKB+riApXG95NLCABFAAJ7BPsAAIAGAAAKZQACCmYAAm9VAFCbu4XSm7uZ\/FAYgAEXPAAAR0VUIC9tZW1iZXIvc2lnbnVwLyBIVFRQLzEuMQ0KWC1NVS1TZXNzaW9uLUlEOiA4MTA0NDY0NjkNCkhvc3Q6IHd3dy5haW1pbmkubmV0DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93czsgVTsgV2luZG93cyBOVCA2LjE7IGVuLVVTOyBydjoxLjkuMi4xNykgR2Vja28vMjAxMTA0MjAgRmlyZWZveC8zLjYuMTcNCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUNoYXJzZXQ6IElTTy04ODU5LTEsdXRmLTg7cT0wLjcsKjtxPTAuNw0KS2VlcC1BbGl2ZTogMTE1DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpSZWZlcmVyOiBodHRwOi8vd3d3LmFpbWluaS5uZXQvDQpDb29raWU6IEFOSUQ9M3RIOXlGZWt2WVIyd2dEMmlqTm1yYXUxMzk5YTN1Y3B2aDB1NkJYdkd0bkswVWEzMXlFNzVpUzRTcjJTS1ZKVzsgQUNQTD0zcXozOEozcWJqUVZXYlZ1Vk55WmVGeDlUSjJjNTN0WnU2dk1FWFRTWmx3eDROenNzbHg3OEdaZGtycDlBdFFKDQoNCg=="} -00729{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1614860229383,"flow_last_seen":1614860229384,"flow_tot_l4_data_len":747,"flow_min_l4_data_len":20,"flow_max_l4_data_len":615,"flow_avg_l4_data_len":124,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.aimini.net","url":"www.aimini.net\/member\/signup\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}} +00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1614860229383,"flow_last_seen":1614860229384,"flow_tot_l4_data_len":747,"flow_min_l4_data_len":20,"flow_max_l4_data_len":615,"flow_avg_l4_data_len":124,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}} 00420{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385479,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ApXG95WRWgXZu6TVCABFAAAoBPoAAH8GIggKZQACCmYAAm9VAFCbu4XSm7uZ\/FAQgAFUGQAAAAAAAAAA"} 01211{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385584,"pkt_caplen":649,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":649,"pkt_l4_len":615,"pkt":"ApXG95WRWgXZu6TVCABFAAJ7BPsAAH8GH7QKZQACCmYAAm9VAFCbu4XSm7uZ\/FAYgAEVCwAAR0VUIC9tZW1iZXIvc2lnbnVwLyBIVFRQLzEuMQ0KWC1NVS1TZXNzaW9uLUlEOiA4MTA0NDY0NjkNCkhvc3Q6IHd3dy5haW1pbmkubmV0DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93czsgVTsgV2luZG93cyBOVCA2LjE7IGVuLVVTOyBydjoxLjkuMi4xNykgR2Vja28vMjAxMTA0MjAgRmlyZWZveC8zLjYuMTcNCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUNoYXJzZXQ6IElTTy04ODU5LTEsdXRmLTg7cT0wLjcsKjtxPTAuNw0KS2VlcC1BbGl2ZTogMTE1DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpSZWZlcmVyOiBodHRwOi8vd3d3LmFpbWluaS5uZXQvDQpDb29raWU6IEFOSUQ9M3RIOXlGZWt2WVIyd2dEMmlqTm1yYXUxMzk5YTN1Y3B2aDB1NkJYdkd0bkswVWEzMXlFNzVpUzRTcjJTS1ZKVzsgQUNQTD0zcXozOEozcWJqUVZXYlZ1Vk55WmVGeDlUSjJjNTN0WnU2dk1FWFRTWmx3eDROenNzbHg3OEdaZGtycDlBdFFKDQoNCg=="} 02404{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385643,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"WgXZu6TVApXG95WRCABFAAXcBQUAAIAGAAAKZgACCmUAAgBQb1Wbu5n8m7uIJVAYgAEanQAASFRUUC8xLjEgMjAwIE9LDQpYLU1VLVNlc3Npb24tSUQ6IDgxMDQ0NjQ2OQ0KRGF0ZTogV2VkLCAwOCBKdW4gMjAxMSAwNjo1OToxNSBHTVQNClNlcnZlcjogQXBhY2hlDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCktlZXAtQWxpdmU6IHRpbWVvdXQ9NCwgbWF4PTEwMDAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgNCkNvbnRlbnQtTGVuZ3RoOiAxMDE2MA0KDQoyN2EzDQofiwgAAAAAAAD\/7X15c9u4lu\/\/qcp3QDN1Y3taliXZsiw70r2yLac1461lp\/ulpqZcFAlJ7FCkmosVTaa\/+5wF4KIFdvr2fVWv6iVdHZEAgYMfzg4Q\/DBNZn737ZsPU2m7+G\/iJb7sXkTSTqSwRSAXwnacMA0SsS+uhv3+D\/DvjZyNZPThgCvDUzOZ2GKaJPN9+XvqPXesizBIZJDsPy7n0hIOX3WsRH5NDrDLM2dqR7FMOmky3j+xsjYCeyY71n\/I5SKM3Ljw5Ke5H9puRVyGi4B\/PUALEv8JFxVxk8aeUxG\/eK4MK+IjtBJXxL1vL+H\/Mpz7crWLSxk7kTdPvDAo9IJtesFE2IErXC9OIm+UJnhjGaaRgK7FfBom0MMzdzTDbkUYiGTqxWIhR7GXyOpqX8NwFCbFwdi+b3UFVPK94IuIpI89h1HipIkYOEjRNJLjjoWInh4ceLNJ1fZmXuBVA5nApT2R8cHYfvagbhX+Z4kEcO5YVHLwdR\/vExF5++dh+GVmR1\/+mqaR9jhZwuRXoaFv53fDy\/5wfzj4+NPj6bt+\/6p+1RD1+VcRh77nnqnix7v703dX9Ge98Lp\/ZXj0\/O7x8e7m9N1l67LdL5X3Lv7j4\/Du0+2lbvqPt2+AptH30NRv9dubCv8Kmvr4l2iK4xWatkHxCpy2lWqaeo3zxvnJyziNVmm6bPZr\/d6fo6l2dXjVNOC01vRmmp6\/B6b++VXj6vLPwrT+9CaSkKjoKfmyyudGwi7pz1bCWvjXgNXa0wXCiKUYKyRrldW3tf2aKXyBrPWni3jRw4xX4rr1+qoIbpmqV8zjttLvnsdRANpqDGp4P\/b+W57Wm\/OvZ3Q5tmeevzz9RUauHdh8byG9yTQ5HYW+e7bw3GR6elLjZsZxsRHo9g+6OdvYdLEZJ\/TD6PRdo3F42GqdgXaW+1Murh82\/8atJE6xmZMVCi\/CGVicBzuIxc3D9g5qrdbV1Rma231XOmFko6E7DcJAUiclShuKfnuUfFPPXzbw78bnzwzwPTN8lcSehrN1FBm8WfBNjbl2VqZi63Auavh363Bmwei7mzxv4d\/tTSbbWqRBJPbIl982DR38B9s\/K3OH7rPZbPaavU3Tbn\/bCLV6rt48alxeYrXTaQgd6Vmq1Xq9en1tDGngygg7oSeePfRJ3G+rbb19A7b\/2wjcLBmdMl+Pw2j2DZyEiRec1oDsue264Pzgbygfhe5yS+mZagbHWpTqC\/ojai\/ok4Yu\/+PDAXsVHx4uhoP7R\/Y9dshr\/M1+ttll2xG+HUxS8Ec6O\/8Odx\/4bvfDD\/v7MIg0cBAGEYT9KIp3975FMkkjcNGiVJ79AZ7LwgvccFEFgKMojDpc7wzwGO8m4fyHTiz98d43vqr6oUOo7hUvqEp2dSb9WIpS+Y5yrxaLRdG9CsLkKU5H4wjcwiq6wTtnBPyzHYHL+eS5nZ3azll2PQudlTt+OJlIQL0ztqHPM6ELnuWTk0a\/hV4QJ+C4d2pnQpXN01GcbCp8++bg4O2boBOArzexkzCCXtyOGzrpDHw="} diff --git a/test/results/alexa-app.pcapng.out b/test/results/alexa-app.pcapng.out index 9d3c059b5..b130e56ef 100644 --- a/test/results/alexa-app.pcapng.out +++ b/test/results/alexa-app.pcapng.out @@ -238,7 +238,7 @@ 02380{"flow_id":28,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":278804,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcCfVAAOcGkFk0XuiGrBAq2AG7sl2f4NcO4WEA41AYf\/nzkwAAFgMBDLwCAABGAwFY3n0prRqzn+uUe7J2SGc9ycgvCdlpITNiR\/tB85Rx3CCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} 02382{"flow_id":28,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":279162,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcCfdAAOcGkFc0XuiGrBAq2AG7sl2f4NzC4WEA41AYf\/lbwwAAjFI1u1wWl1G2XSDRRsDgI05xF\/R2SRNbNYayAiBoL+6shVDZBDW9cxLOAAPLGwr35RrKdMLHjy3gwdZfEgB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWZBMcTwAAAQDAEgwRgIhALW9429CqWlJmY7bsqgu877wDiK6qslUq22hmi82aGQuAiEA2sOA1mIiLp7MIPis4\/n9ebUdQVRvG4dTZRoBrrVuMJswDQYJKoZIhvcNAQELBQADggEBAGYgKBIO9j5PJS1o\/wh6NT0DbzNhpExM4s36xlh\/fdFoLOzD3MnFCJ92BlxhyyvXuoWU5uoJMfpq+5QaGibLkf7L6tpnIbnlsv4eXNCJnZsn\/YBiXZkzN8b0IMudSLmP1WtQYDl4qM4g+dti6uq\/rY1mAvLnRMTSDUWsocTd+dUcSc5G9RwVrTdrCca7zCZA+MaMWAROzv86e0RCAZWlVC3xvQC\/4FJLnaRjBmVXMbodATyrnvRkt3AgTo9sdFFTCD3TqzZ4hhKNo+3kKUQSzvXWIBA1lvWZEvNmv9bA1\/cd7RNj4GLWLyUls2RjBH8NrYvZUa7GVTRCoAo+oCutXFUABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM="} 00886{"flow_id":28,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":279232,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"ePiC0\/vCAMDKkVoBCABFAAGBCflAAOcGlLA0XuiGrBAq2AG7sl2f4OJ24WEA41AYf\/mxKwAANDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccOAAAA"} -01460{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":7,"flow_first_seen":1490976041156,"flow_last_seen":1490976041279,"flow_tot_l4_data_len":3640,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +01427{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":7,"flow_first_seen":1490976041156,"flow_last_seen":1490976041279,"flow_tot_l4_data_len":3640,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} 00414{"flow_id":28,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":281352,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoTnNAAEAG+I+sECrYNF7ohrJdAbvhYQDjn+DcwlAQAWKnpAAA"} 00414{"flow_id":28,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":286136,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoTnRAAEAG+I6sECrYNF7ohrJdAbvhYQDjn+DidlAQAW2h5QAA"} 00415{"flow_id":28,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":286407,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoTnVAAEAG+I2sECrYNF7ohrJdAbvhYQDjn+Djz1AQAXmggAAA"} @@ -266,14 +266,14 @@ 00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1490976041400,"flow_last_seen":1490976041448,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00423{"flow_id":30,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":498208,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoOWdAAOcGZps0XuiGrBAq2AG7sl88IzNBq4r1ElAQf\/h38gAAAAAAAAAA"} 00534{"flow_id":30,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":498343,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9OWlAAOcGZkQ0XuiGrBAq2AG7sl88IzNBq4r1ElAYf\/hRjgAAFgMBAEoCAABGAwFY3n0pDLntLgGwykQIDtHcfl7EStFhzm1bm1QlaW9friCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":6,"flow_first_seen":1490976041400,"flow_last_seen":1490976041498,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":6,"flow_first_seen":1490976041400,"flow_last_seen":1490976041498,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00490{"flow_id":30,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":498392,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdOW5AAOcGZl80XuiGrBAq2AG7sl88IzOWq4r1ElAYf\/geWwAAFgMBADDsOjqesfDUuV579G+uPu83a\/hqraVpKsCM2bckzAXis8k6OSXRw1uoTW+upJFbDWk="} 00414{"flow_id":30,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":499565,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoumFAAEAGjKGsECrYNF7ohrJfAburivUSPCMzllAQAVf2PgAA"} 00414{"flow_id":30,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":499850,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoumJAAEAGjKCsECrYNF7ohrJfAburivUSPCMzy1AQAVf2CQAA"} 00498{"flow_id":30,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":500150,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"AMDKkaPvePiC0\/vCCABFAABjumNAAEAGjGSsECrYNF7ohrJfAburivUSPCMzy1AYAVf5oAAAFAMBAAEBFgMBADDA0tOeFpmMpXJArHJfzDEeAdxCbwhctWkDJ4\/AcSBVfFMlW9BPadbUTr5VYo5O1Bg="} 00423{"flow_id":29,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":502643,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAon6JAAOcGAGA0XuiGrBAq2AG7sl5u82R99bmeuFAQf\/ggEgAAAAAAAAAA"} 00535{"flow_id":29,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":502807,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9n6RAAOcGAAk0XuiGrBAq2AG7sl5u82R99bmeuFAYf\/jNrQAAFgMBAEoCAABGAwFY3n0pbDqO6chsJ3SoiJ8G0aBxUtUUc4QIfjuGKH\/QpiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1490976041384,"flow_last_seen":1490976041502,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1490976041384,"flow_last_seen":1490976041502,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00491{"flow_id":29,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":502885,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdn6ZAAOcGACc0XuiGrBAq2AG7sl5u82TS9bmeuFAYf\/hLQgAAFgMBADCMDbwz1N2klcG9R\/iPv\/mjvmP9rWFYOVWX087nrtQOXmgu6MtSemVy1T2TGAoU778="} 00414{"flow_id":29,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":505056,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07VAAEAGc02sECrYNF7ohrJeAbv1uZ64bvNk0lAQAVeeXgAA"} 00414{"flow_id":29,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":505343,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07ZAAEAGc0ysECrYNF7ohrJeAbv1uZ64bvNlB1AQAVeeKQAA"} @@ -419,7 +419,7 @@ 00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1490976044219,"flow_last_seen":1490976044288,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00423{"flow_id":44,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":330889,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoGa5AAOcGhlQ0XuiGrBAq2AG7smlcwjrM0o9l+lAQf\/i30QAAAAAAAAAA"} 00535{"flow_id":44,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":331031,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9GbBAAOcGhf00XuiGrBAq2AG7smlcwjrM0o9l+lAYf\/gsSgAAFgMBAEoCAABGAwFY3n0s+OFwAO8V\/5J6dyfR1C1CHVmCDi1eUwthRlD2rSCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":6,"flow_first_seen":1490976044189,"flow_last_seen":1490976044331,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":6,"flow_first_seen":1490976044189,"flow_last_seen":1490976044331,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00492{"flow_id":44,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":331076,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdGbJAAOcGhhs0XuiGrBAq2AG7smlcwjsh0o9l+lAYf\/hUwAAAFgMBADAnovXOyV8I2l\/aGa4Z1HI7eesiC0mUpD5+e4a9mo+VIF8oB\/XZKt\/k1+6yk4TgmJU="} 00414{"flow_id":44,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":334376,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKptAAEAGHGisECrYNF7ohrJpAbvSj2X6XMI7IVAQAVc2HgAA"} 00414{"flow_id":44,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":335539,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKpxAAEAGHGesECrYNF7ohrJpAbvSj2X6XMI7VlAQAVc16QAA"} @@ -427,7 +427,7 @@ 01954{"flow_id":44,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":358207,"pkt_caplen":1184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1184,"pkt_l4_len":1150,"pkt":"AMDKkaPvePiC0\/vCCABFAASSKp5AAEAGF\/usECrYNF7ohrJpAbvSj2Y1XMI7VlAYAVduRgAAFwMBACD6x\/Zk0wa9qRDBPzApOk9T4ya3blcW9w7ApUDXeNnBnRcDAQRAtpi0OCxmenL7SJXTpT9K+d1V4BWKnZmYpgrD2cTVP7OYZC5ne7g\/yaVBLkpp8iMUm78s878m+0UdddxZXnk6JFhEOc\/KBocdHFFdDyZK5bBrKAYGWwgIdHm04hIW\/KcZIDM6n8Ot2fx9IKro7XnGt7D7JKO\/mPThYhQX54JmUvXVzZQe4hOv1DWNzmuPYV59UJwJJ2G+ceNAtS\/UcibInMAqeK7x0\/pWwIP9immIPdN9rCXsQwD3LGHuiWupr6mszJxc1VoZBXa\/Xy\/m7K9TBtxGEI7oSNq0sLVcHJMQnW5aqu64+3HOXKat622tDSzbnsdENV+HcXmorZtH+AUESxgnN1xn46L8gNn6HuGBnkqSr43u\/awrOAa3OV\/6CefI3yb48\/CK5q6s6ULRRBv2NCsfFVlHivJ5svg811t3pzzqAETXkNC46B8nnjgEyzWCmaRNnDYvMKywGUio9PT8Yg8FHzpp6F+EW5WlQjUMQz5ejUZwPXWwGmXCENtph\/+6VTtepSRntfkav1dorjGc0mYB99EeBK03hpsTbG9M7IJ5igulYwF++XZwA96LHS8K21q1RuWcvvvgZNUFEkPrD4h\/Mo4eVa9neSmcHKtzOqu\/s+oyHmyObsYQOyGtYjLhd3GzNHgHSlXVFQKyR1rhl4ye1g9qvtOIJ6vP8\/vsC7WS2K9Fzafgl1RNooyeSNu8\/lh5ZmFIlVApbseB26049mAueBi3BF7mPwRG9AXPxZanL3bZEm3HQdJ+vjUZFW\/g99s8KN2yNoWznxxk9FlBUKUI9veK19aely+oK\/cvs5Y55GhoQ0ufCw2zlbMbuTHDKysjTOuzQBzc\/HJy07Mt0cXlhrDgEDxTQl37gFtmHosf7gwj0BHvjexfb8mtVhEIS4RxYR7eNgxZxC3zsNDoh5532ASbtL0Pvl0N1SpottL598Vq8feFQ7MQkwcFQIdVD71nYSfzduRQCudzKalg2XH4fNMVIgWyn8U7yuhJw19V6fhO2w8MP9jqFAcjXj+h0izh13DM5N0tI7P3LYAzZoYewiXnqkDsjPfDGUtjO\/2XO3M2AuhR+4wIKSIQazMUqGyW7YWCXU8dFYTvxIQXOxKANP\/9i2REk2B+w6H3ecAmjHiSN9Y6SRtsGpgv3rgnRKIjlN6LLP4YUzRd1Sjd6Z0lbcWMbOzesWXw1uUQGyC0ltSfrJf884LzrTnAFGTtUH5jUOnhUdElJZePPWuDkuxFBolCztDRXE8FgGGfm3uPS83nJ1Ne7ArJ02wcwHenGcjWSvW5yIzyZk\/6kp3kCG7xNkvc0Y54e5T1dRkqHnuSfPaD+eqZmgg1vM1xHwFGU2n6so3Mg532Db2jaBMLAWbAHIc+SXnIhSkz1ZZka34mhTU291gqxO1V7hTiddNmScPQOnD9RvQm\/ILMnNN3moOZ3RXFWhFf1UV0oZPdWXc="} 00423{"flow_id":45,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":404656,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAocTtAAOcGLsc0XuiGrBAq2AG7smoL+FEzEvIfyFAQf\/j4AwAAAAAAAAAA"} 00535{"flow_id":45,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":404790,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9cVFAAOcGLlw0XuiGrBAq2AG7smoL+FEzEvIfyFAYf\/iwjAAAFgMBAEoCAABGAwFY3n0sVxO5X7DJN00ajdk\/JSDP+a79Z9DaYVUUTp6X6SCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":6,"flow_first_seen":1490976044219,"flow_last_seen":1490976044404,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":6,"flow_first_seen":1490976044219,"flow_last_seen":1490976044404,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00490{"flow_id":45,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":404834,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdcWBAAOcGLm00XuiGrBAq2AG7smoL+FGIEvIfyFAYf\/gdhwAAFgMBADDVrr4si7BrFvG9TfhBXjNkgRRwAR0mp9ik9R+4xk\/I+FfdYAFc76qSetrnK94Ynuw="} 00416{"flow_id":45,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":407840,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoUVBAAEAG9bKsECrYNF7ohrJqAbsS8h\/IC\/hRiFAQAVd2UAAA"} 00416{"flow_id":45,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":408717,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoUVFAAEAG9bGsECrYNF7ohrJqAbsS8h\/IC\/hRvVAQAVd2GwAA"} @@ -475,18 +475,18 @@ 00694{"flow_id":43,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":649888,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"pkt":"AMDKkaPvePiC0\/vCCABFAAD1byFAAEAG3VysECrYSBXOh6SSAbsCViBxEm5sr1AYAVf8bgAAFgMBAMgBAADEAwOSNimGSrtikrr4BiDGBJaapUtZMMHJl95wUbRDfz5SFQAAIJqazKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAeyoqAAD\/AQABAAAAABYAFAAAEWZscy1uYS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIOjoAHQAXABiKigABAA=="} 00445{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":679697,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzRAAEAGfuWsECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9isAAAAgQFtAQCCAoA9k\/EAAAAAAEDAwg="} 00534{"flow_id":48,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":687016,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9Mc5AAOcGbd80XuiGrBAq2AG7sm0P1nEOwoOc+1AYf\/iD+AAAFgMBAEoCAABGAwFY3n0svZffnx292YM8BnDkyDMEgFU6ZUM30vCin0OQyyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":486,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_first_seen":1490976044502,"flow_last_seen":1490976044687,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":486,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_first_seen":1490976044502,"flow_last_seen":1490976044687,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00489{"flow_id":48,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":687134,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdMdhAAOcGbfU0XuiGrBAq2AG7sm0P1nFjwoOc+1AYf\/i8uQAAFgMBADAjXdzGD8p9YnQldHh9YxALXWAXwN1X3Cmt0G+oL1RCiXl9rY9v1aF9RuFZZWwMLZo="} 00423{"flow_id":47,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":687177,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo9upAAOcGqRc0XuiGrBAq2AG7smyRBTVdVCNYdVAQf\/gU7AAAAAAAAAAA"} 00534{"flow_id":47,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":687209,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB99uxAAOcGqMA0XuiGrBAq2AG7smyRBTVdVCNYdVAYf\/iJZgAAFgMBAEoCAABGAwFY3n0sVJwAfa+qP+pSlcjK0QgKsfteydM32nitjujcFSCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":489,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":6,"flow_first_seen":1490976044488,"flow_last_seen":1490976044687,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":489,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":6,"flow_first_seen":1490976044488,"flow_last_seen":1490976044687,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00490{"flow_id":47,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":687243,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABd9vNAAOcGqNk0XuiGrBAq2AG7smyRBTWyVCNYdVAYf\/gbZAAAFgMBADA31L1CpuSX9tvoBVAXj3uLQtt2VG0MIpbTs\/buU9YZgPAOSIfvD1zRD+pCLCOtz2U="} 00534{"flow_id":50,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":687345,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9LZ9AAOcGcg40XuiGrBAq2AG7sm+mtiDvi1jsllAYf\/i0FAAAFgMBAEoCAABGAwFY3n0sREHukAACBv+MMlmfhll64s8dZ38b+V21ucVGlyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_first_seen":1490976044521,"flow_last_seen":1490976044687,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_first_seen":1490976044521,"flow_last_seen":1490976044687,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00489{"flow_id":50,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":687474,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdLaVAAOcGcig0XuiGrBAq2AG7sm+mtiFEi1jsllAYf\/i3vwAAFgMBADCHc5j7nnRvQUlwwt7OEPWVsuRdvVFekiQ9SdJ8bXwjg8Akhsvu1Z2MXY6j060G5Yc="} 00423{"flow_id":49,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":687923,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAov01AAOcG4LQ0XuiGrBAq2AG7sm67yvGc9I48klAQf\/ipXAAAAAAAAAAA"} 00534{"flow_id":49,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":687978,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9v1RAAOcG4Fg0XuiGrBAq2AG7sm67yvGc9I48klAYf\/hhGwAAFgMBAEoCAABGAwFY3n0s7cPTzU4hNB9icb7jbExZLZvgvDr5J+5XL+M+HiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":495,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":6,"flow_first_seen":1490976044509,"flow_last_seen":1490976044687,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":495,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":6,"flow_first_seen":1490976044509,"flow_last_seen":1490976044687,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00414{"flow_id":48,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":690858,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07xAAEAGc0asECrYNF7ohrJtAbvCg5z7D9ZxY1AQAVclzwAA"} 00414{"flow_id":48,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":691135,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo071AAEAGc0WsECrYNF7ohrJtAbvCg5z7D9ZxmFAQAVclmgAA"} 00497{"flow_id":48,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":691266,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"AMDKkaPvePiC0\/vCCABFAABj075AAEAGcwmsECrYNF7ohrJtAbvCg5z7D9ZxmFAYAVfKLQAAFAMBAAEBFgMBADDUJkMOPMfhB4anjuCQG2H2kK8Z2iKH2qchiPRHNBXVdsy\/2Or2nf4s8tk0u80fjyA="} @@ -545,7 +545,7 @@ 00738{"flow_id":51,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":789894,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXdetAAEAG0CisECrYNF7ohrJwAbub2CWahTe5cVAYAVeQeAAAFgMBAOoBAADmAwN6ZK5x9InIPwhDa7EIgt6sqwDEMRodN28AtgITxHZ1ayCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9qqoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYenoAAQA="} 00423{"flow_id":51,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":847559,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoR8pAAOcGWDg0XuiGrBAq2AG7snCFN7lxm9gmiVAQf\/iG2AAAAAAAAAAA"} 00535{"flow_id":51,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":847694,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9R8xAAOcGV+E0XuiGrBAq2AG7snCFN7lxm9gmiVAYf\/i2zwAAFgMBAEoCAABGAwFY3n0uDRrjb7Rl5ESNrS8pG4ecfknI5kybUgs\/rB4e7SCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00852{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":605,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":7,"flow_first_seen":1490976046418,"flow_last_seen":1490976046847,"flow_tot_l4_data_len":731,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":605,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":7,"flow_first_seen":1490976046418,"flow_last_seen":1490976046847,"flow_tot_l4_data_len":731,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00491{"flow_id":51,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":849119,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdR\/lAAOcGV9Q0XuiGrBAq2AG7snCFN7nGm9gmiVAYf\/gZFQAAFgMBADANfMyy4KIo6icdo8GNdDAB+esaUQk8GNHXpAT7M+S\/GBPSyuHnlnjn6sgfLR3UVTI="} 00414{"flow_id":51,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":849760,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAodexAAEAG0RasECrYNF7ohrJwAbub2CaJhTe5xlAQAVcFJQAA"} 00415{"flow_id":51,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":850039,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAode1AAEAG0RWsECrYNF7ohrJwAbub2CaJhTe5+1AQAVcE8AAA"} @@ -587,7 +587,7 @@ 00485{"flow_id":53,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":170645,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"AMDKkaPvePiC0\/vCCABFAABbzElAAEAGR8KsECrYNu8YuoTyAbvILJ34BpMSbVAYAVvjlwAAFAMDAAEBFgMDACgAAAAAAAAAAKkrW6jYA92r8fgxBOnEadGYlxCo1\/QzhHlmwLBya6jy"} 01455{"flow_id":53,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":193531,"pkt_caplen":820,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":820,"pkt_l4_len":786,"pkt":"AMDKkaPvePiC0\/vCCABFAAMmzEpAAEAGRPasECrYNu8YuoTyAbvILJ4rBpMSbVAYAVvMLAAAFwMDAvkAAAAAAAAAAQGiim6vqRb1hZSmxgRWrcKu1i5RuXpIX86FMLd0DChNPKyb2eEUo6v8LHWIpYn7Lr+3KF6Nra3fNXPAXtVfBF2zjNSQaJz\/FH1wJcF4o6kMr7KZYg0BmGTepnR0hUuh5dZCkwx49nisEt1zDQO2cEMJZd2TbULnt0scCphOIHjiGBWMMQFd\/E1ykFVXCqDudeCdh6V1AkVaVyQ+uv98smhSMh1ov79FopkEdF+nUj4KiQKnbXwM7\/Z4YvPJCIkZFdBakTmLpX\/dMYz\/yFRf3D5IFOjrfVuKrXrqdoDFqVDaBopxanBjidWtoYubkKyO2wqm3hBB3B7DEiC8xwomCU+qrq8WFxsV22leKl4jIoq60wrLgGJN\/fK1Mt76M2EN4Qb6\/piyem1+n1MWQm2ndmZVZPPz8vcADa+snxoEXZSMYaq4h66edSMn+GbArPLEqOacwQAsQqdkYz08NuMzrrX47XJfS3r5f4qxikj9V2e9EoZY6gNpUf5ohjKcMvkzpm5COyWu+IA2XaJ9gPIjKnd3EFOcbAerbAmkDws\/o+2LxO+FtwkmHXugiHcC9Is\/36M0wFhMx8FmDW\/nUTnrOVr0w5F6Ctp47Lkj1C5\/PRY4L4TTleBc4ZlshROVke7JgZ0hcojuHzsvNxl3u7xlhf92IGS0ZR+MudncMNcJgDO9gA\/IN\/ROBhZxg2yjxdsJMOa0Op+iVqyLMLevMFocPAUU3gaC+RON8kgijNexdslcC+sA5SDelwgpNGNlf2Rm+89YWRW3T93x7xfb5xMRFL1y5e827yzKtV0XeMYSb03ynoZkaC0hfBZrFH1lMuECmBh4TIsFfcLTxm66wI+iItNp5W243XFHvfM0VLWpwyteh4kUrXBWmPf7cLE7UBMoGQky2NJPbyBxcg34Ryr5GYyWFzg4OGUoBc9hM8WbmxOJGkg0UAy9eCfYasR2wTy51BugAtq3mD6Wnk2Fp2XWdT16xPtTvXJKfS3MZa5lVxkG9A=="} 00534{"flow_id":54,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":217627,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9T+pAAOcGT8M0XuiGrBAq2AG7snPq5wFpkYQUI1AYf\/jAygAAFgMBAEoCAABGAwFY3n0vHwUTKh3kRQicQrFbwZi3ae4Tj1002+Y32pnlTCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":5,"flow_first_seen":1490976047096,"flow_last_seen":1490976047217,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":5,"flow_first_seen":1490976047096,"flow_last_seen":1490976047217,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00489{"flow_id":54,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":217806,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdUAVAAOcGT8g0XuiGrBAq2AG7snPq5wG+kYQUI1AYf\/hlPgAAFgMBADAFstU4O48FFKnsq96DRhn6BmvmDlkeJmD4BEWUoY6SO6YVcyL6Vtc8D2agPyfeZgM="} 00602{"flow_id":54,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":217855,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"ePiC0\/vCAMDKkVoBCABFAACyT+pAAOcGT440XuiGrBAq2AG7snPq5wFpkYQUI1AYf\/ipBQAAFgMBAEoCAABGAwFY3n0vHwUTKh3kRQicQrFbwZi3ae4Tj1002+Y32pnlTCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABARYDAQAwBbLVODuPBRSp7Kveg0YZ+gZr5g5ZHiZg+ARFlKGOkjumFXMi+lbXPA9moD8n3mYD"} 00414{"flow_id":54,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":218621,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoQ4lAAEAGA3qsECrYNF7ohrJzAbuRhBQj6ucBvlAQAVd0NAAA"} @@ -674,7 +674,7 @@ 00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_first_seen":1490976054009,"flow_last_seen":1490976054072,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00423{"flow_id":58,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976054,"pkt_ts_usec":168161,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAopJ1AAOcG+2Q0XuiGrBAq2AG7snc6VHcqQzV9JVAQf\/gWAwAAAAAAAAAA"} 00534{"flow_id":58,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976054,"pkt_ts_usec":168300,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9pJ9AAOcG+w00XuiGrBAq2AG7snc6VHcqQzV9JVAYf\/iO8gAAFgMBAEoCAABGAwFY3n02pkfhRwxBuUracjcXGcG8ABcBgmQTmuIOOTaqxiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":785,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":6,"flow_first_seen":1490976054009,"flow_last_seen":1490976054168,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":785,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":6,"flow_first_seen":1490976054009,"flow_last_seen":1490976054168,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00491{"flow_id":58,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976054,"pkt_ts_usec":168397,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdpKxAAOcG+yA0XuiGrBAq2AG7snc6VHd\/QzV9JVAYf\/gC9QAAFgMBADBYgJOSAG3KoN5t3OUr36PqwqfhVZjAlZL1ZW1YvCcO85\/UenkepVu7W6vQ7zsoOfE="} 00414{"flow_id":58,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976054,"pkt_ts_usec":169775,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoL1VAAEAGF66sECrYNF7ohrJ3AbtDNX0lOlR3f1AQAVeUTwAA"} 00414{"flow_id":58,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976054,"pkt_ts_usec":170745,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoL1ZAAEAGF62sECrYNF7ohrJ3AbtDNX0lOlR3tFAQAVeUGgAA"} @@ -696,7 +696,7 @@ 00737{"flow_id":60,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":32132,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXqupAAEAGmymsECrYNF7ohrJ4AbvwDv4ddXds+FAYAVeo8gAAFgMBAOoBAADmAwMoaRx1UdIM893OKMmXrcWPDPO7AujafDygNOivm9PC5iCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgKirMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9GhoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYenoAAQA="} 00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_first_seen":1490976057977,"flow_last_seen":1490976058032,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00534{"flow_id":60,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":82623,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9+TBAAOcGpnw0XuiGrBAq2AG7snh1d2z48A7\/DFAYf\/grMQAAFgMBAEoCAABGAwFY3n06YnWpXQ3KkZkNmnBbnjScZILp4v2nCTgeJCnodCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":806,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":5,"flow_first_seen":1490976057977,"flow_last_seen":1490976058082,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":806,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":5,"flow_first_seen":1490976057977,"flow_last_seen":1490976058082,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00489{"flow_id":60,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":82765,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABd+TNAAOcGppk0XuiGrBAq2AG7snh1d21N8A7\/DFAYf\/jnbAAAFgMBADB2ISI7ic+YHEik9OHUqENQACfM8Us2ZYbtF3T4R9O9hQhS2mrApgCURbQdUSxBJUI="} 00413{"flow_id":60,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":808,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":83814,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoqutAAEAGnBesECrYNF7ohrJ4AbvwDv8MdXdtTVAQAVc0nAAA"} 00413{"flow_id":60,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":84094,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoquxAAEAGnBasECrYNF7ohrJ4AbvwDv8MdXdtglAQAVc0ZwAA"} @@ -826,7 +826,7 @@ 02382{"flow_id":69,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":977,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":432100,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcbd1AAOcGLHE0XuiGrBAq2AG7sn5peFknyPjBslAYf\/lsuQAAFgMBDLwCAABGAwFY3n1HWF0PVS6Hh\/OB54ewWN7EQ\/JAGtKcxvduR4tcQiB4kgfiZLrEZoIvfOT\/tQMGZLL4w9FhfVsGJHEZL4q82wAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} 02382{"flow_id":69,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":432413,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcbd9AAOcGLG80XuiGrBAq2AG7sn5peF7byPjBslAYf\/lniwAAjFI1u1wWl1G2XSDRRsDgI05xF\/R2SRNbNYayAiBoL+6shVDZBDW9cxLOAAPLGwr35RrKdMLHjy3gwdZfEgB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWZBMcTwAAAQDAEgwRgIhALW9429CqWlJmY7bsqgu877wDiK6qslUq22hmi82aGQuAiEA2sOA1mIiLp7MIPis4\/n9ebUdQVRvG4dTZRoBrrVuMJswDQYJKoZIhvcNAQELBQADggEBAGYgKBIO9j5PJS1o\/wh6NT0DbzNhpExM4s36xlh\/fdFoLOzD3MnFCJ92BlxhyyvXuoWU5uoJMfpq+5QaGibLkf7L6tpnIbnlsv4eXNCJnZsn\/YBiXZkzN8b0IMudSLmP1WtQYDl4qM4g+dti6uq\/rY1mAvLnRMTSDUWsocTd+dUcSc5G9RwVrTdrCca7zCZA+MaMWAROzv86e0RCAZWlVC3xvQC\/4FJLnaRjBmVXMbodATyrnvRkt3AgTo9sdFFTCD3TqzZ4hhKNo+3kKUQSzvXWIBA1lvWZEvNmv9bA1\/cd7RNj4GLWLyUls2RjBH8NrYvZUa7GVTRCoAo+oCutXFUABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM="} 00886{"flow_id":69,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":432488,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"ePiC0\/vCAMDKkVoBCABFAAGBbeFAAOcGMMg0XuiGrBAq2AG7sn5peGSPyPjBslAYf\/m88wAANDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccOAAAA"} -01460{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":979,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":7,"flow_first_seen":1490976071306,"flow_last_seen":1490976071432,"flow_tot_l4_data_len":3640,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +01427{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":979,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":7,"flow_first_seen":1490976071306,"flow_last_seen":1490976071432,"flow_tot_l4_data_len":3640,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} 00414{"flow_id":72,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":433534,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKzBAAEAGG9OsECrYNF7ohrKAAbueQXEes5YaRFAQAVcpOgAA"} 00414{"flow_id":69,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":981,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":433800,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAomstAAEAGrDesECrYNF7ohrJ+AbvI+MGyaXhe21AQAWKzbAAA"} 00414{"flow_id":69,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":982,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":434031,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAomsxAAEAGrDasECrYNF7ohrJ+AbvI+MGyaXhkj1AQAW2trQAA"} @@ -844,7 +844,7 @@ 00738{"flow_id":73,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":992,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":441294,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXfzlAAEAGxtqsECrYNF7ohrKBAbt+UyUGKYaOGlAYAVdE2wAAFgMBAOoBAADmAwMyYJ1Vgi7pXUY+w9BYO5x0QgA8tcoAaPoo5I8kMHaIXSCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgOjrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9mpoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYWloAAQA="} 00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":992,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_first_seen":1490976071385,"flow_last_seen":1490976071441,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00536{"flow_id":68,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":993,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":444188,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9SDRAAOcGV3k0XuiGrBAq2AG7sn0V5Ch\/kScyQVAYf\/iw2AAAFgMBAEoCAABGAwFY3n1HoIqu4iz1t6q3Aw\/d1XGda8i7JbQ0V4SKKTuKVyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":993,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_first_seen":1490976071286,"flow_last_seen":1490976071444,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":993,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_first_seen":1490976071286,"flow_last_seen":1490976071444,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00414{"flow_id":68,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":445213,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoa3xAAEAG24asECrYNF7ohrJ9AbuRJzJBFeQo1FAQAVcEVwAA"} 00489{"flow_id":68,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":445973,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdSJRAAOcGVzk0XuiGrBAq2AG7sn0V5CjUkScyQVAYf\/j50gAAFgMBADBk9BasL9AE3pWKtlUjlgloy1YCNYsbYZdDrY7qJVR6QnHqM5QQ0PVDvzOM8Oobatc="} 00414{"flow_id":68,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":996,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":446909,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoa31AAEAG24WsECrYNF7ohrJ9AbuRJzJBFeQpCVAQAVcEIgAA"} @@ -859,7 +859,7 @@ 00625{"flow_id":68,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1004,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":458411,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"pkt":"AMDKkaPvePiC0\/vCCABFAAC+a4BAAEAG2uysECrYNF7ohrJ9AbuRJzgwFeQpCVAYAVeBxgAA7XzbTfJPCljtPACuxNf910BkKL0BTjK7gsTdQXLRQd3P2iXVx\/zmjFcZIq4k7g08AHhc93Jk3CR+2dz3mTa4E7lk\/aTPA6sgqrE\/Co\/NrrNIKy+oHzLw1hkYlAO9G5J1l\/Dht+MWeLUHkZxUhK8Nh5lTFRXMd7XDp\/j2lVe46PpVFUhtc8XHH7BTzYTSxiXPqf6xOQcn"} 00424{"flow_id":72,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1005,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":486392,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAodjdAAOcGKcs0XuiGrBAq2AG7soCzlhpEnkFyDVAQf\/ipqQAAAAAAAAAA"} 00535{"flow_id":72,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1006,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":486531,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9djlAAOcGKXQ0XuiGrBAq2AG7soCzlhpEnkFyDVAYf\/gwpAAAFgMBAEoCAABGAwFY3n1HZlzaG39Wabnrdmi+ugu5LTH2Z63hbn1vRZ5tPCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00852{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1006,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":6,"flow_first_seen":1490976071380,"flow_last_seen":1490976071486,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1006,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":6,"flow_first_seen":1490976071380,"flow_last_seen":1490976071486,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00491{"flow_id":72,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1007,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":486596,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABddjxAAOcGKZE0XuiGrBAq2AG7soCzlhqZnkFyDVAYf\/jtQAAAFgMBADAFZSWByLsoLy1\/csajsfivnhztXAs4zq7uoYJQMDQFipkxBSRUH6BUVLRAhMv2evI="} 00415{"flow_id":72,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1008,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":487416,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKzJAAEAGG9GsECrYNF7ohrKAAbueQXINs5YamVAQAVcn9gAA"} 00415{"flow_id":72,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":488163,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKzNAAEAGG9CsECrYNF7ohrKAAbueQXINs5YazlAQAVcnwQAA"} @@ -867,7 +867,7 @@ 00425{"flow_id":69,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1011,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":489150,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAocaBAAOcGLmI0XuiGrBAq2AG7sn5peGXoyPjC+FAQf\/QshwAAAAAAAAAA"} 00499{"flow_id":69,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1012,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":494162,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"ePiC0\/vCAMDKkVoBCABFAABjccxAAOcGLfs0XuiGrBAq2AG7sn5peGXoyPjC+FAYf\/RwBQAAFAMBAAEBFgMBADBWGYFWbKhfozhvbfgdlDYFXwWJ5cfzoS2E+uV5UjntiBSNIykATpYl+72N9zISE24="} 00536{"flow_id":71,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":501486,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9TDxAAOcGU3E0XuiGrBAq2AG7sn8uyCJ9obvP2FAYf\/gL4QAAFgMBAEoCAABGAwFY3n1H4DyL9g\/1O6DL9RnLeqLLg8udYmp+nrKe5HWJKCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00852{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1013,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":5,"flow_first_seen":1490976071349,"flow_last_seen":1490976071501,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1013,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":5,"flow_first_seen":1490976071349,"flow_last_seen":1490976071501,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00490{"flow_id":71,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":501624,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdTD5AAOcGU480XuiGrBAq2AG7sn8uyCLSobvP2FAYf\/gBcQAAFgMBADCwRun2EbMj42BvmYCZAbeOlpUhb8bhBcgyWdgABb0A86poQz9hHLJnBv5bFoOHXac="} 00417{"flow_id":71,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":502564,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAolMlAAEAGsjmsECrYNF7ohrJ\/Abuhu8\/YLsgi0lAQAVdDRwAA"} 00417{"flow_id":71,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":504428,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAolMpAAEAGsjisECrYNF7ohrJ\/Abuhu8\/YLsgjB1AQAVdDEgAA"} @@ -875,7 +875,7 @@ 02381{"flow_id":74,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":511769,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcve1AAOcG3GA0XuiGrBAq2AG76TIsDp+zTuXdLVAYf\/kF2gAAFgMBDLwCAABGAwFY3n1HSu1ZxzDw\/auCivD7kMpHzquqECpdXSsk4uYbkCCDPveyl8oknA6Yiw9M10d1fqyNuQQHuX5ZwIOnN4q82wAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} 02383{"flow_id":74,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":512358,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcve9AAOcG3F40XuiGrBAq2AG76TIsDqVnTuXdLVAYf\/mGTQAAjFI1u1wWl1G2XSDRRsDgI05xF\/R2SRNbNYayAiBoL+6shVDZBDW9cxLOAAPLGwr35RrKdMLHjy3gwdZfEgB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWZBMcTwAAAQDAEgwRgIhALW9429CqWlJmY7bsqgu877wDiK6qslUq22hmi82aGQuAiEA2sOA1mIiLp7MIPis4\/n9ebUdQVRvG4dTZRoBrrVuMJswDQYJKoZIhvcNAQELBQADggEBAGYgKBIO9j5PJS1o\/wh6NT0DbzNhpExM4s36xlh\/fdFoLOzD3MnFCJ92BlxhyyvXuoWU5uoJMfpq+5QaGibLkf7L6tpnIbnlsv4eXNCJnZsn\/YBiXZkzN8b0IMudSLmP1WtQYDl4qM4g+dti6uq\/rY1mAvLnRMTSDUWsocTd+dUcSc5G9RwVrTdrCca7zCZA+MaMWAROzv86e0RCAZWlVC3xvQC\/4FJLnaRjBmVXMbodATyrnvRkt3AgTo9sdFFTCD3TqzZ4hhKNo+3kKUQSzvXWIBA1lvWZEvNmv9bA1\/cd7RNj4GLWLyUls2RjBH8NrYvZUa7GVTRCoAo+oCutXFUABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM="} 00887{"flow_id":74,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1020,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":512431,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"ePiC0\/vCAMDKkVoBCABFAAGBvfFAAOcG4Lc0XuiGrBAq2AG76TIsDqsbTuXdLVAYf\/nbtQAANDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccOAAAA"} -01498{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1020,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":7,"flow_first_seen":1490976071392,"flow_last_seen":1490976071512,"flow_tot_l4_data_len":3627,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +01465{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1020,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":7,"flow_first_seen":1490976071392,"flow_last_seen":1490976071512,"flow_tot_l4_data_len":3627,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} 02395{"flow_id":72,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1021,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":512612,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcKzVAAEAGFhqsECrYNF7ohrKAAbueQXJIs5YazlAQAVesjgAAFwMBACA1ItWOhLbsfIMywResWguv6Fwtz0Hp8xzG+xr\/uHTu1xcDAQXwKayzJaPXCA9rVHei6HHIjKLFFPjTlmK2QYga+up3rKSiQhu+VWY49bOw3S\/VgE4d1kxFLpb1z5eR+AZD75MuuacTPbABIwUqP0tJbyMxPgMOIBYetu+sSEG2m4KJVzBvEfBK4XaFHFbAlqSgc+QFmfYymH7kDc7NdLFnVYNqJgPhKsee36dAZSlq3L6GLiJobYNZ4Lkw6GTpSoDukeS1\/ibUFMfHNVxDvPVTsX+pSPB\/ij1X5xj7et2dQ7Q3fupvLf7k395s\/hwpg77cJAAmh3cYWCQS09d0e2M0i6NsPu518OGzJsqIysVUiupo5zZFDQEL1dwFxpw1r5GszQqiNbCInHP+OLQzk8PHcB4ruVmDutKDLdD3tjPLM2SpMjOvhXQgnJz5b6\/9rKTBUUaQxkhYoMrTtDu9JzIzG4FZs3aWsq4mCgZxbISQrLVjk5+a03MTaRSDjkdC2Mu3TfTybgtbTRXBNagXer1uidHze9SXkNgPB\/bVnhRYC5NEDWsZ\/4DG2zEXsmWN6fWvGI4oeyLOiIo9R3xS5LFRbASkV0a9C\/9C2873EoLz2tEubVWvABpBP04f3pV0FllAa4MbCau34t4nKAr4jGeqSEVhcWHam3p68wcK5iGxbm\/MNE51MDmdtSWCwF1tCcqoGvhpr\/nWznjHdnK9\/TfvebIuqwvPkkOFE\/o9MVTaqORDyoJHDVPRnWd8v5pqbK6OUz19UnmPTRYTfOFUmmFighAm3nes+t196gCbsmDuiXuPo8aDukv1rYWgFMCu5O5QzGV9E1hlyBJhiRaBnj3Y5suu0+PACtGDMqt94DuW\/kotF49zn9uYDcRGgivALv8D8iIyngz1e77k+lQQp5roJZYmU7qdQjg2gTawe+gLYZDy4kFG80hKf6ylL8pfz0DTDTTYiFTZIOytaSNpkFoUaxOh0h8K9Hs8zs87dHQRh0z7PggUFFTwRjuO6GFTb+oY1uT5nVfU8hpwdQY4KRQYwwQa5KBp7Yjxz0gj3K5lOZK5BP+JNeevkMTaTTboH\/ncv+fjCIQ+dpyWQzBBAmJny5wz\/u2sBQ\/YehOi10FAfl7KBA7dOyRgeAlj2lhTKUapMeXGF6FcTKa+QQad3LhDE7EXHnDOyjst7Q4WdigaummWRS5JUfzguqEntw36no6ZrNJDibU3FVvd1E7gY4uQzUvHRWS2d4hO9DqZoTU5\/CW+fKIHd892Hs\/0rbP4hpNZXC\/amq39AL26nM0VFHS2RyI3N5jA8zNYBM9qvgfcA4Iway9lKaF0zyXz8p1yPNbN5rrv88ZIkmrpdpklZMEWpXEhQMMNjKvmQuxoDE++6JYZvOxTAHRbjLsm5sKaASAKBBz1+lRrbHyaP2Nr24QRPpdpSNizC2xrHKEr+FbPPrdQZ6XRqMOOHjBFyRO6fLcFHR7uX3EuMd6ulDWzgqFKoAF87FGs+tBMqygAnb8t61k5HbSh2Nz+5lu7gf16ss\/2o7Y\/fRMlBpOtGd7\/WFsSjdvhrLjQJANrLjSZuI0dpHFJVMwGd5Ye1z5F6dGMn0CkhBtEz8n88Bzc5\/u8N3uXpnMk4tj2JI+sl49xuIcSzUD2+SH1TzbUXgdhvDizm662Aa9Ler7JwQMid8Y5jmAR6gHn2zaiuppMaqAezCWHLwB7oz9rvIuJk6UNbHDQ9SneN1lz80arz5mHo2n7vGE3EQ8QuEO8sl64q7G4EJSxGk5i92SbM4JneMyX6wRpQP5wJ+zmr+5lvVJaJqh2IQenn7O0OXcqNvJKnLBTmoOmfWxQVyWpAsawIhRVuH6Ddt5C60\/PztU8hLV4dHrc3N4Ho09Ot9Nb5lK5l1fkvTilhxlZAaLJMAnAMeopcmIu9XRiPZ3zUzBLpNul7CxS1Yw="} 00556{"flow_id":72,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":512894,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"AMDKkaPvePiC0\/vCCABFAACOKzZAAEAGG2esECrYNF7ohrKAAbueQXf8s5YazlAYAVerUAAA1hJWn5K9HkA5GaL8aM62erG6py7j6o3KWQJagZ1eEWONAmFvx9zGif3UeOMt3plh7vtPhBPNAW8uG0UGhVdOxy4RfWyVGqyzsC+9IGrt6ZHBjn04Egmuc9XXNPbkP5Oa8Hk\/NLmc"} 00499{"flow_id":71,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":513034,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"AMDKkaPvePiC0\/vCCABFAABjlMtAAEAGsfysECrYNF7ohrJ\/Abuhu8\/YLsgjB1AYAVf5iQAAFAMBAAEBFgMBADAB7XXixEKXZx9fUSjs4B0EgdAiHDJakuL8sQpJYQbh2fJipuEIESpKffh+zLMRwYo="} @@ -908,7 +908,7 @@ 00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":4,"flow_first_seen":1490976071583,"flow_last_seen":1490976071642,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00424{"flow_id":74,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":672894,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAox49AAOcG2HI0XuiGrBAq2AG76TIsDqyvTuXi3VAQf+NGtQAAAAAAAAAA"} 00535{"flow_id":75,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1063,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":700208,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9hPJAAOcGGrs0XuiGrBAq2AG7soJWhIA3Bx5GkFAYf\/jJCAAAFgMBAEoCAABGAwFY3n1H7tprYGnn77iiblUs3pVsX7OsznnNQ5TSj9yK7yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00852{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1063,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":5,"flow_first_seen":1490976071583,"flow_last_seen":1490976071700,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1063,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":5,"flow_first_seen":1490976071583,"flow_last_seen":1490976071700,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00490{"flow_id":75,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1064,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":700348,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdhPlAAOcGGtQ0XuiGrBAq2AG7soJWhICMBx5GkFAYf\/hrxAAAFgMBADBggpjqg00ss3rdzoekLdoL0PT1y3WvcQwna1zchUAionSGNDMnhNpfXSpqU9zWdAo="} 00415{"flow_id":75,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1065,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":701627,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoH+lAAEAGJxqsECrYNF7ohrKCAbsHHkaQVoSAjFAQAVfhswAA"} 00415{"flow_id":75,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1066,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":701922,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoH+pAAEAGJxmsECrYNF7ohrKCAbsHHkaQVoSAwVAQAVfhfgAA"} @@ -918,7 +918,7 @@ 00739{"flow_id":73,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1071,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":739996,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXfzpAAEAGxtmsECrYNF7ohrKBAbt+UyUGKYaOGlAYAVdE2wAAFgMBAOoBAADmAwMyYJ1Vgi7pXUY+w9BYO5x0QgA8tcoAaPoo5I8kMHaIXSCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgOjrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9mpoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYWloAAQA="} 00425{"flow_id":75,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1074,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":764043,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoiXJAAOcGFpA0XuiGrBAq2AG7soJWhIDBBx5Gy1AQf\/diowAAAAAAAAAA"} 00535{"flow_id":73,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1076,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":803717,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9SlBAAOcGVV00XuiGrBAq2AG7soEpho4aflMl9VAYf\/gclQAAFgMBAEoCAABGAwFY3n1HHbnxbLsDLLoNcR255BOdgpz59QMm4sIttZcWoCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00853{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1076,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":6,"flow_first_seen":1490976071385,"flow_last_seen":1490976071803,"flow_tot_l4_data_len":711,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1076,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":6,"flow_first_seen":1490976071385,"flow_last_seen":1490976071803,"flow_tot_l4_data_len":711,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00490{"flow_id":73,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1077,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":803855,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdSlJAAOcGVXs0XuiGrBAq2AG7soEpho5vflMl9VAYf\/jl4gAAFgMBADCzIi9vBBXuYwKUIiMvYHZXvDconsMjgvxRIJVCQutlwnHiInG5YyCGffU68ceIKNE="} 00415{"flow_id":73,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1078,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":804828,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofztAAEAGx8esECrYNF7ohrKBAbt+UyX1KYaOb1AQAVeqNQAA"} 00415{"flow_id":73,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1079,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":805155,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofzxAAEAGx8asECrYNF7ohrKBAbt+UyX1KYaOpFAQAVeqAAAA"} @@ -1032,12 +1032,12 @@ 00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":4,"flow_first_seen":1490976085829,"flow_last_seen":1490976085978,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00424{"flow_id":86,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1207,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976085,"pkt_ts_usec":978559,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFEAAoAABAAD0Gmy7AqAsBrBAq2B+QliIAAAAAp\/J0hVAUAAA7FAAAAAAAAAAA"} 00536{"flow_id":81,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":218051,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9HHlAAOcGgzQ0XuiGrBAq2AG7sofzK0GhaXd8+1AYf\/gWvgAAFgMBAEoCAABGAwFY3n1WmU2DpWAHVrvTcVkefcqPXG\/VUu7kD2bqD9s6GyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00852{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1208,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":5,"flow_first_seen":1490976085644,"flow_last_seen":1490976086218,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1208,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":5,"flow_first_seen":1490976085644,"flow_last_seen":1490976086218,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00490{"flow_id":81,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1209,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":218236,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdHI5AAOcGgz80XuiGrBAq2AG7sofzK0H2aXd8+1AYf\/iZYQAAFgMBADBumwbswz78F38KYUA1LReV72sE4fP2hoAfRqbMRoILN4Gitrad3ELxUnZammcSf8U="} 00428{"flow_id":83,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":218291,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwSbFAAOcGVkk0XuiGrBAq2AG7soktOgAj+XDMt3ASH\/7IcwAAAgQFtAEDAwY="} 00428{"flow_id":85,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":218325,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwHTJAAOcGgsg0XuiGrBAq2AG7sosHecze3XmCE3ASH\/6IEgAAAgQFtAEDAwY="} 00537{"flow_id":82,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1212,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":218384,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9fsNAAOcGIOo0XuiGrBAq2AG7sojjQR2WxkD3OVAYf\/it4AAAFgMBAEoCAABGAwFY3n1WO78rfAE+1qPfnKCZXIna9VF+PCVlge\/Xf2\/VpyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00852{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1212,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":5,"flow_first_seen":1490976085829,"flow_last_seen":1490976086218,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1212,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":5,"flow_first_seen":1490976085829,"flow_last_seen":1490976086218,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00490{"flow_id":82,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1213,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":218416,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdfsdAAOcGIQY0XuiGrBAq2AG7sojjQR3rxkD3OVAYf\/hsXAAAFgMBADAU6xBGcB9xOb6V3MKpQJBHV2d3SRfKZoqC73gwWwdhkCQFO0MhyvP7PGydhK0Rqtw="} 00415{"flow_id":81,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1214,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":219366,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoI8tAAEAGIzisECrYNF7ohrKHAbtpd3z78ytB9lAQAVfq2AAA"} 00415{"flow_id":81,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1215,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":219650,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoI8xAAEAGIzesECrYNF7ohrKHAbtpd3z78ytCK1AQAVfqowAA"} @@ -1057,7 +1057,7 @@ 00424{"flow_id":81,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1228,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":648216,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoGBtAAOcGh+c0XuiGrBAq2AG7sofzK0IraXeC6lAQf+BmKwAAAAAAAAAA"} 00425{"flow_id":82,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1229,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":648239,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoeUJAAOcGJsA0XuiGrBAq2AG7sojjQR4gxkD3dFAQf\/fItAAAAAAAAAAA"} 00536{"flow_id":83,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1230,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":648262,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9SB9AAOcGV440XuiGrBAq2AG7soktOgAk+XDNplAYf\/gBdQAAFgMBAEoCAABGAwFY3n1W5OOWJNfC\/vUq2mNwZtKQmiBffDQIpiP84nPzOiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00852{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":5,"flow_first_seen":1490976085832,"flow_last_seen":1490976086648,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":5,"flow_first_seen":1490976085832,"flow_last_seen":1490976086648,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00490{"flow_id":83,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":648287,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdSCJAAOcGV6s0XuiGrBAq2AG7soktOgB5+XDNplAYf\/gj4AAAFgMBADB3Tw1XVAuvmIcZBBsRqEr04YWcg2pwJ+22+vesqZrU91kZzVtkEQdmZMtZUaiTOM4="} 00424{"flow_id":82,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":649230,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoeiZAAOcGJdw0XuiGrBAq2AG7sojjQR4gxkD93lAQf93CZAAAAAAAAAAA"} 01189{"flow_id":82,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1233,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":649588,"pkt_caplen":619,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":619,"pkt_l4_len":585,"pkt":"ePiC0\/vCAMDKkVoBCABFAAJde7FAAOcGIhw0XuiGrBAq2AG7sojjQR4gxkD93lAY\/bBVzQAAFwMBAjCqeWI8zN6yfHeNSLuqPghbU4a\/M+CJZqxNxNtF0mhEXG34bJhYJZaPwJjh69HiRzexfolVtKkBl5l4TMXVjTXm9ZS961bwSXAu1yf5GvpAz6DfSa1uA5xIPOFDAdq7UXv1KLidpyq3P9HYnVpd1paI3Ih\/GdzmD19o7ZT48Ne64cxrXVuWMG2+KDG2etHyuy4xYaPVZjC12N\/7psc6p0IsRat4Osb4ZYh2phLPtJGxF+ZU2BzTxttichMPj6\/IGL4yoI1vjCtpUZnQlCh4RMfaOXVWRG4uBWcw8PWpb5q8InMILwb0088o3ep7OldpUsgwa9MLiWA9xiHeVECcmx1pFek818F9q\/91nDE6lMGcRQ7m4Ivb40JYIUkZBUpIxv3qwxSbBfim0HwfdLmklctHmzsw3kPug9X4zwmvq\/RjK7xc+RaA1pIK2ArsCmB48zmG3DVzxSOCA60nD0uO5y4sRq88dF2odMcK2nlzywUodEmipJrxXgIotyBKL3W1VJVbuQ7IUkwqNOb0HQI4v\/bJsQBRs8w0wnnq+1MWbk\/bVK47MxQwpnm\/YSG5BgP+BM4Ibpqkv\/dnq210Dm5UB8ggwYbGyT4MLGGCopK3OJu4aFFl91ly5f4mSR3P7vnpLJyBVtA2+HDZIMT13d4oWoVXjJ2+kPIdplrPNdYxU9YnUNpsB0pKfIfZUwbKrabtB6N\/iadnJaD24\/yZe7JMVU\/DTLqYS4G6crqe38sXYL3UNg=="} @@ -1108,11 +1108,11 @@ 00738{"flow_id":88,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1292,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":16140,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXNF5AAEAGEbasECrYNF7ohrKOAbuEplS1QGBw+lAYAVeALwAAFgMBAOoBAADmAwO2qvjWcAzn6foPrm6RG05xGgv+E5HiiVFKOX3z9RkdZCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgurrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9+voAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACKqqAB0AFwAY2toAAQA="} 00423{"flow_id":88,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1293,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":37623,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo4RtAAOcGvuY0XuiGrBAq2AG7so5AYHD6hKZVpFAQf\/j8HwAAAAAAAAAA"} 00534{"flow_id":88,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":37761,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB94R1AAOcGvo80XuiGrBAq2AG7so5AYHD6hKZVpFAYf\/hPBgAAFgMBAEoCAABGAwFY3n1ZkgSfZxpUVsjukL3QGrN+GftTic3QmVujVubAeSCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00853{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1294,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":7,"flow_first_seen":1490976088631,"flow_last_seen":1490976090037,"flow_tot_l4_data_len":731,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1294,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":7,"flow_first_seen":1490976088631,"flow_last_seen":1490976090037,"flow_tot_l4_data_len":731,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00489{"flow_id":88,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1295,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":37804,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABd4SBAAOcGvqw0XuiGrBAq2AG7so5AYHFPhKZVpFAYf\/iKdwAAFgMBADBXbXWv9x8yogHMZKeomD9A3X3jhBGhFOe49dACaecBIRmNbQNQ40Kg6WMt6HISTwA="} 00424{"flow_id":87,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1296,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":37840,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoexpAAOcGJOg0XuiGrBAq2AG7so2w2ze\/vRy3sFAQf\/gqXgAAAAAAAAAA"} 00537{"flow_id":87,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1297,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":37872,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9ex1AAOcGJJA0XuiGrBAq2AG7so2w2ze\/vRy3sFAYf\/h6IgAAFgMBAEoCAABGAwFY3n1Zaj55sS+EvodLnj8hxDSUiAwyyX\/BEsibV0fx7yB4kgfiZLrEZoIvfOT\/tQMGZLL4w9FhfVsGJHEZL4q82wAvABQDAQABAQ=="} -00853{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1297,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":7,"flow_first_seen":1490976088605,"flow_last_seen":1490976090037,"flow_tot_l4_data_len":731,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1297,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":7,"flow_first_seen":1490976088605,"flow_last_seen":1490976090037,"flow_tot_l4_data_len":731,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00489{"flow_id":87,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":37931,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdeyBAAOcGJK00XuiGrBAq2AG7so2w2zgUvRy3sFAYf\/hhmwAAFgMBADAbRVoyWiOBYOT3tZ1jA+7dCzYcrialI08fyQ25bUqqMrZSfP1nFclwrDaYAGhuKLs="} 00427{"flow_id":93,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1300,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":38134,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwtKtAAOcG6040XuiGrBAq2AG7spNBzzb30hct0XASH\/5DQAAAAgQFtAEDAwY="} 00428{"flow_id":89,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":38242,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwe6ZAAOcGJFQ0XuiGrBAq2AG7so\/BFRS5iAxcNXASH\/4B4wAAAgQFtAEDAwY="} @@ -1157,12 +1157,12 @@ 00415{"flow_id":91,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":284091,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoAmJAAEAGRKGsECrYNF7ohsHbAFAaMGN7Nq6xqlAQAVeSgAAA"} 00415{"flow_id":91,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1341,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":294432,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoAmNAAEAGRKCsECrYNF7ohsHbAFAaMGN7Nq6xqlARAVeSfwAA"} 00536{"flow_id":93,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":313083,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9oyNAAOcG\/Ik0XuiGrBAq2AG7spNBzzb40hcuwFAYf\/gzBgAAFgMBAEoCAABGAwFY3n1aF6lPPNih6vU2L516RRA2PNaAuJQVoSG0DdNj8SCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00852{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1343,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":5,"flow_first_seen":1490976089239,"flow_last_seen":1490976090313,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1343,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":5,"flow_first_seen":1490976089239,"flow_last_seen":1490976090313,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00492{"flow_id":93,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":313127,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdoytAAOcG\/KE0XuiGrBAq2AG7spNBzzdN0hcuwFAYf\/jUMQAAFgMBADA0x1J7d28auzJxT4u1gKAxdUtWHUew0ZE\/2kS5Yg5wnR4VIrBhZAM9ViqPAHjPKYs="} 00535{"flow_id":90,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1345,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":313160,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9+spAAOcGpOI0XuiGrBAq2AG7spCu8tJnAyB2TVAYf\/h1PwAAFgMBAEoCAABGAwFY3n1a2HUEHb8l+gdOfm0Wpe53BCEMctORC57U0hROwiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00852{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":8,"flow_first_seen":1490976088958,"flow_last_seen":1490976090313,"flow_tot_l4_data_len":540,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":8,"flow_first_seen":1490976088958,"flow_last_seen":1490976090313,"flow_tot_l4_data_len":540,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00536{"flow_id":92,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":313192,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9gXVAAOcGHjg0XuiGrBAq2AG7spKfnILWmm2\/qlAYf\/graAAAFgMBAEoCAABGAwFY3n1ai4AZfffdz5bHBi2EULPj6iyOuJD7kDTLpt0SsyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00852{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1346,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":5,"flow_first_seen":1490976089227,"flow_last_seen":1490976090313,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1346,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":5,"flow_first_seen":1490976089227,"flow_last_seen":1490976090313,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00424{"flow_id":87,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":313223,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAogXlAAOcGHok0XuiGrBAq2AG7so2w2zhJvRy6pVAQf+wm6wAAAAAAAAAA"} 00490{"flow_id":90,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1348,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":313255,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABd+tBAAOcGpPw0XuiGrBAq2AG7spCu8tK8AyB2TVAYf\/ihaAAAFgMBADDHfuUUhfI1VeevQcG7Dtps2YOp0PzTwPXBH9I11FOaaptlvKvSxGvagTHcLnkxJmc="} 00491{"flow_id":92,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1349,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":313290,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdgXtAAOcGHlI0XuiGrBAq2AG7spKfnIMrmm2\/qlAYf\/gFiAAAFgMBADDdEn3FnYpyhAP6tAWBSGDR3e8YizyMcWbhCxETNYkJSRnD2z4Ks3QnAjsWHd6G06I="} @@ -1279,7 +1279,7 @@ 00424{"flow_id":92,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1580,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976098,"pkt_ts_usec":838042,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoiNpAAOcGFyg0XuiGrBAq2AG7spKfnINgmm3FmVAQf+AE1QAAAAAAAAAA"} 00739{"flow_id":89,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1585,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976099,"pkt_ts_usec":220208,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXPT9AAEAGCNWsECrYNF7ohrKPAbuIDFw1wRUUulAYAVfLTAAAFgMBAOoBAADmAwPjfQc08nicJlIWvpWTsnguVDAWVUUtWHA8jlVxZgUfkiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAg6urMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9CgoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACHp6AB0AFwAYOjoAAQA="} 00538{"flow_id":89,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976099,"pkt_ts_usec":286339,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9dQ5AAOcGKp80XuiGrBAq2AG7so\/BFRS6iAxdJFAYf\/g3GQAAFgMBAEoCAABGAwFY3n1j3jcPsMcAIdiIuSLM88\/OFSZtrCeaXYUsGhLw9iCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00855{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1586,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":10,"flow_first_seen":1490976088937,"flow_last_seen":1490976099286,"flow_tot_l4_data_len":1058,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00822{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1586,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":10,"flow_first_seen":1490976088937,"flow_last_seen":1490976099286,"flow_tot_l4_data_len":1058,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00492{"flow_id":89,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1587,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976099,"pkt_ts_usec":286477,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABddRBAAOcGKr00XuiGrBAq2AG7so\/BFRUPiAxdJFAYf\/h2aQAAFgMBADCdGcwOIl710sxEJNcOJTZXD3j+sWleBy0Peiv+xTQTfEXF8gc2Rm1CibUI7TEm3B8="} 00416{"flow_id":89,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1588,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976099,"pkt_ts_usec":287456,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoPUBAAEAGCcOsECrYNF7ohrKPAbuIDF0kwRUVD1AQAVdLEAAA"} 00416{"flow_id":89,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976099,"pkt_ts_usec":287756,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoPUFAAEAGCcKsECrYNF7ohrKPAbuIDF0kwRUVRFAQAVdK2wAA"} @@ -1379,19 +1379,19 @@ 00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1675,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":4,"flow_first_seen":1490976107455,"flow_last_seen":1490976107514,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":20,"flow_max_l4_data_len":231,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 02385{"flow_id":106,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1678,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":577729,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXctZBAAOcGrLY27x39rBAq2AG7n5aOPa1sI6CFn1AYf\/lqiQAAFgMBCoICAABGAwFY3n1rOIW7oNSRBaCm8PAUHRKCqVhTjWcV2wM8OxfDZCDjl57+rOdpHXFgnzLflMNz4qaHfY\/vFo0YS4Pak7BlqwAvAAsACjAACi0ABOswggTnMIIDz6ADAgECAhA0Qbe7gak5NwZ8R7riI\/gSMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTYwNTE0MDAwMDAwWhcNMTcwNTE1MjM1OTU5WjBxMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEgMB4GA1UEAwwXc2tpbGxzLXN0b3JlLmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Ae\/8bgpr5OT5\/RUtaQE+q8wE+dsD8nkwfLZqRQzjHJjtegSGks2UzorWQFjWLtG+i256c+CUJ1vhl+EHtTJZ4pFArm7qohc9RDPXtDwDQu18ZpRPvjmPS4TSA8nOK8r9xaX32HNCvTyderUUV1a0NNUIFpK+6LcIjbyGcyCaP\/FJoXT9nbIop+WM\/EKfFsl1CZWkXMot1hRn5sGz2p1s6jZXPOZOTnhZn+CIRXXyMbeIbCppJEhu1Mh3xOBhHGaQTS5iR+rFBoS27FGONZDnloMZn3fHoaN7SAvLzGU4FtqSO4B4tBauIUyFzQYO6iaZJD\/vbuhgO0BQjfmPbkX5AgMBAAGjggFsMIIBaDAiBgNVHREEGzAZghdza2lsbHMtc3RvcmUuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAMJuWvUYLSQ3sYCoWOsBqYtkf\/ko1GhTo5gNupiDsn+IgyuHoy4nKuZaSrYNFgoeo2FjedkWNhnFLW30u+UlkI\/WsY5Q52jq4whsQvbJG8+DPpZIdtc6nvl4qPL3EtlOXDVH4Kri+qlwwzdfFhWM3czMmLnBvlCUNq4JBqrvhmA3KF9qj7Wjwy5JVCsia2zuN\/X0zGerui2uwu5O4+4yVRP80x8mfsnUXusXD+hsYHeDwkYPFSKl6XIXtq3usyX8YcpYtOhR\/uF6aqIHWpFwE2\/CT3GQYiDmcFGlMFD5rvfyShw16+6g6q790O1FZfOvT39+SOIypcukxZXDU05O5RwAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHI="} 02084{"flow_id":106,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1679,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":577887,"pkt_caplen":1289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1289,"pkt_l4_len":1255,"pkt":"ePiC0\/vCAMDKkVoBCABFAAT7tZJAAOcGrZU27x39rBAq2AG7n5aOPbMgI6CFn1AYf\/kOBQAAdXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM0MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zAfBgNVHSMEGDAWgBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQsFAAOCAQEAXpRWSd2OLWX1wTZRtgPj2p5zGfIfWatYfmwmBSz6gddcIxciLDeT94bsheawo\/0f4jKoRW\/h2fu5r9JwoDJCZb+E\/hYqjz\/Fptajk31D6XQhkTUo9GPpLu339Vx\/S5q1IOkKveBFEAwUlJpdpeNLkegkm0ZAZfQics2Z+IgR9fN\/5jOC5qjFfv7QCOIlWAhxaObNouYU3k5SJC395XkTU+deLy1NG21AFVIr94eJeBKBbtlNqi141MIsPQhfh5GeHw6w3jBSZIaJqp1mnA52DIDydNgq+Lg6ztfWDxG+a6sU9b1BoCJjifG6D28pY2YtP6yMcsX7x+TUD\/I7T4wpxw4AAAA="} -01181{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1679,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":6,"flow_first_seen":1490976107365,"flow_last_seen":1490976107577,"flow_tot_l4_data_len":3054,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":509,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}} +01148{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1679,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":6,"flow_first_seen":1490976107365,"flow_last_seen":1490976107577,"flow_tot_l4_data_len":3054,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":509,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}} 00417{"flow_id":106,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1680,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":580608,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7I5AAEAGIm2sECrYNu8d\/Z+WAbsjoIWfjj2zIFAQAWL2rgAA"} 00417{"flow_id":106,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1681,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":580911,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7I9AAEAGImysECrYNu8d\/Z+WAbsjoIWfjj2381AQAW3x0AAA"} 00862{"flow_id":106,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1682,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":582777,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"AMDKkaPvePiC0\/vCCABFAAFu7JBAAEAGISWsECrYNu8d\/Z+WAbsjoIWfjj2381AYAW2XcwAAFgMBAQYQAAECAQBgoQADUI8019hRClpG8zqavggjSqMJh7eOjSLDTeMMyPvb9gR2fCggHaiZWDb+8wp2t1P0M5XFtoxDe85MN4jDf17P1MiAf9d6Xah\/LPbfMQAHcSE2qLFNz1gGoY\/fXDToKxM9QOmhoV4M5qYgmQKtyBsuJShKB1nJIxbjcjq2XTpTF8pFEC5B\/4p5JqQl\/hR8Ta+DfaT\/79nuUXnsk1M7g5uzcd6iKOM+dwf5+QPZYdHJeizij6VY4Ov66AHOLj7UOzcq0VFClVCC4Sci2dFLTKBFHdJBbZfFrWLN7TSHsiOi7z43rRsZ0mF5vrh1eGZpXPTvv\/+2RwXIkLw9eqFJFAMBAAEBFgMBADCVQH9tHiBs52blypWy+sd+wRGDedbbtpVn3c+iTkU5SozGomy8Ul3dMW4VPX+6gUQ="} 00416{"flow_id":101,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":604245,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoEglAAEAGAjasECrYNu8YuoUZAbtS0XeSdXvoNlARAVfZAAAA"} 02384{"flow_id":105,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":622009,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXceiNAAOcG6CM27x39rBAq2AG7n5UJgL2alioN7FAYf\/kCtwAAFgMBCoICAABGAwFY3n1rpjCd4gua8GAnC04JFSskbFWWAA6z2HQGVr9B9iDAfW4EfsMQSa+tstNwiZkUQ2AHrzt9OdfZI4dRl7BlqwAvAAsACjAACi0ABOswggTnMIIDz6ADAgECAhA0Qbe7gak5NwZ8R7riI\/gSMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTYwNTE0MDAwMDAwWhcNMTcwNTE1MjM1OTU5WjBxMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEgMB4GA1UEAwwXc2tpbGxzLXN0b3JlLmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Ae\/8bgpr5OT5\/RUtaQE+q8wE+dsD8nkwfLZqRQzjHJjtegSGks2UzorWQFjWLtG+i256c+CUJ1vhl+EHtTJZ4pFArm7qohc9RDPXtDwDQu18ZpRPvjmPS4TSA8nOK8r9xaX32HNCvTyderUUV1a0NNUIFpK+6LcIjbyGcyCaP\/FJoXT9nbIop+WM\/EKfFsl1CZWkXMot1hRn5sGz2p1s6jZXPOZOTnhZn+CIRXXyMbeIbCppJEhu1Mh3xOBhHGaQTS5iR+rFBoS27FGONZDnloMZn3fHoaN7SAvLzGU4FtqSO4B4tBauIUyFzQYO6iaZJD\/vbuhgO0BQjfmPbkX5AgMBAAGjggFsMIIBaDAiBgNVHREEGzAZghdza2lsbHMtc3RvcmUuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAMJuWvUYLSQ3sYCoWOsBqYtkf\/ko1GhTo5gNupiDsn+IgyuHoy4nKuZaSrYNFgoeo2FjedkWNhnFLW30u+UlkI\/WsY5Q52jq4whsQvbJG8+DPpZIdtc6nvl4qPL3EtlOXDVH4Kri+qlwwzdfFhWM3czMmLnBvlCUNq4JBqrvhmA3KF9qj7Wjwy5JVCsia2zuN\/X0zGerui2uwu5O4+4yVRP80x8mfsnUXusXD+hsYHeDwkYPFSKl6XIXtq3usyX8YcpYtOhR\/uF6aqIHWpFwE2\/CT3GQYiDmcFGlMFD5rvfyShw16+6g6q790O1FZfOvT39+SOIypcukxZXDU05O5RwAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHI="} 02084{"flow_id":105,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1689,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":622246,"pkt_caplen":1289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1289,"pkt_l4_len":1255,"pkt":"ePiC0\/vCAMDKkVoBCABFAAT7eiVAAOcG6QI27x39rBAq2AG7n5UJgMNOlioN7FAYf\/mHvgAAdXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM0MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zAfBgNVHSMEGDAWgBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQsFAAOCAQEAXpRWSd2OLWX1wTZRtgPj2p5zGfIfWatYfmwmBSz6gddcIxciLDeT94bsheawo\/0f4jKoRW\/h2fu5r9JwoDJCZb+E\/hYqjz\/Fptajk31D6XQhkTUo9GPpLu339Vx\/S5q1IOkKveBFEAwUlJpdpeNLkegkm0ZAZfQics2Z+IgR9fN\/5jOC5qjFfv7QCOIlWAhxaObNouYU3k5SJC395XkTU+deLy1NG21AFVIr94eJeBKBbtlNqi141MIsPQhfh5GeHw6w3jBSZIaJqp1mnA52DIDydNgq+Lg6ztfWDxG+a6sU9b1BoCJjifG6D28pY2YtP6yMcsX7x+TUD\/I7T4wpxw4AAAA="} -01181{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1689,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":6,"flow_first_seen":1490976107365,"flow_last_seen":1490976107622,"flow_tot_l4_data_len":3054,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":509,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}} +01148{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1689,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":6,"flow_first_seen":1490976107365,"flow_last_seen":1490976107622,"flow_tot_l4_data_len":3054,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":509,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}} 00417{"flow_id":105,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1690,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":623617,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZVtAAEAGqaCsECrYNu8d\/Z+VAbuWKg3sCYDDTlAQAWJwaAAA"} 00417{"flow_id":105,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":623865,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZVxAAEAGqZ+sECrYNu8d\/Z+VAbuWKg3sCYDIIVAQAW1rigAA"} 02384{"flow_id":108,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1692,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":625210,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXczPJAAOcGlVQ27x39rBAq2AG7n5iFQQi9Vi4W1FAYf\/lWXQAAFgMBCoICAABGAwFY3n1rqVW5nc7pK0t8Q96UIvIibG3NJ3jfQ0jSHhJUvSBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAvAAsACjAACi0ABOswggTnMIIDz6ADAgECAhA0Qbe7gak5NwZ8R7riI\/gSMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTYwNTE0MDAwMDAwWhcNMTcwNTE1MjM1OTU5WjBxMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEgMB4GA1UEAwwXc2tpbGxzLXN0b3JlLmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Ae\/8bgpr5OT5\/RUtaQE+q8wE+dsD8nkwfLZqRQzjHJjtegSGks2UzorWQFjWLtG+i256c+CUJ1vhl+EHtTJZ4pFArm7qohc9RDPXtDwDQu18ZpRPvjmPS4TSA8nOK8r9xaX32HNCvTyderUUV1a0NNUIFpK+6LcIjbyGcyCaP\/FJoXT9nbIop+WM\/EKfFsl1CZWkXMot1hRn5sGz2p1s6jZXPOZOTnhZn+CIRXXyMbeIbCppJEhu1Mh3xOBhHGaQTS5iR+rFBoS27FGONZDnloMZn3fHoaN7SAvLzGU4FtqSO4B4tBauIUyFzQYO6iaZJD\/vbuhgO0BQjfmPbkX5AgMBAAGjggFsMIIBaDAiBgNVHREEGzAZghdza2lsbHMtc3RvcmUuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAMJuWvUYLSQ3sYCoWOsBqYtkf\/ko1GhTo5gNupiDsn+IgyuHoy4nKuZaSrYNFgoeo2FjedkWNhnFLW30u+UlkI\/WsY5Q52jq4whsQvbJG8+DPpZIdtc6nvl4qPL3EtlOXDVH4Kri+qlwwzdfFhWM3czMmLnBvlCUNq4JBqrvhmA3KF9qj7Wjwy5JVCsia2zuN\/X0zGerui2uwu5O4+4yVRP80x8mfsnUXusXD+hsYHeDwkYPFSKl6XIXtq3usyX8YcpYtOhR\/uF6aqIHWpFwE2\/CT3GQYiDmcFGlMFD5rvfyShw16+6g6q790O1FZfOvT39+SOIypcukxZXDU05O5RwAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHI="} 02084{"flow_id":108,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1693,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":625580,"pkt_caplen":1289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1289,"pkt_l4_len":1255,"pkt":"ePiC0\/vCAMDKkVoBCABFAAT7zPRAAOcGljM27x39rBAq2AG7n5iFQQ5xVi4W1FAYf\/n36wAAdXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM0MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zAfBgNVHSMEGDAWgBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQsFAAOCAQEAXpRWSd2OLWX1wTZRtgPj2p5zGfIfWatYfmwmBSz6gddcIxciLDeT94bsheawo\/0f4jKoRW\/h2fu5r9JwoDJCZb+E\/hYqjz\/Fptajk31D6XQhkTUo9GPpLu339Vx\/S5q1IOkKveBFEAwUlJpdpeNLkegkm0ZAZfQics2Z+IgR9fN\/5jOC5qjFfv7QCOIlWAhxaObNouYU3k5SJC395XkTU+deLy1NG21AFVIr94eJeBKBbtlNqi141MIsPQhfh5GeHw6w3jBSZIaJqp1mnA52DIDydNgq+Lg6ztfWDxG+a6sU9b1BoCJjifG6D28pY2YtP6yMcsX7x+TUD\/I7T4wpxw4AAAA="} -01181{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1693,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":6,"flow_first_seen":1490976107455,"flow_last_seen":1490976107625,"flow_tot_l4_data_len":3054,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":509,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}} +01148{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1693,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":6,"flow_first_seen":1490976107455,"flow_last_seen":1490976107625,"flow_tot_l4_data_len":3054,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":509,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}} 00862{"flow_id":105,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1694,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":626736,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"AMDKkaPvePiC0\/vCCABFAAFuZV1AAEAGqFisECrYNu8d\/Z+VAbuWKg3sCYDIIVAYAW3V5QAAFgMBAQYQAAECAQAtXeLsNhsR6NA9m3kjRTlfhpGgrkMpJN08rID+yiecaTfTAu70h4pmc06r9DKnkVa5XH2N72Q1bbLK6kMy30JtaG\/\/18QIgZ8D67\/ce3x5oLpJhTB59KB3gjMH26APuw+uh9\/n6Fgwp9b6+zHTpPHfpdhUnecUMkSjpjuLYfnuP7Gm7z3NInT5\/tCLc1FclEXGyH3w8TmvGdEiJZ3Q8hfpiVEL\/N5jylA3ne4xBKXhHVdqpSnmOOex2fbqiqNL8mUax5GxxJeSrC31YXk6MLxZX2TBLBnWu1jdIGrRPs0J5pEOn+uK0s6U2aPy33bDeHu5qnDbmngyVDgVcf4zxeUYFAMBAAEBFgMBADDGAqxhW7CnKayC70qvsCL27nFlPdk2sK0FQx+MWL6McKvv5cbP29rh0+Ii6GuMMTU="} 00417{"flow_id":108,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1695,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":627008,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofkxAAEAGkK+sECrYNu8d\/Z+YAbtWLhbUhUEOcVAQAWLglQAA"} 00417{"flow_id":108,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1696,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":627156,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofk1AAEAGkK6sECrYNu8d\/Z+YAbtWLhbUhUETRFAQAW3btwAA"} @@ -1458,20 +1458,20 @@ 00739{"flow_id":114,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1878,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":67054,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXCnRAAEAGO6CsECrYNF7ohrKkAbvN5GFIckqrkVAYAVfgTwAAFgMBAOoBAADmAwOHALGigIjvApxLIe0mGRpTgcLEUyJobZ3dCQZJexl6RCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgiorMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9uroAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACAoKAB0AFwAYqqoAAQA="} 00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1878,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_packet_id":4,"flow_first_seen":1490976114940,"flow_last_seen":1490976115067,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00537{"flow_id":111,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1879,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":189981,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9YoNAAOcGPSo0XuiGrBAq2AG7sqGNgYNYyBybc1AYf\/ijGAAAFgMBAEoCAABGAwFY3n1zINgI1Vy\/FXdUMuPvUGDLWthjR2H7WINeUtzlBCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00853{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1879,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":5,"flow_first_seen":1490976114894,"flow_last_seen":1490976115189,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1879,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":5,"flow_first_seen":1490976114894,"flow_last_seen":1490976115189,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00416{"flow_id":111,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1880,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":193519,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8bVAAEAGVU2sECrYNF7ohrKhAbvIHJtzjYGDrVAQAVeRlAAA"} 00493{"flow_id":111,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1881,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":199998,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdYrtAAOcGPRI0XuiGrBAq2AG7sqGNgYOtyBybc1AYf\/hN2gAAFgMBADB7pB5S47sHi48VnW8WLmVWafa\/K61NUo6qUxUYWxLiw8b1Kbg\/Xg03sM0eHRceYao="} 00536{"flow_id":112,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1882,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":200136,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9ReVAAOcGWcg0XuiGrBAq2AG7sqKEfV0Oeu3ygFAYf\/ig1AAAFgMBAEoCAABGAwFY3n1zJme6pFAslczvpX19TcUFgg3DbLK17SjfiEEQUyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00853{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1882,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":5,"flow_first_seen":1490976114906,"flow_last_seen":1490976115200,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1882,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":5,"flow_first_seen":1490976114906,"flow_last_seen":1490976115200,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00538{"flow_id":110,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1883,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":200184,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9RCRAAOcGW4k0XuiGrBAq2AG7sqDRCzciLZ\/RUlAYf\/gsyQAAFgMBAEoCAABGAwFY3n1zE6Tufw7kJSJXbVavRo\/6lNuOwDxaW+i7VIwIKCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00853{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1883,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":5,"flow_first_seen":1490976114885,"flow_last_seen":1490976115200,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1883,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":5,"flow_first_seen":1490976114885,"flow_last_seen":1490976115200,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00537{"flow_id":113,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1884,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":200219,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9RepAAOcGWcM0XuiGrBAq2AG7sqOllKPTjLiI71AYf\/jGMAAAFgMBAEoCAABGAwFY3n1zTn6J09aDxTBb8TVltBdGJeEW\/LDcikVqGAruryCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00853{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1884,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":5,"flow_first_seen":1490976114921,"flow_last_seen":1490976115200,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1884,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":5,"flow_first_seen":1490976114921,"flow_last_seen":1490976115200,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00493{"flow_id":110,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1885,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":200250,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdRCtAAOcGW6I0XuiGrBAq2AG7sqDRCzd3LZ\/RUlAYf\/hkXgAAFgMBADA37z1MUXYPCTkZzIkxPt0L62IG2JW4lQJa+PyuDrDQ9\/jP2tysOn1Oi765In4eobE="} 00491{"flow_id":113,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1886,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":200304,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdRftAAOcGWdI0XuiGrBAq2AG7sqOllKQojLiI71AYf\/jinwAAFgMBADBGgL8CbH+FphIn8Kw58CgcI1Hvy02Rc+ye4fIk9uZ91iGdsMyT+csUtTaAtdZ19js="} 00493{"flow_id":112,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1887,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":200423,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdRflAAOcGWdQ0XuiGrBAq2AG7sqKEfV1jeu3ygFAYf\/j04AAAFgMBADCZonBElb76M9e\/It2\/9+kwjK0rFBwkaSlpXnXJXqaRCCgerN1nZkwFif0azWrVX28="} 00537{"flow_id":114,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":201662,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB95rdAAOcGuPU0XuiGrBAq2AG7sqRySquRzeRiN1AYf\/gEdwAAFgMBAEoCAABGAwFY3n1z\/bQjY2ZjlLbA3DZTa+cwMTsfQ+lvAGzSBsvFwiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00853{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1888,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_packet_id":5,"flow_first_seen":1490976114940,"flow_last_seen":1490976115201,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1888,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_packet_id":5,"flow_first_seen":1490976114940,"flow_last_seen":1490976115201,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00493{"flow_id":114,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1889,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":201740,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABd5rpAAOcGuRI0XuiGrBAq2AG7sqRySqvmzeRiN1AYf\/gjVwAAFgMBADCY3eZagvXQQKtaOKvRqqxwqtoI6Fa+4RdiQI2sH3uhs\/j8UwHK3sEOkR\/OASIyoEo="} 00416{"flow_id":111,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1890,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":202589,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8bZAAEAGVUysECrYNF7ohrKhAbvIHJtzjYGD4lAQAVeRXwAA"} 00416{"flow_id":112,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":202863,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAomqVAAEAGrF2sECrYNF7ohrKiAbt67fKAhH1dY1AQAVe3AwAA"} @@ -1568,7 +1568,7 @@ 00745{"flow_id":118,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2004,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976130,"pkt_ts_usec":310007,"pkt_caplen":297,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":297,"pkt_l4_len":263,"pkt":"AMDKkaPvePiC0\/vCCABFAAEbj59AAEAGfmmsECrYNu8d\/Z+gAbt6Gf6EzmSKlVAYAVfa4QAAFgMBAO4BAADqAwN0b1XxRD1+7q81PZEt7s8JLjF+zs7TJetZZPnvHETq+SBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACBWloAAP8BAAEAAAAAHAAaAAAXc2tpbGxzLXN0b3JlLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAhqagAdABcAGPr6AAEA"} 00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2004,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_packet_id":4,"flow_first_seen":1490976130073,"flow_last_seen":1490976130310,"flow_tot_l4_data_len":351,"flow_min_l4_data_len":20,"flow_max_l4_data_len":263,"flow_avg_l4_data_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00538{"flow_id":118,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2005,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976130,"pkt_ts_usec":469888,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9z7BAAOcGl\/U27x39rBAq2AG7n6DOZIqVehn\/d1AYf\/hZrQAAFgMBAEoCAABGAwFY3n2ChqENgB5ulodafVGXSlcQ1mED7PxYBMV1H121KiBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAvABQDAQABAQ=="} -00857{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2005,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_packet_id":5,"flow_first_seen":1490976130073,"flow_last_seen":1490976130469,"flow_tot_l4_data_len":456,"flow_min_l4_data_len":20,"flow_max_l4_data_len":263,"flow_avg_l4_data_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00824{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2005,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_packet_id":5,"flow_first_seen":1490976130073,"flow_last_seen":1490976130469,"flow_tot_l4_data_len":456,"flow_min_l4_data_len":20,"flow_max_l4_data_len":263,"flow_avg_l4_data_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00494{"flow_id":118,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2006,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976130,"pkt_ts_usec":470026,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdz9VAAOcGl\/A27x39rBAq2AG7n6DOZIrqehn\/d1AYf\/jOuwAAFgMBADBr7rcoma6yI9u+hwZHRhABfiFPvPkpGdxK57qKeW\/S079grGg18giIHqTY7wSdzXU="} 00417{"flow_id":118,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2007,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976130,"pkt_ts_usec":472574,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoj6BAAEAGf1usECrYNu8d\/Z+gAbt6Gf93zmSK6lAQAVcObQAA"} 00417{"flow_id":118,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2008,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976130,"pkt_ts_usec":472863,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoj6FAAEAGf1qsECrYNu8d\/Z+gAbt6Gf93zmSLH1AQAVcOOAAA"} @@ -1694,7 +1694,7 @@ 00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2239,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":4,"flow_first_seen":1490976136930,"flow_last_seen":1490976137044,"flow_tot_l4_data_len":351,"flow_min_l4_data_len":20,"flow_max_l4_data_len":263,"flow_avg_l4_data_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00425{"flow_id":126,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2240,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976137,"pkt_ts_usec":221949,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAotQJAAOcGsvg27x39rBAq2AG7n6dEArKjmW8eXlAQf\/i0MQAAAAAAAAAA"} 00536{"flow_id":126,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2241,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976137,"pkt_ts_usec":222092,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9tQVAAOcGsqA27x39rBAq2AG7n6dEArKjmW8eXlAYf\/gwgQAAFgMBAEoCAABGAwFY3n2J10RhgC68733hZUmscGmdgG8JZVPQEuz4sMP7eSBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAvABQDAQABAQ=="} -00857{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2241,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":6,"flow_first_seen":1490976136930,"flow_last_seen":1490976137222,"flow_tot_l4_data_len":476,"flow_min_l4_data_len":20,"flow_max_l4_data_len":263,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00824{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2241,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":6,"flow_first_seen":1490976136930,"flow_last_seen":1490976137222,"flow_tot_l4_data_len":476,"flow_min_l4_data_len":20,"flow_max_l4_data_len":263,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00491{"flow_id":126,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2242,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976137,"pkt_ts_usec":222137,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdtQdAAOcGsr427x39rBAq2AG7n6dEArL4mW8eXlAYf\/im5AAAFgMBADCNB31WBPLwXL3aVlGdUkiEHXV16hNw+LYmC2gi25gCR793y4LyHNgldd5fo2sWHKw="} 00417{"flow_id":126,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2243,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976137,"pkt_ts_usec":224105,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobqRAAEAGoFesECrYNu8d\/Z+nAbuZbx5eRAKy+FAQAVcyfgAA"} 00417{"flow_id":126,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2244,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976137,"pkt_ts_usec":227018,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobqVAAEAGoFasECrYNu8d\/Z+nAbuZbx5eRAKzLVAQAVcySQAA"} @@ -1821,7 +1821,7 @@ 00747{"flow_id":133,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2483,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976142,"pkt_ts_usec":698502,"pkt_caplen":297,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":297,"pkt_l4_len":263,"pkt":"AMDKkaPvePiC0\/vCCABFAAEbSjBAAEAGw9isECrYNu8d\/Z+uAbuBOjwsoFMq+FAYAVc4xwAAFgMBAO4BAADqAwNiqd1S7MhG5wB\/dT8PiLwUoMSITVffXbD1xI\/bdNzIUCBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAgamrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACB2toAAP8BAAEAAAAAHAAaAAAXc2tpbGxzLXN0b3JlLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAiqqgAdABcAGFpaAAEA"} 00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2483,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":4,"flow_first_seen":1490976142629,"flow_last_seen":1490976142698,"flow_tot_l4_data_len":351,"flow_min_l4_data_len":20,"flow_max_l4_data_len":263,"flow_avg_l4_data_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00536{"flow_id":133,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2484,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976142,"pkt_ts_usec":816463,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB91YZAAOcGkh827x39rBAq2AG7n66gUyr4gTo9H1AYf\/i1wAAAFgMBAEoCAABGAwFY3n2Obh+Ev43oa4t9qN6MX4wxb9ryi9I8T8yVK9XgOCBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAvABQDAQABAQ=="} -00857{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2484,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":5,"flow_first_seen":1490976142629,"flow_last_seen":1490976142816,"flow_tot_l4_data_len":456,"flow_min_l4_data_len":20,"flow_max_l4_data_len":263,"flow_avg_l4_data_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00824{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2484,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":5,"flow_first_seen":1490976142629,"flow_last_seen":1490976142816,"flow_tot_l4_data_len":456,"flow_min_l4_data_len":20,"flow_max_l4_data_len":263,"flow_avg_l4_data_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00492{"flow_id":133,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2485,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976142,"pkt_ts_usec":816600,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABd1YhAAOcGkj027x39rBAq2AG7n66gUytNgTo9H1AYf\/jqaAAAFgMBADAoR\/0TYnF80ADW+lgTaaOlzX3uxl5lxwxGronRv9lj8fc8AZpVx2yvoPs4v43USu0="} 00606{"flow_id":133,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2486,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976142,"pkt_ts_usec":816742,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"ePiC0\/vCAMDKkVoBCABFAACy1YZAAOcGkeo27x39rBAq2AG7n66gUyr4gTo9H1AYf\/i3nQAAFgMBAEoCAABGAwFY3n2Obh+Ev43oa4t9qN6MX4wxb9ryi9I8T8yVK9XgOCBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAvABQDAQABARYDAQAwKEf9E2JxfNAA1vpYE2mjpc197sZeZccMRq6J0b\/ZY\/H3PAGaVcdsr6D7OL+N1Ert"} 00417{"flow_id":133,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2487,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976142,"pkt_ts_usec":818304,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoSjFAAEAGxMqsECrYNu8d\/Z+uAbuBOj0foFMrTVAQAVdXRQAA"} @@ -1841,7 +1841,7 @@ 00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2509,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":4,"flow_first_seen":1490976150029,"flow_last_seen":1490976150127,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00425{"flow_id":134,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2510,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976150,"pkt_ts_usec":196553,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAokKxAAOcGD1Y0XuiGrBAq2AG7sra0EJrDzlCUvlAQf\/jVuQAAAAAAAAAA"} 00538{"flow_id":134,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2511,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976150,"pkt_ts_usec":196755,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9kK5AAOcGDv80XuiGrBAq2AG7sra0EJrDzlCUvlAYf\/ioFQAAFgMBAEoCAABGAwFY3n2WsKEO5j\/+XQ3InBz8BmJWU6tqL8GGvPxEhHBE0SB4kgfiZLrEZoIvfOT\/tQMGZLL4w9FhfVsGJHEZL4q82wAvABQDAQABAQ=="} -00853{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":6,"flow_first_seen":1490976150029,"flow_last_seen":1490976150196,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":6,"flow_first_seen":1490976150029,"flow_last_seen":1490976150196,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00491{"flow_id":134,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2512,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976150,"pkt_ts_usec":196807,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdkLBAAOcGDx00XuiGrBAq2AG7sra0EJsYzlCUvlAYf\/g0tAAAFgMBADASYFDIqpzI2dQ4RB9g2j6Kixqtu5sqtDIGdUVHpCxbAK9w8U0NNpbUWqlnRm3UmlM="} 00416{"flow_id":134,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2513,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976150,"pkt_ts_usec":197780,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo6ypAAEAGW9isECrYNF7ohrK2AbvOUJS+tBCbGFAQAVdUBgAA"} 00416{"flow_id":134,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2514,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976150,"pkt_ts_usec":198368,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo6ytAAEAGW9esECrYNF7ohrK2AbvOUJS+tBCbTVAQAVdT0QAA"} @@ -1868,7 +1868,7 @@ 00743{"flow_id":135,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2534,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976158,"pkt_ts_usec":842060,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX\/opAAEAGR4msECrYNF7ohrK3Abt2joLEmDOqGlAYAVepYwAAFgMBAOoBAADmAwPtGRNrH\/FF66PH1PCooAX1Dd1\/3OeWvWeSDYxuFGcUDiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAg6urMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9GhoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACBoaAB0AFwAYamoAAQA="} 00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2534,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_packet_id":4,"flow_first_seen":1490976158680,"flow_last_seen":1490976158842,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00536{"flow_id":135,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2535,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976159,"pkt_ts_usec":147892,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9ZJ1AAOcGOxA0XuiGrBAq2AG7sreYM6oado6Ds1AYf\/jWEQAAFgMBAEoCAABGAwFY3n2ejsBVJxuO9LpSs5v2aSzauuFSRGgpga0DGSdUzyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00853{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2535,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_packet_id":5,"flow_first_seen":1490976158680,"flow_last_seen":1490976159147,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2535,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_packet_id":5,"flow_first_seen":1490976158680,"flow_last_seen":1490976159147,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00491{"flow_id":135,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2536,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976159,"pkt_ts_usec":147966,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdZKJAAOcGOys0XuiGrBAq2AG7sreYM6pvdo6Ds1AYf\/glEQAAFgMBADBQGcC5qybAnI9iGstyBUWJgNk+lZDudarUeJSYsOnfkMQBIsPOKnH1wiFJDU8PRtQ="} 00417{"flow_id":135,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2537,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976159,"pkt_ts_usec":499843,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo\/otAAEAGSHesECrYNF7ohrK3Abt2joOzmDOqb1AQAVfJWAAA"} 00417{"flow_id":135,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2538,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976159,"pkt_ts_usec":501227,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo\/oxAAEAGSHasECrYNF7ohrK3Abt2joOzmDOqpFAQAVfJIwAA"} @@ -1922,7 +1922,7 @@ 00740{"flow_id":138,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2579,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976169,"pkt_ts_usec":731050,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXanZAAEAG252sECrYNF7ohrK4AbvvmurzcBF5W1AYAVfzhwAAFgMBAOoBAADmAwNQGProSMl78hAUDaTmTX5yUTx4scZiFRjHHV08S9IO6yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgWlrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9+voAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACBoaAB0AFwAY6uoAAQA="} 00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2579,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_packet_id":4,"flow_first_seen":1490976169531,"flow_last_seen":1490976169731,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00536{"flow_id":138,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2580,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976169,"pkt_ts_usec":888180,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9eExAAOcGJ2E0XuiGrBAq2AG7srhwEXlb75rr4lAYf\/iM1wAAFgMBAEoCAABGAwFY3n2pJltIvltxhfK2SiAqZURuo+oby5xQQ9okKpdqHCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -00853{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2580,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_packet_id":5,"flow_first_seen":1490976169531,"flow_last_seen":1490976169888,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} +00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2580,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_packet_id":5,"flow_first_seen":1490976169531,"flow_last_seen":1490976169888,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 00491{"flow_id":138,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2581,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976169,"pkt_ts_usec":888318,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdeE5AAOcGJ380XuiGrBAq2AG7srhwEXmw75rr4lAYf\/h6LgAAFgMBADBQVkNT4uaaSSAglKmvPunGJayO3SHtKYOmCtH54SGOEkJf3Z9dbCNljTNT8klD2+o="} 00417{"flow_id":138,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2582,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976169,"pkt_ts_usec":889444,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoandAAEAG3IusECrYNF7ohrK4AbvvmuvicBF5sFAQAVdA\/QAA"} 00416{"flow_id":138,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2583,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976169,"pkt_ts_usec":889719,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoanhAAEAG3IqsECrYNF7ohrK4AbvvmuvicBF55VAQAVdAyAAA"} @@ -1970,11 +1970,11 @@ 02382{"flow_id":140,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2626,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":410580,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcHZxAAOcGRfY27xyyrBAq2AG7xmzGEdgq79URwFAYf\/krDwAAFgMBDLwCAABGAwFY3n2xoE\/i6JhK5Md85LDgTL+hjMKOoOipyrc3Qs63NyBbMnlmo5paikbiPJoGHJv6QkaI+z+FCbdHU5bqJU8HCAAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} 02384{"flow_id":140,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2627,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":411097,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcHZ5AAOcGRfQ27xyyrBAq2AG7xmzGEd3e79URwFAYf\/nKWQAAjFI1u1wWl1G2XSDRRsDgI05xF\/R2SRNbNYayAiBoL+6shVDZBDW9cxLOAAPLGwr35RrKdMLHjy3gwdZfEgB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWZBMcTwAAAQDAEgwRgIhALW9429CqWlJmY7bsqgu877wDiK6qslUq22hmi82aGQuAiEA2sOA1mIiLp7MIPis4\/n9ebUdQVRvG4dTZRoBrrVuMJswDQYJKoZIhvcNAQELBQADggEBAGYgKBIO9j5PJS1o\/wh6NT0DbzNhpExM4s36xlh\/fdFoLOzD3MnFCJ92BlxhyyvXuoWU5uoJMfpq+5QaGibLkf7L6tpnIbnlsv4eXNCJnZsn\/YBiXZkzN8b0IMudSLmP1WtQYDl4qM4g+dti6uq\/rY1mAvLnRMTSDUWsocTd+dUcSc5G9RwVrTdrCca7zCZA+MaMWAROzv86e0RCAZWlVC3xvQC\/4FJLnaRjBmVXMbodATyrnvRkt3AgTo9sdFFTCD3TqzZ4hhKNo+3kKUQSzvXWIBA1lvWZEvNmv9bA1\/cd7RNj4GLWLyUls2RjBH8NrYvZUa7GVTRCoAo+oCutXFUABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM="} 00888{"flow_id":140,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2628,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":411170,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"ePiC0\/vCAMDKkVoBCABFAAGBHaBAAOcGSk027xyyrBAq2AG7xmzGEeOS79URwFAYf\/kfwgAANDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccOAAAA"} -01462{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2628,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976177411,"flow_tot_l4_data_len":3640,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +01429{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2628,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976177411,"flow_tot_l4_data_len":3640,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} 02385{"flow_id":141,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2629,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":411710,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcV8VAAOcGC8027xyyrBAq2AG7xm3jvKzZm8EoI1AYf\/nh\/QAAFgMBDLwCAABGAwFY3n2xaq9TiacLU53\/Dedeq5VgVwSB6e5nEATT\/X1YcSB4k7UGdAl7o2Fj7GR\/vQXOKrGMzABpKlhDsMZpJU8HCAAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} 02384{"flow_id":141,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2630,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":412289,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcV8dAAOcGC8s27xyyrBAq2AG7xm3jvLKNm8EoI1AYf\/kVsAAAjFI1u1wWl1G2XSDRRsDgI05xF\/R2SRNbNYayAiBoL+6shVDZBDW9cxLOAAPLGwr35RrKdMLHjy3gwdZfEgB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWZBMcTwAAAQDAEgwRgIhALW9429CqWlJmY7bsqgu877wDiK6qslUq22hmi82aGQuAiEA2sOA1mIiLp7MIPis4\/n9ebUdQVRvG4dTZRoBrrVuMJswDQYJKoZIhvcNAQELBQADggEBAGYgKBIO9j5PJS1o\/wh6NT0DbzNhpExM4s36xlh\/fdFoLOzD3MnFCJ92BlxhyyvXuoWU5uoJMfpq+5QaGibLkf7L6tpnIbnlsv4eXNCJnZsn\/YBiXZkzN8b0IMudSLmP1WtQYDl4qM4g+dti6uq\/rY1mAvLnRMTSDUWsocTd+dUcSc5G9RwVrTdrCca7zCZA+MaMWAROzv86e0RCAZWlVC3xvQC\/4FJLnaRjBmVXMbodATyrnvRkt3AgTo9sdFFTCD3TqzZ4hhKNo+3kKUQSzvXWIBA1lvWZEvNmv9bA1\/cd7RNj4GLWLyUls2RjBH8NrYvZUa7GVTRCoAo+oCutXFUABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM="} 00888{"flow_id":141,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2631,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":412370,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"ePiC0\/vCAMDKkVoBCABFAAGBV8lAAOcGECQ27xyyrBAq2AG7xm3jvLhBm8EoI1AYf\/lrGAAANDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccOAAAA"} -01462{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2631,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976177412,"flow_tot_l4_data_len":3640,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +01429{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2631,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976177412,"flow_tot_l4_data_len":3640,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} 00416{"flow_id":143,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2632,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":416579,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZihAAEAGqh6sECrYNu8cssZvAbuB1uWpMeRpe1AQAVe46QAA"} 00416{"flow_id":140,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2633,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":417365,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAok5FAAEAGfLWsECrYNu8cssZsAbvv1RHAxhHd3lAQAWIWOwAA"} 00416{"flow_id":140,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2634,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":417885,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAok5JAAEAGfLSsECrYNu8cssZsAbvv1RHAxhHjklAQAW0QfAAA"} @@ -1989,7 +1989,7 @@ 02382{"flow_id":143,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2642,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":551603,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXckcFAAOcG0dA27xyyrBAq2AG7xm8x5Gl7gdbmeFAYf\/ku2AAAFgMBDLwCAABGAwFY3n2xtTCgBX2XxOgCNPe4QWinehtmaqxVaZztY5JDAyCbTc\/lJnWdRZ6KEAYyDThaI+O9lRqgAB2UK+xdOk8HCAAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} 02384{"flow_id":143,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2643,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":552912,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXckcNAAOcG0c427xyyrBAq2AG7xm8x5G8vgdbmeFAYf\/lmegAAjFI1u1wWl1G2XSDRRsDgI05xF\/R2SRNbNYayAiBoL+6shVDZBDW9cxLOAAPLGwr35RrKdMLHjy3gwdZfEgB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWZBMcTwAAAQDAEgwRgIhALW9429CqWlJmY7bsqgu877wDiK6qslUq22hmi82aGQuAiEA2sOA1mIiLp7MIPis4\/n9ebUdQVRvG4dTZRoBrrVuMJswDQYJKoZIhvcNAQELBQADggEBAGYgKBIO9j5PJS1o\/wh6NT0DbzNhpExM4s36xlh\/fdFoLOzD3MnFCJ92BlxhyyvXuoWU5uoJMfpq+5QaGibLkf7L6tpnIbnlsv4eXNCJnZsn\/YBiXZkzN8b0IMudSLmP1WtQYDl4qM4g+dti6uq\/rY1mAvLnRMTSDUWsocTd+dUcSc5G9RwVrTdrCca7zCZA+MaMWAROzv86e0RCAZWlVC3xvQC\/4FJLnaRjBmVXMbodATyrnvRkt3AgTo9sdFFTCD3TqzZ4hhKNo+3kKUQSzvXWIBA1lvWZEvNmv9bA1\/cd7RNj4GLWLyUls2RjBH8NrYvZUa7GVTRCoAo+oCutXFUABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM="} 00888{"flow_id":143,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2644,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":553024,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"ePiC0\/vCAMDKkVoBCABFAAGBkcVAAOcG1ic27xyyrBAq2AG7xm8x5HTjgdbmeFAYf\/m74gAANDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccOAAAA"} -01462{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2644,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":7,"flow_first_seen":1490976177276,"flow_last_seen":1490976177553,"flow_tot_l4_data_len":3640,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +01429{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2644,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":7,"flow_first_seen":1490976177276,"flow_last_seen":1490976177553,"flow_tot_l4_data_len":3640,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} 00426{"flow_id":140,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2645,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":553064,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoGvxAAOcGTko27xyyrBAq2AG7xmzGEeTr79UTBlAQf\/SPVQAAAAAAAAAA"} 00426{"flow_id":141,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2646,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":553101,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoWO1AAOcGEFk27xyyrBAq2AG7xm3jvLmam8EpaVAQf\/TaqwAAAAAAAAAA"} 00501{"flow_id":140,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2647,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":553132,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"ePiC0\/vCAMDKkVoBCABFAABjGxpAAOcGTfE27xyyrBAq2AG7xmzGEeTr79UTBlAYf\/RPRgAAFAMBAAEBFgMBADDysS8s17Av6q29JKVleCyRBxjY2knH\/ButdO+dAcV9hFGlhuDsUlPHeA3HbJgvBIE="} @@ -2030,7 +2030,7 @@ 02382{"flow_id":145,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2685,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":550555,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcACpAAOcGY2g27xyyrBAq2AG7xnDcplSITg8B7FAYf\/kOiwAAFgMBDLwCAABGAwFY3n26REB5NKXR3I9dkWggmGDU6jpRlw5FpVJBuUrB1SCeZzFPhCqe0IawM80i0LIK\/kW95mA05nnVAtHMuFIHCAAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} 02385{"flow_id":145,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2686,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":550962,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcACxAAOcGY2Y27xyyrBAq2AG7xnDcplo8Tg8B7FAYf\/no\/QAAjFI1u1wWl1G2XSDRRsDgI05xF\/R2SRNbNYayAiBoL+6shVDZBDW9cxLOAAPLGwr35RrKdMLHjy3gwdZfEgB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWZBMcTwAAAQDAEgwRgIhALW9429CqWlJmY7bsqgu877wDiK6qslUq22hmi82aGQuAiEA2sOA1mIiLp7MIPis4\/n9ebUdQVRvG4dTZRoBrrVuMJswDQYJKoZIhvcNAQELBQADggEBAGYgKBIO9j5PJS1o\/wh6NT0DbzNhpExM4s36xlh\/fdFoLOzD3MnFCJ92BlxhyyvXuoWU5uoJMfpq+5QaGibLkf7L6tpnIbnlsv4eXNCJnZsn\/YBiXZkzN8b0IMudSLmP1WtQYDl4qM4g+dti6uq\/rY1mAvLnRMTSDUWsocTd+dUcSc5G9RwVrTdrCca7zCZA+MaMWAROzv86e0RCAZWlVC3xvQC\/4FJLnaRjBmVXMbodATyrnvRkt3AgTo9sdFFTCD3TqzZ4hhKNo+3kKUQSzvXWIBA1lvWZEvNmv9bA1\/cd7RNj4GLWLyUls2RjBH8NrYvZUa7GVTRCoAo+oCutXFUABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM="} 00889{"flow_id":145,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2687,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":551062,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"ePiC0\/vCAMDKkVoBCABFAAGBAC5AAOcGZ7827xyyrBAq2AG7xnDcpl\/wTg8B7FAYf\/k+ZgAANDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccOAAAA"} -01462{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2687,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":7,"flow_first_seen":1490976186164,"flow_last_seen":1490976186551,"flow_tot_l4_data_len":3640,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} +01429{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2687,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":7,"flow_first_seen":1490976186164,"flow_last_seen":1490976186551,"flow_tot_l4_data_len":3640,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}} 00416{"flow_id":145,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2688,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":553701,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAohh5AAEAGiiisECrYNu8cssZwAbtODwHs3KZaPFAQAWI03wAA"} 00416{"flow_id":145,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2689,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":553964,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAohh9AAEAGiiesECrYNu8cssZwAbtODwHs3KZf8FAQAW0vIAAA"} 00417{"flow_id":145,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2690,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":554095,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAohiBAAEAGiiasECrYNu8cssZwAbtODwHs3KZhSVAQAXktuwAA"} diff --git a/test/results/dtls_certificate_fragments.pcap.out b/test/results/dtls_certificate_fragments.pcap.out index 5dd6ae7aa..be6362b04 100644 --- a/test/results/dtls_certificate_fragments.pcap.out +++ b/test/results/dtls_certificate_fragments.pcap.out @@ -4,7 +4,7 @@ 00476{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606275,"pkt_ts_usec":848420,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"AAAAp2BiAAAAtzPNCABFIABM4VFAAD4RKogj0juGCrrGla2bmbMAOPKRFv7\/AAAAAAAAAAAAIwMAABcAAAAAAAAAF\/7\/FGas+MFHIUbk58MIduuc4UCKEPlD"} 00861{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606275,"pkt_ts_usec":913729,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"pkt":"AAAAp2BiAAAAtzPNCABFAAFoW6pAAD4RrzMKusaVI9I7hpmzrZsBVHbeFv7\/AAAAAAAAAAEBPwEAATMAAQAAAAABM\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAFGas+MFHIUbk58MIduuc4UCKEPlDAKDAMMAswCjAJMAUwAoApQCjAKEAnwBrAGoAaQBoADkAOAA3ADYAiACHAIYAhcAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcANwAMACgD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="} 02310{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606276,"pkt_ts_usec":35205,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"AAAAp2BiAAAAtzPNCABFIAWg4VdAAD4RJS4j0juGCrrGla2bmbMFjGwmFv7\/AAAAAAAAAAEAQgIAADYAAQAAAAAANv7\/exvJyLXWPruOHL5MK7Y1JsnEAS0AtJ+iPSn4YJ2mNsIAADUAAA7\/AQABAAAjAAAADwABARb+\/wAAAAAAAAACBSgLAAYLAAIAAAAABRwABggABgUwggYBMIID6aADAgECAgIBDjANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMCTk8xDTALBgNVBAgTBE9zbG8xDTALBgNVBAcTBE9zbG8xGzAZBgNVBAoTEk9wZXJhIFNvZnR3YXJlIEFTQTESMBAGA1UECxMJT3BlcmEgTWF4MRUwEwYDVQQDEwxPcGVyYSBNYXggQ0ExFTATBgNVBCkTDE9wZXJhIE1heCBDQTAeFw0xOTA0MjUwOTU4MDZaFw0xOTA1MjUwOTU4MDZaMHcxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIEwRPc2xvMQ0wCwYDVQQHEwRPc2xvMRswGQYDVQQKExJPcGVyYSBTb2Z0d2FyZSBBU0ExEjAQBgNVBAsTCU9wZXJhIE1heDEZMBcGA1UEAxQQKi5vcGVyYS1taW5pLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAORPM+HvV9uX\/YNDU1hkJZQiq9CpOzjLL+wmzk\/mxknC\/lzt7\/2Qg3qbyuKW5iBy3JZxaPO52oDwxIsilmeOkz4Mh8DnHyTx32hID++IiL649AXqYsGsHk8LI47iaUM6ub1Eu8MRDgFfIdgDsB\/iOYBVS6hhS44QgmBZ3WVRQHREe6jWyQtKDKooXtnRMU29d8xdLHTrujs0FtnJ437d+DiadyE+snuairyQNNrpLSNIZ\/pq6ewzal4u0NNe\/WlSiQTKqZBXXAL88GeYHTv+6w0xcxAqMiJvKS7otsvURb+7AhEr9BfD5cpFwVxi+SZQILibozwuzFJXx+cIypgIV2UCAwEAAaOCAYEwggF9MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMCsGCWCGSAGG+EIBDQQeFhxPcGVyYSBNYXggU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBToCRx51cxkoksSq+PH5Da9dPhtITCBvwYDVR0jBIG3MIG0gBSyo8s55dkAqfYHaJNGmRcwX2DgzKGBkKSBjTCBijELMAkGA1UEBhMCTk8xDTALBgNVBAgTBE9zbG8xDTALBgNVBAcTBE9zbG8xGzAZBgNVBAoTEk9wZXJhIFNvZnR3YXJlIEFTQTESMBAGA1UECxMJT3BlcmEgTWF4MRUwEwYDVQQDEwxPcGVyYSBNYXggQ0ExFTATBgNVBCkTDE9wZXJhIE1heCBDQYIJAM0pJwGa9KPrMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAtBgNVHREEJjAkghAqLnNhbXN1bmdtYXguY29tghAqLm9wZXJhLW1pbmkubmV0MA0GCSqGSIb3DQEBCwUAA4ICAQAsxMazt97mPzh89ugKFn+gchqN+8gwc\/qgCr24OgrCxlbcAuboN9GwNVyzEBLp8xf5X2uUbpzhUkNw8Da3gcOG9WRU6jbrD1WcRY6JvO0Mmn7tYOByaat2bf6co4aeqoorQ4XfH4XhjO0fNkhSxSnFd+YB1aTRfYQRZ9pIyqogmNC9mJGTFtFs6cJjs1UFLJ2Xs6n5RJMSgKdDdAS6NIKDCnhLmY29DHpiEqG4lF3or6tz0shqbW58O48+6Ff2qWryOZnPPF65AmJhRVUGil0HqRIZ9cej0+Pf1mpRxVU7o1XhXNWwazwIl8+tAnIOdpr7DJtkDNmXYyRKwOo6aEAWQeceETyNh3LwIE2unnIZhLc="} -00862{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1556606275726,"flow_last_seen":1556606276035,"flow_tot_l4_data_len":2136,"flow_min_l4_data_len":56,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":534,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} +00862{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1556606275726,"flow_last_seen":1556606276035,"flow_tot_l4_data_len":2136,"flow_min_l4_data_len":56,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":534,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} 00806{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606276,"pkt_ts_usec":35205,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"pkt":"AAAAp2BiAAAAtzPNCABFIAE94VhAAD4RKZAj0juGCrrGla2bmbMBKYUyFv7\/AAAAAAAAAAMA+wsABgsAAgAFHAAA7xmWcPJxf+syLm5kr8JFkg5FV4AlWuYVZqKRDkSXNY2wDo4JRyk7bpK3luN\/HZfToj36ViRMUxoGzOIdNQQtdLDZ9I6l5ryvVP5AVvfsfLCm9sZAxjhtLYRgCPa+oX7MDX\/1pOIA9ScqtjYO9k7rU1+EQszS6yuQBUHbzqzJDE5+Sr0FYdV0ChHOUsH5pqFWRmYkMY1kxz3WCDFqLZz3OCXgMI4dlHN4OUfYtjdlKZjojOO\/DI2VYl9JYb1bxVDvI\/jLCpX0S20qleMt33f6vetcgUgWnM2jDSMPp6PARk5VmmjgwVuZ3AbB3Md620\/oFv7\/AAAAAAAAAAQADA4AAAAAAwAAAAAAAA=="} 00919{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606276,"pkt_ts_usec":85753,"pkt_caplen":416,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":416,"pkt_l4_len":382,"pkt":"AAAAp2BiAAAAtzPNCABFAAGSW7NAAD4RrwAKusaVI9I7hpmzrZsBfv3dFv7\/AAAAAAAAAAIBDhAAAQIAAgAAAAABAgEADepD\/V3arFOYbwmKE7AyLr8Mlkxjf\/+JALcGEfko94eqwWztTmhz+5MHaC3z2G4vijVYtEU0sNUf4k4UL6wwFhc4ONU9ksZxVeWDxj085t3ouboFjrKqqf+Ez1VEasOR\/SQEHHJBKwmNh7bq+rPqD1Ue7o869xS0Ymdb4H9LtDDNAji6o60xxgjRgSC+FebqYWIv5JnGs2WkXpl3IhmfOFW6W5CEXtUG4NfVmU9IoLdnFP2SU65LWmxaCyTTqkryoC1SLTZLn+hoNIWj\/VtnnGu3nDwz0uOmfkkiYJPNH2dCcUwbCzyPYZumVNhytb8RGLPdT4cTupH4gydkV5dULhT+\/wAAAAAAAAADAAEBFv7\/AAEAAAAAAAAAQH0w1cLD04ZuwDU4bylSo4luvAkRseqvzP1gwxOBxPHlWhFGADtoMC\/32s4rqRyxoBSovKcS+f0vYtpwuRvkYq8="} 00796{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606276,"pkt_ts_usec":208505,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"pkt":"AAAAp2BiAAAAtzPNCABFIAE24VlAAD4RKZYj0juGCrrGla2bmbMBIraNFv7\/AAAAAAAAAAUAsgQAAKYABAAAAAAApgAAAAAAoBc3O+4w23k\/5z8GmKukkbjDMff5rrk7+NToU1SbJXCJnHEd6A2yutLzkCFjPTUj2iskxW+N5pGd\/HbH9Qs0cxkoOl\/FD6MeDKEPJz6HYBc7KVaNKEb2MrMrzg6NpAvMub2j0tEIcZeMLviwl0np+UKk5QdSS7sg2rNtbo06Ti5lD5dlFmfJNUs0h3c6AXI9tTgKknO+3QAfCn9pgzqxmz4U\/v8AAAAAAAAABgABARb+\/wABAAAAAAAAAEAHEaSBn03cC\/XnLHWJ0nYeygw7qpVGF+6b6MyV9BDeZlXEG1sCX1Fbw2CrpWqusRdW\/O4z5WTa6iBvyaiIiXy9"} diff --git a/test/results/ookla.pcap.out b/test/results/ookla.pcap.out index d6cd90ea9..f7b396340 100644 --- a/test/results/ookla.pcap.out +++ b/test/results/ookla.pcap.out @@ -17,10 +17,10 @@ 00909{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069109,"pkt_ts_usec":44871,"pkt_caplen":429,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":429,"pkt_l4_len":395,"pkt":"xCwDBkn+gCqojWksCABFAAGfokVAADMGtnwuLP27wKgBBwBQyAdRUNdVB0Mjm4AYAkvs+gAAAQEICn\/hcSkN3giKSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDAxIEFwciAyMDE3IDE3OjUxOjA4IEdNVA0KU2VydmVyOiBBcGFjaGUvMi4yLjIyIChVYnVudHUpDQpMYXN0LU1vZGlmaWVkOiBGcmksIDI4IEp1bCAyMDA2IDE1OjMxOjIyIEdNVA0KRVRhZzogIjYwNjMzLWEtNDE5YTYwMTJmODY4MCINCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtTGVuZ3RoOiAyOA0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTcNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbg0KDQofiwgAAAAAAAADK0ktLrEtARJcAJw9W3UKAAAA"} 00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1491069115107,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00440{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069115,"pkt_ts_usec":107460,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqojWksxCwDBkn+CABFAABAzJ5AAEAGAADAqAEHLiz9u8gPH5CtI6zKAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4f9gAAAAAEAgAA"} -00498{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1491069115107,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"Ookla","breed":"Safe","category":"Network"}} 00434{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069115,"pkt_ts_usec":144245,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBx+QyA8qkdUorSOsy6ASOJC7tQAAAgQFrAQCCAp\/4XceDd4f9gEDAwU="} 00422{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069115,"pkt_ts_usec":144357,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqojWksxCwDBkn+CABFAAA0VElAAEAGAADAqAEHLiz9u8gPH5CtI6zLKpHVKYAQECztvQAAAQEICg3eIBp\/4Xce"} 00426{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069115,"pkt_ts_usec":172347,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"gCqojWksxCwDBkn+CABFAAA3225AAEAGAADAqAEHLiz9u8gPH5CtI6zLKpHVKYAYECztwAAAAQEICg3eIDZ\/4XceSEkK"} +00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1491069115107,"flow_last_seen":1491069115172,"flow_tot_l4_data_len":151,"flow_min_l4_data_len":32,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"Ookla","breed":"Safe","category":"Network"}} 00422{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069115,"pkt_ts_usec":208262,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+gCqojWksCABFAAA0og9AADMGuB0uLP27wKgBBx+QyA8qkdUprSOszoAQAcUg8AAAAQEICn\/hdy4N3iA2"} 00473{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069115,"pkt_ts_usec":208334,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"xCwDBkn+gCqojWksCABFAABWohBAADMGt\/ouLP27wKgBBx+QyA8qkdUprSOszoAYAcVNWwAAAQEICn\/hdy4N3iA2SEVMTE8gMi40IDIwMTYtMTAtMDYuMTMyNC45OTZhYjkxCg=="} 00422{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069115,"pkt_ts_usec":208406,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqojWksxCwDBkn+CABFAAA02dFAAEAGAADAqAEHLiz9u8gPH5CtI6zOKpHVS4AQECrtvQAAAQEICg3eIFp\/4Xcu"} diff --git a/test/results/teams.pcap.out b/test/results/teams.pcap.out index a8c89262c..33cdc18f4 100644 --- a/test/results/teams.pcap.out +++ b/test/results/teams.pcap.out @@ -712,9 +712,9 @@ 00155{"basic_event_id":5,"basic_event_name":"Unknown Ethernet packet type","thread_id":0,"packet_id":2316,"source":"teams.pcap","alias":"nDPId-test","type":38} 00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1587041690880,"flow_last_seen":0,"flow_tot_l4_data_len":62,"flow_min_l4_data_len":62,"flow_max_l4_data_len":62,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00464{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041690,"pkt_ts_usec":880711,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"EBMx8Tl2KDc3AG3ICABFAABSJv0AAP8REUbAqAEGwKgBAfm6ADUAPoc2eGoBAAABAAAAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQAB"} -00704{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1587041690880,"flow_last_seen":0,"flow_tot_l4_data_len":62,"flow_min_l4_data_len":62,"flow_max_l4_data_len":62,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} +00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1587041690880,"flow_last_seen":0,"flow_tot_l4_data_len":62,"flow_min_l4_data_len":62,"flow_max_l4_data_len":62,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00743{"flow_id":58,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2318,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041690,"pkt_ts_usec":915102,"pkt_caplen":301,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":301,"pkt_l4_len":267,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEfVLxAADkRaLrAqAEBwKgBBgA1+boBCwAAeGqBgAABAAUAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAAACgAuHWFwcGxpY2F0aW9uaW5zaWdodHNfaW5nZXN0aW9uB21vbml0b3IFYXp1cmXALcBCAAUAAQAAAJEALB1hcHBsaWNhdGlvbmluc2lnaHRzX2luZ2VzdGlvbgtwcml2YXRlbGlua8BgwHwABQABAAAAXwAXAmRjDnRyYWZmaWNtYW5hZ2VyA25ldADAtAAFAAEAAAAeABwQY2ZyLWJyZWV6aWVzdC1pbghjbG91ZGFwcMDGwNcAAQABAAAABwAEKE+KKQ=="} -00732{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2318,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_first_seen":1587041690880,"flow_last_seen":1587041690915,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":62,"flow_max_l4_data_len":267,"flow_avg_l4_data_len":164,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.79.138.41"}} +00683{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2318,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_first_seen":1587041690880,"flow_last_seen":1587041690915,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":62,"flow_max_l4_data_len":267,"flow_avg_l4_data_len":164,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.79.138.41"}} 00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2319,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1587041690916,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00442{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2319,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041690,"pkt_ts_usec":916341,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyUAbup7MP+AAAAALAC\/\/9nAwAAAgQFtAEDAwUBAQgKMITPEwAAAAAEAgAA"} 00437{"flow_id":59,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2320,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041690,"pkt_ts_usec":946470,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GwdAAG4GfY4oT4opwKgBBgG77JSCI5UvqezD\/6ASIAArFwAAAgQFoAEDAwgEAggKUvjCpTCEzxM="} diff --git a/test/run_tests.sh b/test/run_tests.sh index 51261ecb5..acb080f39 100755 --- a/test/run_tests.sh +++ b/test/run_tests.sh @@ -2,6 +2,7 @@ set -e +LINE_SPACES=${LINE_SPACES:-48} MYDIR="$(realpath "$(dirname ${0})")" nDPId_test_EXEC="${2:-"$(realpath "${MYDIR}/../nDPId-test")"}" nDPI_SOURCE_ROOT="${1}" @@ -20,6 +21,7 @@ nDPI_TEST_DIR="${nDPI_SOURCE_ROOT}/tests/pcap" cat <<EOF nDPId-test......: ${nDPId_test_EXEC} nDPI source root: ${nDPI_TEST_DIR} + EOF cd "${nDPI_TEST_DIR}" @@ -27,8 +29,6 @@ mkdir -p /tmp/nDPId-test-stderr set +e RETVAL=0 for pcap_file in $(ls *.pcap*); do - printf '%s' "${pcap_file}" - ${nDPId_test_EXEC} "${pcap_file}" \ >"${MYDIR}/results/${pcap_file}.out.new" \ 2>"/tmp/nDPId-test-stderr/${pcap_file}.out" @@ -36,9 +36,9 @@ for pcap_file in $(ls *.pcap*); do if [ $? -eq 0 ]; then if diff -u0 "${MYDIR}/results/${pcap_file}.out" \ "${MYDIR}/results/${pcap_file}.out.new" >/dev/null; then - printf ' [%s]\n' 'OK' + printf "%-${LINE_SPACES}s\t%s\n" "${pcap_file}" '[OK]' else - printf ' [%s]\n' 'DIFF' + printf "%-${LINE_SPACES}s\t%s\n" "${pcap_file}" '[DIFF]' diff -u0 "${MYDIR}/results/${pcap_file}.out" \ "${MYDIR}/results/${pcap_file}.out.new" mv -v "${MYDIR}/results/${pcap_file}.out.new" \ @@ -46,7 +46,7 @@ for pcap_file in $(ls *.pcap*); do RETVAL=1 fi else - printf ' [%s]\n' 'FAIL' + printf "%-${LINE_SPACES}s\t%s\n" "${pcap_file}" '[FAIL]' RETVAL=1 fi |