diff options
Diffstat (limited to 'test/results/default/alexa-app.pcapng.out')
| -rw-r--r-- | test/results/default/alexa-app.pcapng.out | 280 |
1 files changed, 140 insertions, 140 deletions
diff --git a/test/results/default/alexa-app.pcapng.out b/test/results/default/alexa-app.pcapng.out index 8955491b6..0e14698d7 100644 --- a/test/results/default/alexa-app.pcapng.out +++ b/test/results/default/alexa-app.pcapng.out @@ -1,5 +1,5 @@ -00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1490976022526783} +00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.15.0-5258-f8869cd","ndpi_api_version":12317,"size_per_flow":1384,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.15.0-5258-f8869cd","ndpi_api_version":12317,"size_per_flow":1384,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1490976022526783} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1490976022526783,"packet_id":1,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_usec":1490976022526783} 00326{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":20,"pkt_type":6,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":20,"pkt_l4_len":0,"thread_ts_usec":1490976022526783,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCAAYAAa+BAQA="} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1490976022526847,"packet_id":2,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_usec":1490976022526847} @@ -99,10 +99,10 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1490976029756146,"flow_dst_last_pkt_time":1490976029858463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976029858463,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw9PhAAOcGq4c0XugArBAq2AG7gxTPTpIKFf8oBnASH\/5MlgAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1490976029859802,"flow_dst_last_pkt_time":1490976029858463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976029859802,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoYetAAEAG5Z2sECrYNF7oAIMUAbsV\/ygGz06SC1AQAVeXBwAA"} 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1490976029862221,"flow_dst_last_pkt_time":1490976029858463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":285,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":285,"pkt_l4_len":251,"thread_ts_usec":1490976029862221,"pkt":"AMDKkaPvePiC0\/vCCABFAAEPYexAAEAG5LWsECrYNF7oAIMUAbsV\/ygGz06SC1AYAVe0ugAAFgMBAOIBAADeAwPKXhDT4mBwzwJLaYeyeukYihakDqOb9JFzyzNNj0iN1AAALMArwCzAL8AwAJ4An8AJwArAE8AUADMAOQAyADjAB8ARAJwAnQAvADUABQD\/AQAAiQAAAB0AGwAAGG1hZHMuYW1hem9uLWFkc3lzdGVtLmNvbQALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgID"} -01301{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976029756146,"flow_src_last_pkt_time":1490976029862221,"flow_dst_last_pkt_time":1490976029858463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":231,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":231,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976029862221,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mads.amazon-adsystem.com","domainame":"mads.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} +01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976029756146,"flow_src_last_pkt_time":1490976029862221,"flow_dst_last_pkt_time":1490976029858463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":231,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":231,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976029862221,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"mads.amazon-adsystem.com","domainame":"mads.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1490976029862221,"flow_dst_last_pkt_time":1490976030030696,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976030030696,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo+q5AAOcGpdk0XugArBAq2AG7gxTPTpILFf8o7VAQf\/wXewAAAAAAAAAA"} -01361{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976029756146,"flow_src_last_pkt_time":1490976029862221,"flow_dst_last_pkt_time":1490976030031163,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":231,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":231,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976030031163,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mads.amazon-adsystem.com","domainame":"mads.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} -01692{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1490976029756146,"flow_src_last_pkt_time":1490976029862221,"flow_dst_last_pkt_time":1490976030031797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":231,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":231,"flow_dst_tot_l4_payload_len":3332,"midstream":0,"thread_ts_usec":1490976030031797,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mads.amazon-adsystem.com","domainame":"mads.amazon-adsystem.com","tls": {"version":"TLSv1.2","server_names":"mads.amazon-adsystem.com,mads.amazon.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mads.amazon.com","fingerprint":"E0:2E:BD:D6:46:9B:05:03:93:CC:A7:28:7A:F4:57:9C:EB:40:8F:AB","blocks":0}}} +01387{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976029756146,"flow_src_last_pkt_time":1490976029862221,"flow_dst_last_pkt_time":1490976030031163,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":231,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":231,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976030031163,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"mads.amazon-adsystem.com","domainame":"mads.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}} +01718{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1490976029756146,"flow_src_last_pkt_time":1490976029862221,"flow_dst_last_pkt_time":1490976030031797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":231,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":231,"flow_dst_tot_l4_payload_len":3332,"midstream":0,"thread_ts_usec":1490976030031797,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"mads.amazon-adsystem.com","domainame":"mads.amazon-adsystem.com","tls": {"version":"TLSv1.2","server_names":"mads.amazon-adsystem.com,mads.amazon.com","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220500_5fd681855ab9_c70a3c84db07","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mads.amazon.com","fingerprint":"E0:2E:BD:D6:46:9B:05:03:93:CC:A7:28:7A:F4:57:9C:EB:40:8F:AB","blocks":0}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976030681470,"flow_src_last_pkt_time":1490976030681470,"flow_dst_last_pkt_time":1490976030681470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976030681470,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1490976030681470,"flow_dst_last_pkt_time":1490976030681470,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1490976030681470,"pkt":"AMDKkaPvePiC0\/vCCABFAABEWlBAAEARM1+sECrYrBAqARy+ADUAMIK\/xAMBAAABAAAAAAAAC2ZpcnMtdGEtZzdnBmFtYXpvbgNjb20AAAEAAQ=="} 01098{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976030681470,"flow_src_last_pkt_time":1490976030681470,"flow_dst_last_pkt_time":1490976030681470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976030681470,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"firs-ta-g7g.amazon.com","domainame":"firs-ta-g7g.amazon.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -167,9 +167,9 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1490976041156517,"flow_dst_last_pkt_time":1490976041212203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976041212203,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwBzRAAOcGmMY0XuiGrBAq2AG7sl2f4NcN4WEAFHASH\/5jwQAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1490976041215822,"flow_dst_last_pkt_time":1490976041212203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976041215822,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoTnFAAEAG+JGsECrYNF7ohrJdAbvhYQAUn+DXDlAQAVeuMgAA"} 00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1490976041217250,"flow_dst_last_pkt_time":1490976041212203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_usec":1490976041217250,"pkt":"AMDKkaPvePiC0\/vCCABFAAD3TnJAAEAG98GsECrYNF7ohrJdAbvhYQAUn+DXDlAYAVcoRwAAFgMBAMoBAADGAwO\/f09SaeVtExBhd3Gv\/ERXGLhlRtygdI3ZdlzQ0IY6FAAAILq6zKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAfUpKAAD\/AQABAAAAABgAFgAAE3BpdGFuZ3VpLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAh6egAdABcAGFpaAAEA"} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041156517,"flow_src_last_pkt_time":1490976041217250,"flow_dst_last_pkt_time":1490976041212203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041217250,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041156517,"flow_src_last_pkt_time":1490976041217250,"flow_dst_last_pkt_time":1490976041212203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041217250,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1490976041217250,"flow_dst_last_pkt_time":1490976041278804,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1490976041278804,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcCfVAAOcGkFk0XuiGrBAq2AG7sl2f4NcO4WEA41AYf\/nzkwAAFgMBDLwCAABGAwFY3n0prRqzn+uUe7J2SGc9ycgvCdlpITNiR\/tB85Rx3CCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} -01968{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976041156517,"flow_src_last_pkt_time":1490976041217250,"flow_dst_last_pkt_time":1490976041279232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976041279232,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} +01984{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976041156517,"flow_src_last_pkt_time":1490976041217250,"flow_dst_last_pkt_time":1490976041279232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976041279232,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976041384197,"flow_src_last_pkt_time":1490976041384197,"flow_dst_last_pkt_time":1490976041384197,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041384197,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1490976041384197,"flow_dst_last_pkt_time":1490976041384197,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976041384197,"pkt":"AMDKkaPvePiC0\/vCCABFAAA807JAAEAGczysECrYNF7ohrJeAbv1uZ3IAAAAAKAC\/\/+9JQAAAgQFtAQCCAoA9k56AAAAAAEDAwg="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976041400900,"flow_src_last_pkt_time":1490976041400900,"flow_dst_last_pkt_time":1490976041400900,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041400900,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -182,15 +182,15 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1490976041384197,"flow_dst_last_pkt_time":1490976041439512,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976041439512,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwm7lAAOcGBEE0XuiGrBAq2AG7sl5u82R89bmdyXASH\/5VMQAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1490976041440529,"flow_dst_last_pkt_time":1490976041439512,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976041440529,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07NAAEAGc0+sECrYNF7ohrJeAbv1uZ3JbvNkfVAQAVefogAA"} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1490976041444441,"flow_dst_last_pkt_time":1490976041439512,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976041444441,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX07RAAEAGcl+sECrYNF7ohrJeAbv1uZ3JbvNkfVAYAVcAGwAAFgMBAOoBAADmAwOSkZ7MV5tRrPXYmwy49debN2XXTGXQ0IImU9DOeZ6S4yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgmprMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9mpoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACJqaAB0AFwAYysoAAQA="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041384197,"flow_src_last_pkt_time":1490976041444441,"flow_dst_last_pkt_time":1490976041439512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041444441,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041384197,"flow_src_last_pkt_time":1490976041444441,"flow_dst_last_pkt_time":1490976041439512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041444441,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1490976041400900,"flow_dst_last_pkt_time":1490976041446155,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976041446155,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwNmhAAOcGaZI0XuiGrBAq2AG7sl88IzNAq4r0I3ASH\/6tEQAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1490976041447594,"flow_dst_last_pkt_time":1490976041446155,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976041447594,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoul9AAEAGjKOsECrYNF7ohrJfAburivQjPCMzQVAQAVf3ggAA"} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1490976041448206,"flow_dst_last_pkt_time":1490976041446155,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976041448206,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXumBAAEAGi7OsECrYNF7ohrJfAburivQjPCMzQVAYAVegPwAAFgMBAOoBAADmAwPMxcZuQn9QgwOiuLXeL1fCgh6paRvCicrfIqGcHwVG8yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgysrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9ysoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACMrKAB0AFwAYamoAAQA="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041400900,"flow_src_last_pkt_time":1490976041448206,"flow_dst_last_pkt_time":1490976041446155,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041448206,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976041400900,"flow_src_last_pkt_time":1490976041448206,"flow_dst_last_pkt_time":1490976041446155,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041448206,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1490976041448206,"flow_dst_last_pkt_time":1490976041498208,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976041498208,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoOWdAAOcGZps0XuiGrBAq2AG7sl88IzNBq4r1ElAQf\/h38gAAAAAAAAAA"} -01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976041400900,"flow_src_last_pkt_time":1490976041448206,"flow_dst_last_pkt_time":1490976041498343,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976041498343,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01373{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976041400900,"flow_src_last_pkt_time":1490976041448206,"flow_dst_last_pkt_time":1490976041498343,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976041498343,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1490976041444441,"flow_dst_last_pkt_time":1490976041502643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976041502643,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAon6JAAOcGAGA0XuiGrBAq2AG7sl5u82R99bmeuFAQf\/ggEgAAAAAAAAAA"} -01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976041384197,"flow_src_last_pkt_time":1490976041444441,"flow_dst_last_pkt_time":1490976041502807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976041502807,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01373{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976041384197,"flow_src_last_pkt_time":1490976041444441,"flow_dst_last_pkt_time":1490976041502807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976041502807,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976041680864,"flow_src_last_pkt_time":1490976041680864,"flow_dst_last_pkt_time":1490976041680864,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041680864,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1490976041680864,"flow_dst_last_pkt_time":1490976041680864,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976041680864,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzJAAEAGfuesECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9j3AAAAgQFtAQCCAoA9k6YAAAAAAEDAwg="} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976041770147,"flow_src_last_pkt_time":1490976041770147,"flow_dst_last_pkt_time":1490976041770147,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976041770147,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -244,7 +244,7 @@ 01089{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976043611721,"flow_src_last_pkt_time":1490976043611721,"flow_dst_last_pkt_time":1490976043611721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976043611721,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} 00301{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1490976043617123,"packet_id":392,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_usec":1490976043617123} 00377{"packet_event_id":1,"packet_event_name":"packet","packet_id":392,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1490976043612089,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"} -02327{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":394,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976041156517,"flow_src_last_pkt_time":1490976043655892,"flow_dst_last_pkt_time":1490976043654956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1114,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":4861,"flow_dst_tot_l4_payload_len":5515,"midstream":0,"thread_ts_usec":1490976043655892,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":70,"avg":161219.8,"max":1015894,"stddev":286084.3,"var":81844248576.0,"ent":3.4,"data": [55686,59305,1428,66601,358,70,64102,4784,271,2661,66908,3070,100753,8343,108356,5909,66864,500848,354092,941132,3002,88712,111843,176480,211,64686,9150,104205,1015894,966451,45639]},"pktlen": {"min":40,"avg":366.2,"max":1500,"stddev":485.1,"var":235358.5,"ent":3.9,"data": [60,48,40,247,1500,1500,385,40,40,40,366,46,99,40,1122,46,941,40,1106,1106,46,493,40,1154,46,877,40,40,46,40,46,40]},"bins": {"c_to_s": [12,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0],"entropies": [4.617588520,5.095174789,4.784183979,5.540180683,6.803335667,7.281946659,7.383058548,4.784183979,4.784183979,4.734184265,7.281152725,4.652828693,6.003940582,4.881687164,7.811503887,4.501398087,7.765291691,4.831687450,7.799355507,7.797914982,4.565871716,7.570134640,4.831686974,7.815543175,4.565872192,7.742568493,4.881687164,4.931687355,4.544876099,4.831687450,4.544876099,4.781687260]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02343{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":394,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976041156517,"flow_src_last_pkt_time":1490976043655892,"flow_dst_last_pkt_time":1490976043654956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1114,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":4861,"flow_dst_tot_l4_payload_len":5515,"midstream":0,"thread_ts_usec":1490976043655892,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":70,"avg":161219.8,"max":1015894,"stddev":286084.3,"var":81844248576.0,"ent":3.4,"data": [55686,59305,1428,66601,358,70,64102,4784,271,2661,66908,3070,100753,8343,108356,5909,66864,500848,354092,941132,3002,88712,111843,176480,211,64686,9150,104205,1015894,966451,45639]},"pktlen": {"min":40,"avg":366.2,"max":1500,"stddev":485.1,"var":235358.5,"ent":3.9,"data": [60,48,40,247,1500,1500,385,40,40,40,366,46,99,40,1122,46,941,40,1106,1106,46,493,40,1154,46,877,40,40,46,40,46,40]},"bins": {"c_to_s": [12,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0],"entropies": [4.617588520,5.095174789,4.784183979,5.540180683,6.803335667,7.281946659,7.383058548,4.784183979,4.784183979,4.734184265,7.281152725,4.652828693,6.003940582,4.881687164,7.811503887,4.501398087,7.765291691,4.831687450,7.799355507,7.797914982,4.565871716,7.570134640,4.831686974,7.815543175,4.565872192,7.742568493,4.881687164,4.931687355,4.544876099,4.831687450,4.544876099,4.781687260]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1490976043611721,"flow_dst_last_pkt_time":1490976043811357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1490976043811357,"pkt":"ePiC0\/vCAMDKkaPvCABFAABP0pFAAEARuxKsECoBrBAq2AA1qVYAO\/ZCveGBgAABAAEAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAHADAABAAEAAAAbAARIFc6H"} 01121{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976043611721,"flow_src_last_pkt_time":1490976043611721,"flow_dst_last_pkt_time":1490976043811357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1490976043811357,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["72.21.206.135,ttl=27"]}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976043814090,"flow_src_last_pkt_time":1490976043814090,"flow_dst_last_pkt_time":1490976043814090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976043814090,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -270,15 +270,15 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1490976044189172,"flow_dst_last_pkt_time":1490976044265954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976044265954,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwK9ZAAOcGdCQ0XuiGrBAq2AG7smlcwjrL0o9lC3ASH\/7s8AAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1490976044267960,"flow_dst_last_pkt_time":1490976044265954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976044267960,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKplAAEAGHGqsECrYNF7ohrJpAbvSj2ULXMI6zFAQAVc3YgAA"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1490976044269016,"flow_dst_last_pkt_time":1490976044265954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976044269016,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXKppAAEAGG3qsECrYNF7ohrJpAbvSj2ULXMI6zFAYAVcFOAAAFgMBAOoBAADmAwNdGKNvzWhzY9OhvyZ+keLLKk\/7AQzq3mwK9RBmTgVI5yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgWlrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9qqoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACBoaAB0AFwAYamoAAQA="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044189172,"flow_src_last_pkt_time":1490976044269016,"flow_dst_last_pkt_time":1490976044265954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044269016,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044189172,"flow_src_last_pkt_time":1490976044269016,"flow_dst_last_pkt_time":1490976044265954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044269016,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1490976044219115,"flow_dst_last_pkt_time":1490976044285893,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976044285893,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwZ65AAOcGOEw0XuiGrBAq2AG7smoL+FEyEvIe2XASH\/4tIwAAAgQFtAEDAwY="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1490976044287837,"flow_dst_last_pkt_time":1490976044285893,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976044287837,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoUU5AAEAG9bSsECrYNF7ohrJqAbsS8h7ZC\/hRM1AQAVd3lAAA"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1490976044288914,"flow_dst_last_pkt_time":1490976044285893,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976044288914,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXUU9AAEAG9MSsECrYNF7ohrJqAbsS8h7ZC\/hRM1AYAVcwFgAAFgMBAOoBAADmAwN0wOf7tRdLaTVmj8QP9secnQ3jNnC0CYFCDog2row9lyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB96uoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACMrKAB0AFwAY+voAAQA="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044219115,"flow_src_last_pkt_time":1490976044288914,"flow_dst_last_pkt_time":1490976044285893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044288914,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044219115,"flow_src_last_pkt_time":1490976044288914,"flow_dst_last_pkt_time":1490976044285893,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044288914,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1490976044269016,"flow_dst_last_pkt_time":1490976044330889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976044330889,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoGa5AAOcGhlQ0XuiGrBAq2AG7smlcwjrM0o9l+lAQf\/i30QAAAAAAAAAA"} -01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976044189172,"flow_src_last_pkt_time":1490976044269016,"flow_dst_last_pkt_time":1490976044331031,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044331031,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01373{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976044189172,"flow_src_last_pkt_time":1490976044269016,"flow_dst_last_pkt_time":1490976044331031,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044331031,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1490976044288914,"flow_dst_last_pkt_time":1490976044404656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976044404656,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAocTtAAOcGLsc0XuiGrBAq2AG7smoL+FEzEvIfyFAQf\/j4AwAAAAAAAAAA"} -01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976044219115,"flow_src_last_pkt_time":1490976044288914,"flow_dst_last_pkt_time":1490976044404790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044404790,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01373{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976044219115,"flow_src_last_pkt_time":1490976044288914,"flow_dst_last_pkt_time":1490976044404790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044404790,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1490976044419794,"flow_dst_last_pkt_time":1490976041428918,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976044419794,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8G7BAAEAGvmmsECrYCsl+8Z0IH5CvoFXQAAAAAKAC\/\/\/UsgAAAgQFtAQCCAoA9k+qAAAAAAEDAwg="} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976044439648,"flow_src_last_pkt_time":1490976044439648,"flow_dst_last_pkt_time":1490976044439648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044439648,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1490976044439648,"flow_dst_last_pkt_time":1490976044439648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976044439648,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8t7dAAEAGjzesECrYNF7ohsG1AFD+AvgcAAAAAKAC\/\/9LawAAAgQFtAQCCAoA9k+rAAAAAAEDAwg="} @@ -300,25 +300,25 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1490976044521564,"flow_dst_last_pkt_time":1490976044585749,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976044585749,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwIDxAAOcGf740XuiGrBAq2AG7sm+mtiDui1jrp3ASH\/59bgAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1490976044587462,"flow_dst_last_pkt_time":1490976044585107,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976044587462,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoGDZAAEAGLs2sECrYNF7ohrJsAbtUI1eGkQU1XVAQAVeUfAAA"} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1490976044587741,"flow_dst_last_pkt_time":1490976044585107,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976044587741,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXGDdAAEAGLd2sECrYNF7ohrJsAbtUI1eGkQU1XVAYAVdYfwAAFgMBAOoBAADmAwMHp\/uCPKzIqLpk\/u5Y5aYh1Wm9z8VlToWpRpTq02qhKCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgCgrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9+voAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACKqqAB0AFwAYiooAAQA="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044488653,"flow_src_last_pkt_time":1490976044587741,"flow_dst_last_pkt_time":1490976044585107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044587741,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044488653,"flow_src_last_pkt_time":1490976044587741,"flow_dst_last_pkt_time":1490976044585107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044587741,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1490976044588696,"flow_dst_last_pkt_time":1490976044585319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976044588696,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07pAAEAGc0isECrYNF7ohrJtAbvCg5wMD9ZxDlAQAVcnEwAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1490976044588921,"flow_dst_last_pkt_time":1490976044585350,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976044588921,"pkt":"AMDKkaPvePiC0\/vCCABFAAAodBFAAEAG0vGsECrYNF7ohrJuAbv0jjuju8rxnFAQAVco7QAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1490976044589054,"flow_dst_last_pkt_time":1490976044585749,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976044589054,"pkt":"AMDKkaPvePiC0\/vCCABFAAAopBNAAEAGou+sECrYNF7ohrJvAbuLWOunprYg71AQAVfH3wAA"} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1490976044595184,"flow_dst_last_pkt_time":1490976044585319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976044595184,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX07tAAEAGclisECrYNF7ohrJtAbvCg5wMD9ZxDlAYAVcZ4AAAFgMBAOoBAADmAwMbir\/VgnkPVKkE\/Xu6XjUcyinI0jcCde8BTkIAsu8XPyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgGhrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9uroAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACIqKAB0AFwAY2toAAQA="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044502988,"flow_src_last_pkt_time":1490976044595184,"flow_dst_last_pkt_time":1490976044585319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044595184,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044502988,"flow_src_last_pkt_time":1490976044595184,"flow_dst_last_pkt_time":1490976044585319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044595184,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1490976044595782,"flow_dst_last_pkt_time":1490976044585350,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976044595782,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXdBJAAEAG0gGsECrYNF7ohrJuAbv0jjuju8rxnFAYAVf+XwAAFgMBAOoBAADmAwMrTrxt6fXaVT85w7y\/oBbFpkU1n1V7egWaCm1h86YfdiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgKirMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9uroAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACEpKAB0AFwAYamoAAQA="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044509891,"flow_src_last_pkt_time":1490976044595782,"flow_dst_last_pkt_time":1490976044585350,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044595782,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044509891,"flow_src_last_pkt_time":1490976044595782,"flow_dst_last_pkt_time":1490976044585350,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044595782,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1490976044596868,"flow_dst_last_pkt_time":1490976044585749,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976044596868,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXpBRAAEAGof+sECrYNF7ohrJvAbuLWOunprYg71AYAVeiCQAAFgMBAOoBAADmAwPd1iOBKblgnVQxNgabPGiTNhU8S0+QlhDIurluRG6LLSCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAg2trMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9KioAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACNraAB0AFwAYiooAAQA="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044521564,"flow_src_last_pkt_time":1490976044596868,"flow_dst_last_pkt_time":1490976044585749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044596868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976044521564,"flow_src_last_pkt_time":1490976044596868,"flow_dst_last_pkt_time":1490976044585749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976044596868,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1490976044679697,"flow_dst_last_pkt_time":1490976041680864,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976044679697,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzRAAEAGfuWsECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9isAAAAgQFtAQCCAoA9k\/EAAAAAAEDAwg="} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1490976044595184,"flow_dst_last_pkt_time":1490976044687016,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976044687016,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9Mc5AAOcGbd80XuiGrBAq2AG7sm0P1nEOwoOc+1AYf\/iD+AAAFgMBAEoCAABGAwFY3n0svZffnx292YM8BnDkyDMEgFU6ZUM30vCin0OQyyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976044502988,"flow_src_last_pkt_time":1490976044595184,"flow_dst_last_pkt_time":1490976044687016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044687016,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01373{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976044502988,"flow_src_last_pkt_time":1490976044595184,"flow_dst_last_pkt_time":1490976044687016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044687016,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1490976044587741,"flow_dst_last_pkt_time":1490976044687177,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976044687177,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo9upAAOcGqRc0XuiGrBAq2AG7smyRBTVdVCNYdVAQf\/gU7AAAAAAAAAAA"} -01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976044488653,"flow_src_last_pkt_time":1490976044587741,"flow_dst_last_pkt_time":1490976044687209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044687209,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01373{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976044488653,"flow_src_last_pkt_time":1490976044587741,"flow_dst_last_pkt_time":1490976044687209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044687209,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1490976044596868,"flow_dst_last_pkt_time":1490976044687345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976044687345,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9LZ9AAOcGcg40XuiGrBAq2AG7sm+mtiDvi1jsllAYf\/i0FAAAFgMBAEoCAABGAwFY3n0sREHukAACBv+MMlmfhll64s8dZ38b+V21ucVGlyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976044521564,"flow_src_last_pkt_time":1490976044596868,"flow_dst_last_pkt_time":1490976044687345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044687345,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01373{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976044521564,"flow_src_last_pkt_time":1490976044596868,"flow_dst_last_pkt_time":1490976044687345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044687345,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1490976044595782,"flow_dst_last_pkt_time":1490976044687923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976044687923,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAov01AAOcG4LQ0XuiGrBAq2AG7sm67yvGc9I48klAQf\/ipXAAAAAAAAAAA"} -01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976044509891,"flow_src_last_pkt_time":1490976044595782,"flow_dst_last_pkt_time":1490976044687978,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044687978,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01373{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976044509891,"flow_src_last_pkt_time":1490976044595782,"flow_dst_last_pkt_time":1490976044687978,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976044687978,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1490976043814984,"flow_src_last_pkt_time":1490976044649888,"flow_dst_last_pkt_time":1490976044708534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":615,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1490976044708534,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 01647{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1490976043814984,"flow_src_last_pkt_time":1490976044649888,"flow_dst_last_pkt_time":1490976044708747,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":615,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1490976044708747,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fls-na.amazon.com","domainame":"fls-na.amazon.com","tls": {"version":"TLSv1.2","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3s":"159d46e54a2c066ef95e656fdf034e1d","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A","blocks":0}}} 01866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1490976044910321,"flow_dst_last_pkt_time":1490976044548899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1050,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1050,"pkt_l4_len":1016,"thread_ts_usec":1490976044910321,"pkt":"AMDKkaPvePiC0\/vCCABFAAQMt7pAAEAGi2SsECrYNF7ohsG1AFD+AvgdsHQ7blAYAVc4SwAAR0VUIC9saWIvYm9vdHN0cmFwL2ltZy9nbHlwaGljb25zLWhhbGZsaW5ncy5wbmcgSFRUUC8xLjENCkhvc3Q6IGFsZXhhLmFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vbGliL2Jvb3RzdHJhcC9jc3MvYm9vdHN0cmFwLm1pbi5jc3MNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KQ29va2llOiBjc3JmPS04NDYxMjczODsgc2Vzc2lvbi1pZC10aW1lPTIwODI3ODcyMDFsOyBzZXNzaW9uLXRva2VuPSJlZnRGbVk1RjVyVGd3czduK2VDZFhaU1R5SGNEeWtObDNNMXBjbzNSVktqeW43eW50T2tKNkxMRXlENUR4a3VuMnJaQXd5aVFVTlBKcVZtOG9HWE5xSG1mZjFwTjlZSWtML2lUQy9XQjY1eDc5RWFIWTdQN0JMMWZSS2VIWDNwSFc4ZW03SFJ6Q3ZkcGF1WWtzV0ZZTzBOTWVWclB6MWNYZVpIeldyejM4ZjdxRlhsOTFxaEhZdlRndHVKV2tsRlRkWmdpbHRNYmMvbz0iOyBzZXNzaW9uLWlkPTE1NC0zMTAzMjY1LTI5MzI1MTY7IHgtbWFpbj0idWlUck1lOHdRV3l6ekJsM2s5eUNQbExYUk1TVWFtTXhDWTZRZ1A4azlwd0pmcE1KT0tZWHN5UT9za3JBOEFhTiI7IHViaWQtbWFpbj0xNTItODc2MzUwNS03MzA0OTA0OyBsYy1tYWluPWVuX1VTDQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uYW1hem9uLmRlZS5hcHANCg0K"} @@ -329,9 +329,9 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1490976046418630,"flow_dst_last_pkt_time":1490976046475196,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976046475196,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWCFAAOcGR9k0XuiGrBAq2AG7snCFN7lwm9glmnASH\/679wAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1490976046478174,"flow_dst_last_pkt_time":1490976046475196,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976046478174,"pkt":"AMDKkaPvePiC0\/vCCABFAAAodelAAEAG0RmsECrYNF7ohrJwAbub2CWahTe5cVAQAVcGaQAA"} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1490976046478452,"flow_dst_last_pkt_time":1490976046475196,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976046478452,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXdepAAEAG0CmsECrYNF7ohrJwAbub2CWahTe5cVAYAVeQeAAAFgMBAOoBAADmAwN6ZK5x9InIPwhDa7EIgt6sqwDEMRodN28AtgITxHZ1ayCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9qqoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYenoAAQA="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976046418630,"flow_src_last_pkt_time":1490976046478452,"flow_dst_last_pkt_time":1490976046475196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976046478452,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976046418630,"flow_src_last_pkt_time":1490976046478452,"flow_dst_last_pkt_time":1490976046475196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976046478452,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1490976046789894,"flow_dst_last_pkt_time":1490976046475196,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976046789894,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXdetAAEAG0CisECrYNF7ohrJwAbub2CWahTe5cVAYAVeQeAAAFgMBAOoBAADmAwN6ZK5x9InIPwhDa7EIgt6sqwDEMRodN28AtgITxHZ1ayCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9qqoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYenoAAQA="} -01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976046418630,"flow_src_last_pkt_time":1490976046789894,"flow_dst_last_pkt_time":1490976046847694,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":478,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976046847694,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01373{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976046418630,"flow_src_last_pkt_time":1490976046789894,"flow_dst_last_pkt_time":1490976046847694,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":478,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976046847694,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976047014580,"flow_src_last_pkt_time":1490976047014580,"flow_dst_last_pkt_time":1490976047014580,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047014580,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1490976047014580,"flow_dst_last_pkt_time":1490976047014580,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976047014580,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JC1AAEAG7\/2sECrYNu8YuoTxAbsotHSAAAAAAKAC\/\/+r6QAAAgQFtAQCCAoA9lCtAAAAAAEDAwg="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976047050685,"flow_src_last_pkt_time":1490976047050685,"flow_dst_last_pkt_time":1490976047050685,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047050685,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -351,11 +351,11 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1490976047096758,"flow_dst_last_pkt_time":1490976047154862,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976047154862,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwRp1AAOcGWV00XuiGrBAq2AG7snPq5wFokYQTNHASH\/4rBwAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1490976047155806,"flow_dst_last_pkt_time":1490976047154862,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976047155806,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoQ4dAAEAGA3ysECrYNF7ohrJzAbuRhBM06ucBaVAQAVd1eAAA"} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1490976047156667,"flow_dst_last_pkt_time":1490976047154862,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976047156667,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXQ4hAAEAGAoysECrYNF7ohrJzAbuRhBM06ucBaVAYAVetQwAAFgMBAOoBAADmAwPpgUoR+zK1io939odz8bqrlk+DvqS0v3DALb7a+kUiQCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAg6urMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9SkoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACIqKAB0AFwAYGhoAAQA="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976047096758,"flow_src_last_pkt_time":1490976047156667,"flow_dst_last_pkt_time":1490976047154862,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047156667,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976047096758,"flow_src_last_pkt_time":1490976047156667,"flow_dst_last_pkt_time":1490976047154862,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047156667,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_src_last_pkt_time":1490976047111087,"flow_dst_last_pkt_time":1490976047164510,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976047164510,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoxWZAANsGs9c27xi6rBAq2AG7hPIGkxHRyCyc9VAQARyD8wAAAAAAAAAA"} 01326{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":641,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976047050685,"flow_src_last_pkt_time":1490976047111087,"flow_dst_last_pkt_time":1490976047169413,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":259,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":259,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1490976047169413,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","blocks":0}}} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1490976047156667,"flow_dst_last_pkt_time":1490976047217627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976047217627,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9T+pAAOcGT8M0XuiGrBAq2AG7snPq5wFpkYQUI1AYf\/jAygAAFgMBAEoCAABGAwFY3n0vHwUTKh3kRQicQrFbwZi3ae4Tj1002+Y32pnlTCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976047096758,"flow_src_last_pkt_time":1490976047156667,"flow_dst_last_pkt_time":1490976047217627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976047217627,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01373{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976047096758,"flow_src_last_pkt_time":1490976047156667,"flow_dst_last_pkt_time":1490976047217627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976047217627,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976047560420,"flow_src_last_pkt_time":1490976047560420,"flow_dst_last_pkt_time":1490976047560420,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047560420,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1490976047560420,"flow_dst_last_pkt_time":1490976047560420,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976047560420,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8csJAAEAG6uOsECrYNFXR2NSbAbtgrSImAAAAAKAC\/\/+\/5AAAAgQFtAQCCAoA9lDkAAAAAAEDAwg="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976047563011,"flow_src_last_pkt_time":1490976047563011,"flow_dst_last_pkt_time":1490976047563011,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976047563011,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -390,9 +390,9 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1490976054009715,"flow_dst_last_pkt_time":1490976054070557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976054070557,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwt0ZAAOcG6LM0XuiGrBAq2AG7snc6VHcpQzV8NnASH\/5LIgAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1490976054071611,"flow_dst_last_pkt_time":1490976054070557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976054071611,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoL1NAAEAGF7CsECrYNF7ohrJ3AbtDNXw2OlR3KlAQAVeVkwAA"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1490976054072460,"flow_dst_last_pkt_time":1490976054070557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976054072460,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXL1RAAEAGFsCsECrYNF7ohrJ3AbtDNXw2OlR3KlAYAVd6FAAAFgMBAOoBAADmAwPBrmY0NdI\/E4D2qVtO38be10HD8gGTXfDLQBOZkXF05iCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgysrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9amoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACKqqAB0AFwAYOjoAAQA="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976054009715,"flow_src_last_pkt_time":1490976054072460,"flow_dst_last_pkt_time":1490976054070557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976054072460,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976054009715,"flow_src_last_pkt_time":1490976054072460,"flow_dst_last_pkt_time":1490976054070557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976054072460,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1490976054072460,"flow_dst_last_pkt_time":1490976054168161,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976054168161,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAopJ1AAOcG+2Q0XuiGrBAq2AG7snc6VHcqQzV9JVAQf\/gWAwAAAAAAAAAA"} -01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":785,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976054009715,"flow_src_last_pkt_time":1490976054072460,"flow_dst_last_pkt_time":1490976054168300,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976054168300,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01373{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":785,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976054009715,"flow_src_last_pkt_time":1490976054072460,"flow_dst_last_pkt_time":1490976054168300,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976054168300,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00734{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976055356710,"flow_src_last_pkt_time":1490976055356710,"flow_dst_last_pkt_time":1490976055356710,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976055356710,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":5} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1490976055356710,"flow_dst_last_pkt_time":1490976055356710,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_usec":1490976055356710,"pkt":"AQBeAAABAMDKkaPvCABGwAAgAABAAAECBBcAAAAA4AAAAZQEAAARZO6bAAAAAA=="} 00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976055356710,"flow_src_last_pkt_time":1490976055356710,"flow_dst_last_pkt_time":1490976055356710,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976055356710,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -403,9 +403,9 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1490976057977153,"flow_dst_last_pkt_time":1490976058029112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976058029112,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw9qRAAOcGqVU0XuiGrBAq2AG7snh1d2z38A7+HXASH\/7rbgAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1490976058030172,"flow_dst_last_pkt_time":1490976058029112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976058030172,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoqulAAEAGnBmsECrYNF7ohrJ4AbvwDv4ddXds+FAQAVc14AAA"} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_src_last_pkt_time":1490976058032132,"flow_dst_last_pkt_time":1490976058029112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976058032132,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXqupAAEAGmymsECrYNF7ohrJ4AbvwDv4ddXds+FAYAVeo8gAAFgMBAOoBAADmAwMoaRx1UdIM893OKMmXrcWPDPO7AujafDygNOivm9PC5iCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgKirMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9GhoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYenoAAQA="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976057977153,"flow_src_last_pkt_time":1490976058032132,"flow_dst_last_pkt_time":1490976058029112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976058032132,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976057977153,"flow_src_last_pkt_time":1490976058032132,"flow_dst_last_pkt_time":1490976058029112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976058032132,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1490976058032132,"flow_dst_last_pkt_time":1490976058082623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976058082623,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9+TBAAOcGpnw0XuiGrBAq2AG7snh1d2z48A7\/DFAYf\/grMQAAFgMBAEoCAABGAwFY3n06YnWpXQ3KkZkNmnBbnjScZILp4v2nCTgeJCnodCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":806,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976057977153,"flow_src_last_pkt_time":1490976058032132,"flow_dst_last_pkt_time":1490976058082623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976058082623,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01373{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":806,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976057977153,"flow_src_last_pkt_time":1490976058032132,"flow_dst_last_pkt_time":1490976058082623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976058082623,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":811,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976058103747,"flow_src_last_pkt_time":1490976058103747,"flow_dst_last_pkt_time":1490976058103747,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976058103747,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1490976058103747,"flow_dst_last_pkt_time":1490976058103747,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976058103747,"pkt":"AMDKkaPvePiC0\/vCCABFAAA87D9AAEAGJ+usECrYNu8YuoT5Abs\/ELk9AAAAAKAC\/\/9McwAAAgQFtAQCCAoA9lUCAAAAAAEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1490976058103747,"flow_dst_last_pkt_time":1490976058160050,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976058160050,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw5wBAAOcGhjU27xi6rBAq2AG7hPl2s2uGPxC5PnASH\/7cPAAAAgQFtAEDAwY="} @@ -473,11 +473,11 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":966,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1490976071306483,"flow_dst_last_pkt_time":1490976071360390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976071360390,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwaLpAAOcGN0A0XuiGrBAq2AG7sn5peFkmyPjA43ASH\/5viQAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":967,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1490976071361620,"flow_dst_last_pkt_time":1490976071360390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976071361620,"pkt":"AMDKkaPvePiC0\/vCCABFAAAomslAAEAGrDmsECrYNF7ohrJ+AbvI+MDjaXhZJ1AQAVe5+gAA"} 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_src_last_pkt_time":1490976071362364,"flow_dst_last_pkt_time":1490976071360390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_usec":1490976071362364,"pkt":"AMDKkaPvePiC0\/vCCABFAAD3mspAAEAGq2msECrYNF7ohrJ+AbvI+MDjaXhZJ1AYAVcLWAAAFgMBAMoBAADGAwOkcAvRwSrfQVVFK\/foqopFdMlvROgq0BQ0TyljveD8PAAAIKqqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAfQoKAAD\/AQABAAAAABgAFgAAE3BpdGFuZ3VpLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAh6egAdABcAGNraAAEA"} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":968,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071306483,"flow_src_last_pkt_time":1490976071362364,"flow_dst_last_pkt_time":1490976071360390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071362364,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":968,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071306483,"flow_src_last_pkt_time":1490976071362364,"flow_dst_last_pkt_time":1490976071360390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071362364,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":969,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1490976071286664,"flow_dst_last_pkt_time":1490976071363611,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976071363611,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWSpAAOcGRtA0XuiGrBAq2AG7sn0V5Ch+kScxUnASH\/67KQAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_src_last_pkt_time":1490976071364685,"flow_dst_last_pkt_time":1490976071363611,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976071364685,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoa3pAAEAG24isECrYNF7ohrJ9AbuRJzFSFeQof1AQAVcFmwAA"} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_src_last_pkt_time":1490976071365551,"flow_dst_last_pkt_time":1490976071363611,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976071365551,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXa3tAAEAG2pisECrYNF7ohrJ9AbuRJzFSFeQof1AYAVcrhgAAFgMBAOoBAADmAwM07In88XJWi3gVEL3IAq3jnfxPPEmAP53P8CbtvduRQCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgOjrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9iooAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACOrqAB0AFwAY+voAAQA="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":971,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071286664,"flow_src_last_pkt_time":1490976071365551,"flow_dst_last_pkt_time":1490976071363611,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071365551,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":971,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071286664,"flow_src_last_pkt_time":1490976071365551,"flow_dst_last_pkt_time":1490976071363611,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071365551,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":972,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976071380614,"flow_src_last_pkt_time":1490976071380614,"flow_dst_last_pkt_time":1490976071380614,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071380614,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1490976071380614,"flow_dst_last_pkt_time":1490976071380614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976071380614,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Ky9AAEAGG8CsECrYNF7ohrKAAbueQXEdAAAAAKAC\/\/81bwAAAgQFtAQCCAoA9loyAAAAAAEDAwg="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":973,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976071385523,"flow_src_last_pkt_time":1490976071385523,"flow_dst_last_pkt_time":1490976071385523,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071385523,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -488,41 +488,41 @@ 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1490976071392707,"flow_dst_last_pkt_time":1490976071392707,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976071392707,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8hllAAEAGwJWsECrYNF7ohukyAbtO5dxqAAAAAKAC\/\/\/iygAAAgQFtAQCCAoA9lozAAAAAAEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1490976071380614,"flow_dst_last_pkt_time":1490976071431100,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976071431100,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwichAAOcGFjI0XuiGrBAq2AG7soCzlhpDnkFxHnASH\/7eyAAAAgQFtAEDAwY="} 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":977,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_src_last_pkt_time":1490976071362364,"flow_dst_last_pkt_time":1490976071432100,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1490976071432100,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcbd1AAOcGLHE0XuiGrBAq2AG7sn5peFknyPjBslAYf\/lsuQAAFgMBDLwCAABGAwFY3n1HWF0PVS6Hh\/OB54ewWN7EQ\/JAGtKcxvduR4tcQiB4kgfiZLrEZoIvfOT\/tQMGZLL4w9FhfVsGJHEZL4q82wAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} -01968{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":979,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976071306483,"flow_src_last_pkt_time":1490976071362364,"flow_dst_last_pkt_time":1490976071432488,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976071432488,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} +01984{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":979,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976071306483,"flow_src_last_pkt_time":1490976071362364,"flow_dst_last_pkt_time":1490976071432488,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976071432488,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_src_last_pkt_time":1490976071433534,"flow_dst_last_pkt_time":1490976071431100,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976071433534,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKzBAAEAGG9OsECrYNF7ohrKAAbueQXEes5YaRFAQAVcpOgAA"} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":983,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1490976071434199,"flow_dst_last_pkt_time":1490976071431100,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976071434199,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXKzFAAEAGGuOsECrYNF7ohrKAAbueQXEes5YaRFAYAVcyZAAAFgMBAOoBAADmAwORwZN3Gg+iPVw7yQc+k6Ude4qIjSThz3bWXaU7z9yE3SCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgmprMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9mpoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACMrKAB0AFwAYenoAAQA="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":983,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071380614,"flow_src_last_pkt_time":1490976071434199,"flow_dst_last_pkt_time":1490976071431100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071434199,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":983,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071380614,"flow_src_last_pkt_time":1490976071434199,"flow_dst_last_pkt_time":1490976071431100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071434199,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1490976071349196,"flow_dst_last_pkt_time":1490976071438832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976071438832,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwR+BAAOcGWBo0XuiGrBAq2AG7sn8uyCJ8obvO6XASH\/76GQAAAgQFtAEDAwY="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_src_last_pkt_time":1490976071385523,"flow_dst_last_pkt_time":1490976071438967,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976071438967,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwR+FAAOcGWBk0XuiGrBAq2AG7soEpho4ZflMlBnASH\/5hCAAAAgQFtAEDAwY="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":5,"flow_src_last_pkt_time":1490976071324885,"flow_dst_last_pkt_time":1490976071439010,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976071439010,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoJp5AANsGhWQ0XuiGrBAq2ABQwcY3D6dHIEe4eFAQf\/PC5gAAAAAAAAAA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1490976071440718,"flow_dst_last_pkt_time":1490976071438832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976071440718,"pkt":"AMDKkaPvePiC0\/vCCABFAAAolMdAAEAGsjusECrYNF7ohrJ\/Abuhu87pLsgifVAQAVdEiwAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_src_last_pkt_time":1490976071440997,"flow_dst_last_pkt_time":1490976071438967,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976071440997,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofzhAAEAGx8qsECrYNF7ohrKBAbt+UyUGKYaOGlAQAVereQAA"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":4,"flow_src_last_pkt_time":1490976071441137,"flow_dst_last_pkt_time":1490976071438832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976071441137,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXlMhAAEAGsUusECrYNF7ohrJ\/Abuhu87pLsgifVAYAVcuOwAAFgMBAOoBAADmAwMlSSyj1sonJu72Ryt7k8+6RtgrzaXQnI0RTQtftkcFSSCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgKirMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9KioAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACEpKAB0AFwAYqqoAAQA="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":991,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071349196,"flow_src_last_pkt_time":1490976071441137,"flow_dst_last_pkt_time":1490976071438832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071441137,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":991,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071349196,"flow_src_last_pkt_time":1490976071441137,"flow_dst_last_pkt_time":1490976071438832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071441137,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00856{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":992,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":4,"flow_src_last_pkt_time":1490976071441294,"flow_dst_last_pkt_time":1490976071438967,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976071441294,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXfzlAAEAGxtqsECrYNF7ohrKBAbt+UyUGKYaOGlAYAVdE2wAAFgMBAOoBAADmAwMyYJ1Vgi7pXUY+w9BYO5x0QgA8tcoAaPoo5I8kMHaIXSCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgOjrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9mpoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYWloAAQA="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":992,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071385523,"flow_src_last_pkt_time":1490976071441294,"flow_dst_last_pkt_time":1490976071438967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071441294,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":992,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071385523,"flow_src_last_pkt_time":1490976071441294,"flow_dst_last_pkt_time":1490976071438967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071441294,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":993,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":5,"flow_src_last_pkt_time":1490976071365551,"flow_dst_last_pkt_time":1490976071444188,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976071444188,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9SDRAAOcGV3k0XuiGrBAq2AG7sn0V5Ch\/kScyQVAYf\/iw2AAAFgMBAEoCAABGAwFY3n1HoIqu4iz1t6q3Aw\/d1XGda8i7JbQ0V4SKKTuKVyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01357{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":993,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976071286664,"flow_src_last_pkt_time":1490976071365551,"flow_dst_last_pkt_time":1490976071444188,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976071444188,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01373{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":993,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976071286664,"flow_src_last_pkt_time":1490976071365551,"flow_dst_last_pkt_time":1490976071444188,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976071444188,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1490976071392707,"flow_dst_last_pkt_time":1490976071448042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976071448042,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw0V1AAOcGzpw0XuiGrBAq2AG76TIsDp+yTuXca3ASH\/6OPgAAAgQFtAEDAwY="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1490976071449032,"flow_dst_last_pkt_time":1490976071448042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976071449032,"pkt":"AMDKkaPvePiC0\/vCCABFAAAohlpAAEAGwKisECrYNF7ohukyAbtO5dxrLA6fs1AQAVfYrwAA"} 00797{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_src_last_pkt_time":1490976071451916,"flow_dst_last_pkt_time":1490976071448042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_usec":1490976071451916,"pkt":"AMDKkaPvePiC0\/vCCABFAADqhltAAEAGv+WsECrYNF7ohukyAbtO5dxrLA6fs1AYAVeOnQAAFgMBAL0BAAC5AwN6cp6GYC5xfAeiRgQRCWi6UVwyVXoduZRVV+ZY6Nku9AAALMArwCzAL8AwAJ4An8AJwArAE8AUADMAOQAyADjAB8ARAJwAnQAvADUABQD\/AQAAZAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="} 01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071392707,"flow_src_last_pkt_time":1490976071451916,"flow_dst_last_pkt_time":1490976071448042,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071451916,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1005,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":5,"flow_src_last_pkt_time":1490976071434199,"flow_dst_last_pkt_time":1490976071486392,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976071486392,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAodjdAAOcGKcs0XuiGrBAq2AG7soCzlhpEnkFyDVAQf\/ipqQAAAAAAAAAA"} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1006,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976071380614,"flow_src_last_pkt_time":1490976071434199,"flow_dst_last_pkt_time":1490976071486531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976071486531,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1006,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976071380614,"flow_src_last_pkt_time":1490976071434199,"flow_dst_last_pkt_time":1490976071486531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976071486531,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":5,"flow_src_last_pkt_time":1490976071441137,"flow_dst_last_pkt_time":1490976071501486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976071501486,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9TDxAAOcGU3E0XuiGrBAq2AG7sn8uyCJ9obvP2FAYf\/gL4QAAFgMBAEoCAABGAwFY3n1H4DyL9g\/1O6DL9RnLeqLLg8udYmp+nrKe5HWJKCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1013,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976071349196,"flow_src_last_pkt_time":1490976071441137,"flow_dst_last_pkt_time":1490976071501486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976071501486,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1013,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976071349196,"flow_src_last_pkt_time":1490976071441137,"flow_dst_last_pkt_time":1490976071501486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976071501486,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":5,"flow_src_last_pkt_time":1490976071451916,"flow_dst_last_pkt_time":1490976071511769,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1490976071511769,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcve1AAOcG3GA0XuiGrBAq2AG76TIsDp+zTuXdLVAYf\/kF2gAAFgMBDLwCAABGAwFY3n1HSu1ZxzDw\/auCivD7kMpHzquqECpdXSsk4uYbkCCDPveyl8oknA6Yiw9M10d1fqyNuQQHuX5ZwIOnN4q82wAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} -02129{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1020,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976071392707,"flow_src_last_pkt_time":1490976071451916,"flow_dst_last_pkt_time":1490976071512431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976071512431,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} +02145{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1020,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976071392707,"flow_src_last_pkt_time":1490976071451916,"flow_dst_last_pkt_time":1490976071512431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976071512431,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"","domainame":"","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d220300_5fd681855ab9_1ea9011b3dfa","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1039,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976071583104,"flow_src_last_pkt_time":1490976071583104,"flow_dst_last_pkt_time":1490976071583104,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071583104,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1490976071583104,"flow_dst_last_pkt_time":1490976071583104,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976071583104,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8H+ZAAEAGJwmsECrYNF7ohrKCAbsHHkWgAAAAAKAC\/\/\/3+QAAAgQFtAQCCAoA9lpGAAAAAAEDAwg="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1057,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_src_last_pkt_time":1490976071583104,"flow_dst_last_pkt_time":1490976071640296,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976071640296,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwgCVAAOcGH9U0XuiGrBAq2AG7soJWhIA2Bx5FoXASH\/6YhgAAAgQFtAEDAwY="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_src_last_pkt_time":1490976071641608,"flow_dst_last_pkt_time":1490976071640296,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976071641608,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoH+dAAEAGJxysECrYNF7ohrKCAbsHHkWhVoSAN1AQAVfi9wAA"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1059,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_src_last_pkt_time":1490976071642022,"flow_dst_last_pkt_time":1490976071640296,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976071642022,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXH+hAAEAGJiysECrYNF7ohrKCAbsHHkWhVoSAN1AYAVf+QQAAFgMBAOoBAADmAwOE8oRDXFsSV3ryNEuSilTOl1C7aDt7WJHDEI4Zx+ik8yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgiorMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9iooAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACPr6AB0AFwAYSkoAAQA="} -01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071583104,"flow_src_last_pkt_time":1490976071642022,"flow_dst_last_pkt_time":1490976071640296,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071642022,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976071583104,"flow_src_last_pkt_time":1490976071642022,"flow_dst_last_pkt_time":1490976071640296,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976071642022,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1063,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":5,"flow_src_last_pkt_time":1490976071642022,"flow_dst_last_pkt_time":1490976071700208,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976071700208,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9hPJAAOcGGrs0XuiGrBAq2AG7soJWhIA3Bx5GkFAYf\/jJCAAAFgMBAEoCAABGAwFY3n1H7tprYGnn77iiblUs3pVsX7OsznnNQ5TSj9yK7yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1063,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976071583104,"flow_src_last_pkt_time":1490976071642022,"flow_dst_last_pkt_time":1490976071700208,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976071700208,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1063,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976071583104,"flow_src_last_pkt_time":1490976071642022,"flow_dst_last_pkt_time":1490976071700208,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976071700208,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1071,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":5,"flow_src_last_pkt_time":1490976071739996,"flow_dst_last_pkt_time":1490976071438967,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976071739996,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXfzpAAEAGxtmsECrYNF7ohrKBAbt+UyUGKYaOGlAYAVdE2wAAFgMBAOoBAADmAwMyYJ1Vgi7pXUY+w9BYO5x0QgA8tcoAaPoo5I8kMHaIXSCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgOjrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9mpoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYWloAAQA="} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1076,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1490976071385523,"flow_src_last_pkt_time":1490976071739996,"flow_dst_last_pkt_time":1490976071803717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":478,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976071803717,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1076,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1490976071385523,"flow_src_last_pkt_time":1490976071739996,"flow_dst_last_pkt_time":1490976071803717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":478,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976071803717,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 01006{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1090,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976023264023,"flow_src_last_pkt_time":1490976023264087,"flow_dst_last_pkt_time":1490976023264023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":315,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976073203882,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"android-1c1335ec95a27318"}} 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1090,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976023267639,"flow_src_last_pkt_time":1490976023267639,"flow_dst_last_pkt_time":1490976023267639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976073203882,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01012{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1090,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976024793542,"flow_src_last_pkt_time":1490976024793542,"flow_dst_last_pkt_time":1490976024844591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":75,"midstream":0,"thread_ts_usec":1490976073203882,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"connectivitycheck.android.com"}} @@ -590,23 +590,23 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_src_last_pkt_time":1490976085829927,"flow_dst_last_pkt_time":1490976085970467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976085970467,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwdw1AAOcGKO00XuiGrBAq2AG7sojjQR2VxkD2SnASH\/7+lwAAAgQFtAEDAwY="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":3,"flow_src_last_pkt_time":1490976085977753,"flow_dst_last_pkt_time":1490976085970332,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976085977753,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoI8lAAEAGIzqsECrYNF7ohrKHAbtpd3wM8ytBoVAQAVfsHAAA"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1204,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":4,"flow_src_last_pkt_time":1490976085978060,"flow_dst_last_pkt_time":1490976085970332,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976085978060,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXI8pAAEAGIkqsECrYNF7ohrKHAbtpd3wM8ytBoVAYAVdMhgAAFgMBAOoBAADmAwMZTwgAvEIt2Qb5o7X9W24vk2EndyOWpP4UOltDjjzDCyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgGhrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9CgoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACEpKAB0AFwAYGhoAAQA="} -01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1204,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976085644885,"flow_src_last_pkt_time":1490976085978060,"flow_dst_last_pkt_time":1490976085970332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976085978060,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1204,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976085644885,"flow_src_last_pkt_time":1490976085978060,"flow_dst_last_pkt_time":1490976085970332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976085978060,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1205,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":3,"flow_src_last_pkt_time":1490976085978202,"flow_dst_last_pkt_time":1490976085970467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976085978202,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoqZ5AAEAGnWSsECrYNF7ohrKIAbvGQPZK40EdllAQAVdJCQAA"} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1206,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":4,"flow_src_last_pkt_time":1490976085978330,"flow_dst_last_pkt_time":1490976085970467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976085978330,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXqZ9AAEAGnHSsECrYNF7ohrKIAbvGQPZK40EdllAYAVchAgAAFgMBAOoBAADmAwM0H8Xsbj55clduvHcNurVJrQGc\/Pqbv8v55WlkE30hCyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgOjrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9ysoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACBoaAB0AFwAY6uoAAQA="} -01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976085829927,"flow_src_last_pkt_time":1490976085978330,"flow_dst_last_pkt_time":1490976085970467,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976085978330,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976085829927,"flow_src_last_pkt_time":1490976085978330,"flow_dst_last_pkt_time":1490976085970467,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976085978330,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1207,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_src_last_pkt_time":1490976085891455,"flow_dst_last_pkt_time":1490976085978559,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976085978559,"pkt":"ePiC0\/vCAMDKkVoBCABFEAAoAABAAD0Gmy7AqAsBrBAq2B+QliIAAAAAp\/J0hVAUAAA7FAAAAAAAAAAA"} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":5,"flow_src_last_pkt_time":1490976085978060,"flow_dst_last_pkt_time":1490976086218051,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976086218051,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9HHlAAOcGgzQ0XuiGrBAq2AG7sofzK0GhaXd8+1AYf\/gWvgAAFgMBAEoCAABGAwFY3n1WmU2DpWAHVrvTcVkefcqPXG\/VUu7kD2bqD9s6GyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1208,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976085644885,"flow_src_last_pkt_time":1490976085978060,"flow_dst_last_pkt_time":1490976086218051,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976086218051,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1208,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976085644885,"flow_src_last_pkt_time":1490976085978060,"flow_dst_last_pkt_time":1490976086218051,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976086218051,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_src_last_pkt_time":1490976085832410,"flow_dst_last_pkt_time":1490976086218291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976086218291,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwSbFAAOcGVkk0XuiGrBAq2AG7soktOgAj+XDMt3ASH\/7IcwAAAgQFtAEDAwY="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_src_last_pkt_time":1490976085884523,"flow_dst_last_pkt_time":1490976086218325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976086218325,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwHTJAAOcGgsg0XuiGrBAq2AG7sosHecze3XmCE3ASH\/6IEgAAAgQFtAEDAwY="} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1212,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":5,"flow_src_last_pkt_time":1490976085978330,"flow_dst_last_pkt_time":1490976086218384,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976086218384,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9fsNAAOcGIOo0XuiGrBAq2AG7sojjQR2WxkD3OVAYf\/it4AAAFgMBAEoCAABGAwFY3n1WO78rfAE+1qPfnKCZXIna9VF+PCVlge\/Xf2\/VpyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1212,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976085829927,"flow_src_last_pkt_time":1490976085978330,"flow_dst_last_pkt_time":1490976086218384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976086218384,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1212,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976085829927,"flow_src_last_pkt_time":1490976085978330,"flow_dst_last_pkt_time":1490976086218384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976086218384,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_src_last_pkt_time":1490976086219780,"flow_dst_last_pkt_time":1490976086218291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976086219780,"pkt":"AMDKkaPvePiC0\/vCCABFAAAok2JAAEAGs6CsECrYNF7ohrKJAbv5cMy3LToAJFAQAVcS5QAA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_src_last_pkt_time":1490976086220054,"flow_dst_last_pkt_time":1490976086218325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976086220054,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo3c9AAEAGaTOsECrYNF7ohrKLAbvdeYITB3nM31AQAVfSgwAA"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":4,"flow_src_last_pkt_time":1490976086244165,"flow_dst_last_pkt_time":1490976086218291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976086244165,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXk2NAAEAGsrCsECrYNF7ohrKJAbv5cMy3LToAJFAYAVdDMAAAFgMBAOoBAADmAwMX0DmvFoc93MqqbnDLtg4DTevZCvztq0wbg4n1o5FhxCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgGhrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9OjoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACNraAB0AFwAYqqoAAQA="} -01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976085832410,"flow_src_last_pkt_time":1490976086244165,"flow_dst_last_pkt_time":1490976086218291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976086244165,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976085832410,"flow_src_last_pkt_time":1490976086244165,"flow_dst_last_pkt_time":1490976086218291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976086244165,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1230,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":5,"flow_src_last_pkt_time":1490976086244165,"flow_dst_last_pkt_time":1490976086648262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976086648262,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9SB9AAOcGV440XuiGrBAq2AG7soktOgAk+XDNplAYf\/gBdQAAFgMBAEoCAABGAwFY3n1W5OOWJNfC\/vUq2mNwZtKQmiBffDQIpiP84nPzOiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976085832410,"flow_src_last_pkt_time":1490976086244165,"flow_dst_last_pkt_time":1490976086648262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976086648262,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976085832410,"flow_src_last_pkt_time":1490976086244165,"flow_dst_last_pkt_time":1490976086648262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976086648262,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_src_last_pkt_time":1490976086880154,"flow_dst_last_pkt_time":1490976085883325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976086880154,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/ZAAEAGPiOsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/93zQAAAgQFtAQCCAoA9mBAAAAAAAEDAwg="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1255,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":4,"flow_src_last_pkt_time":1490976088329636,"flow_dst_last_pkt_time":1490976086218325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976088329636,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo3dBAAEAGaTKsECrYNF7ohrKLAbvdeYITB3nM31ARAVfSggAA"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1256,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":5,"flow_src_last_pkt_time":1490976088329636,"flow_dst_last_pkt_time":1490976088474183,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976088474183,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoJzdAAOcGeMs0XuiGrBAq2AG7sosHeczf3XmCFFARgABT2AAAAAAAAAAA"} @@ -618,10 +618,10 @@ 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_src_last_pkt_time":1490976088631582,"flow_dst_last_pkt_time":1490976088845997,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976088845997,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw3pBAAOcGwWk0XuiGrBAq2AG7so5AYHD5hKZUtXASH\/4xPwAAAgQFtAEDAwY="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":3,"flow_src_last_pkt_time":1490976088847985,"flow_dst_last_pkt_time":1490976088845815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976088847985,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo1i1AAEAGcNWsECrYNF7ohrKNAbu9HLbBsNs3v1AQAVep7gAA"} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":4,"flow_src_last_pkt_time":1490976088849989,"flow_dst_last_pkt_time":1490976088845815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976088849989,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX1i5AAEAGb+WsECrYNF7ohrKNAbu9HLbBsNs3v1AYAVePOwAAFgMBAOoBAADmAwP1YthODLslBmCd7PjY7YVBLxQl6oZDQnpqrQA1aXZumyB4kgfiZLrEZoIvfOT\/tQMGZLL4w9FhfVsGJHEZL4q82wAg+vrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB92toAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYSkoAAQA="} -01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1273,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976088605994,"flow_src_last_pkt_time":1490976088849989,"flow_dst_last_pkt_time":1490976088845815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976088849989,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1273,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976088605994,"flow_src_last_pkt_time":1490976088849989,"flow_dst_last_pkt_time":1490976088845815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976088849989,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_src_last_pkt_time":1490976088850651,"flow_dst_last_pkt_time":1490976088845997,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976088850651,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoNFxAAEAGEqesECrYNF7ohrKOAbuEplS1QGBw+lAQAVd7sAAA"} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":4,"flow_src_last_pkt_time":1490976088854312,"flow_dst_last_pkt_time":1490976088845997,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976088854312,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXNF1AAEAGEbesECrYNF7ohrKOAbuEplS1QGBw+lAYAVeALwAAFgMBAOoBAADmAwO2qvjWcAzn6foPrm6RG05xGgv+E5HiiVFKOX3z9RkdZCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgurrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9+voAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACKqqAB0AFwAY2toAAQA="} -01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976088631582,"flow_src_last_pkt_time":1490976088854312,"flow_dst_last_pkt_time":1490976088845997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976088854312,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976088631582,"flow_src_last_pkt_time":1490976088854312,"flow_dst_last_pkt_time":1490976088845997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976088854312,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":3,"flow_src_last_pkt_time":1490976088880204,"flow_dst_last_pkt_time":1490976085883325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976088880204,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/dAAEAGPiKsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/93BQAAAgQFtAQCCAoA9mEIAAAAAAEDAwg="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1280,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976088937719,"flow_src_last_pkt_time":1490976088937719,"flow_dst_last_pkt_time":1490976088937719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976088937719,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":1490976088937719,"flow_dst_last_pkt_time":1490976088937719,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976088937719,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8PTlAAEAGCbasECrYNF7ohrKPAbuIDFw0AAAAAKAC\/\/9ZowAAAgQFtAQCCAoA9mENAAAAAAEDAwg="} @@ -639,8 +639,8 @@ 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1290,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_src_last_pkt_time":1490976089963855,"flow_dst_last_pkt_time":1490976088958157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976089963855,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8FFNAAEAGMpysECrYNF7ohrKQAbsDIHVdAAAAAKAC\/\/\/E\/wAAAgQFtAQCCAoA9mFzAAAAAAEDAwg="} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1291,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":5,"flow_src_last_pkt_time":1490976090000798,"flow_dst_last_pkt_time":1490976088845815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976090000798,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX1i9AAEAGb+SsECrYNF7ohrKNAbu9HLbBsNs3v1AYAVePOwAAFgMBAOoBAADmAwP1YthODLslBmCd7PjY7YVBLxQl6oZDQnpqrQA1aXZumyB4kgfiZLrEZoIvfOT\/tQMGZLL4w9FhfVsGJHEZL4q82wAg+vrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB92toAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYSkoAAQA="} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1292,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":5,"flow_src_last_pkt_time":1490976090016140,"flow_dst_last_pkt_time":1490976088845997,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976090016140,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXNF5AAEAGEbasECrYNF7ohrKOAbuEplS1QGBw+lAYAVeALwAAFgMBAOoBAADmAwO2qvjWcAzn6foPrm6RG05xGgv+E5HiiVFKOX3z9RkdZCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgurrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9+voAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACKqqAB0AFwAY2toAAQA="} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1294,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976088631582,"flow_src_last_pkt_time":1490976090016140,"flow_dst_last_pkt_time":1490976090037761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":478,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976090037761,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1297,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976088605994,"flow_src_last_pkt_time":1490976090000798,"flow_dst_last_pkt_time":1490976090037872,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":478,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976090037872,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1294,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976088631582,"flow_src_last_pkt_time":1490976090016140,"flow_dst_last_pkt_time":1490976090037761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":478,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976090037761,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1297,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976088605994,"flow_src_last_pkt_time":1490976090000798,"flow_dst_last_pkt_time":1490976090037872,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":478,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976090037872,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1300,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_src_last_pkt_time":1490976089239508,"flow_dst_last_pkt_time":1490976090038134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976090038134,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwtKtAAOcG6040XuiGrBAq2AG7spNBzzb30hct0XASH\/5DQAAAAgQFtAEDAwY="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":3,"flow_src_last_pkt_time":1490976089930127,"flow_dst_last_pkt_time":1490976090038242,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976090038242,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwe6ZAAOcGJFQ0XuiGrBAq2AG7so\/BFRS5iAxcNXASH\/4B4wAAAgQFtAEDAwY="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_src_last_pkt_time":1490976089426961,"flow_dst_last_pkt_time":1490976090038290,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976090038290,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwa1pAAOcGNKA0XuiGrBAq2ABQwd5KW8E7IbEFWnASH\/57bQAAAgQFtAEDAwY="} @@ -656,21 +656,21 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":4,"flow_src_last_pkt_time":1490976090174085,"flow_dst_last_pkt_time":1490976090038470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976090174085,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoFFRAAEAGMq+sECrYNF7ohrKQAbsDIHVervLSZ1AQAVcMjAAA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":4,"flow_src_last_pkt_time":1490976090174233,"flow_dst_last_pkt_time":1490976090038569,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976090174233,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoAmFAAEAGRKKsECrYNF7ohsHbAFAaMGN7Nq6xqlAQAVeSgAAA"} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":4,"flow_src_last_pkt_time":1490976090191085,"flow_dst_last_pkt_time":1490976090038134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976090191085,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXTP1AAEAG+RasECrYNF7ohrKTAbvSFy3RQc82+FAYAVfMxwAAFgMBAOoBAADmAwN2ORpKrhOyHUV07StwwZSHYsVIRIzr5Y8\/9rRF0KIdZyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9GhoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACDo6AB0AFwAYSkoAAQA="} -01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976089239508,"flow_src_last_pkt_time":1490976090191085,"flow_dst_last_pkt_time":1490976090038134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090191085,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1490976088937719,"flow_src_last_pkt_time":1490976090191751,"flow_dst_last_pkt_time":1490976090039310,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090191751,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976089239508,"flow_src_last_pkt_time":1490976090191085,"flow_dst_last_pkt_time":1490976090038134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090191085,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1490976088937719,"flow_src_last_pkt_time":1490976090191751,"flow_dst_last_pkt_time":1490976090039310,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090191751,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":4,"flow_src_last_pkt_time":1490976090192268,"flow_dst_last_pkt_time":1490976090038424,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976090192268,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX35JAAEAGZoGsECrYNF7ohrKSAbuabb67n5yC1lAYAVccWAAAFgMBAOoBAADmAwNaeZ4ISZVz+LBPXmReGVk3y0uzNDLI3JpfNeWOq+pSDyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgWlrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9mpoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACHp6AB0AFwAYCgoAAQA="} -01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1324,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976089227335,"flow_src_last_pkt_time":1490976090192268,"flow_dst_last_pkt_time":1490976090038424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090192268,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1324,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976089227335,"flow_src_last_pkt_time":1490976090192268,"flow_dst_last_pkt_time":1490976090038424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090192268,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00857{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":5,"flow_src_last_pkt_time":1490976090192765,"flow_dst_last_pkt_time":1490976090038470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976090192765,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXFFVAAEAGMb+sECrYNF7ohrKQAbsDIHVervLSZ1AYAVdNGQAAFgMBAOoBAADmAwPYo856fiqLFy2iEPtPPss95VhSsyrseZstWVe+UbRC3CCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAg2trMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9ysoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACKqqAB0AFwAYenoAAQA="} -01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1490976088958157,"flow_src_last_pkt_time":1490976090192765,"flow_dst_last_pkt_time":1490976090038470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090192765,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1490976088958157,"flow_src_last_pkt_time":1490976090192765,"flow_dst_last_pkt_time":1490976090038470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090192765,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 01867{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":4,"flow_src_last_pkt_time":1490976090196942,"flow_dst_last_pkt_time":1490976090038290,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1050,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1050,"pkt_l4_len":1016,"thread_ts_usec":1490976090196942,"pkt":"AMDKkaPvePiC0\/vCCABFAAQMZGlAAEAG3rWsECrYNF7ohsHeAFAhsQVaSlvBPFAYAVe23QAAR0VUIC9saWIvYm9vdHN0cmFwL2ltZy9nbHlwaGljb25zLWhhbGZsaW5ncy5wbmcgSFRUUC8xLjENCkhvc3Q6IGFsZXhhLmFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vbGliL2Jvb3RzdHJhcC9jc3MvYm9vdHN0cmFwLm1pbi5jc3MNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KQ29va2llOiBjc3JmPS04NDYxMjczODsgc2Vzc2lvbi1pZC10aW1lPTIwODI3ODcyMDFsOyBzZXNzaW9uLWlkPTE1NC0zMTAzMjY1LTI5MzI1MTY7IGxjLW1haW49ZW5fVVM7IHViaWQtbWFpbj0xNTItODc2MzUwNS03MzA0OTA0OyBzZXNzaW9uLXRva2VuPSI3S0hoNVRqUzVrSkVsck5LcDdpUVlWZEY3U1VyYVV6QzdaallYOFNobzF5bXFZaGp3NElNR1FPNUE4Y3B1TStyS0ZyTVU2a3VjUlpwUDhSb3p5c2hDRVRWdlBIYWVHSzBXSk9LaW1nMnJlRTJvRmszOXhJemVzUXFoeGE5NFZhNVpuOFgyc1E5MDNqT2w2UlllWVowL2VCWDhkdVpoYVRNVE1pRk0veFdsS0NmZHdQNTF4WDhFRmNGcTI2OXBaWkR4YXpNSVJnbzQ1UT0iOyB4LW1haW49IloyU2tCV2VGdDh0YWt4P3VvSE1oQmdXS0o4QlZubTlWMFprVXNmM3FmbHBCaEBMSDBDVDBVU2hvaE1xSHpvWWYiDQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uYW1hem9uLmRlZS5hcHANCg0K"} 01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1327,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976089426961,"flow_src_last_pkt_time":1490976090196942,"flow_dst_last_pkt_time":1490976090038290,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":996,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":996,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090196942,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","proto_id":"7.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"alexa.amazon.com","domainame":"alexa.amazon.com","http": {"url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} -02328{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1328,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1490976085644885,"flow_src_last_pkt_time":1490976090198099,"flow_dst_last_pkt_time":1490976090039279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":8230,"flow_dst_tot_l4_payload_len":2302,"midstream":0,"thread_ts_usec":1490976090198099,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":65,"avg":288632.5,"max":1569527,"stddev":416979.2,"var":173871693824.0,"ent":3.7,"data": [325447,332868,307,247719,185,241306,284,257,23807,287,429915,65,1569527,1485936,352980,706902,73800,283,358821,365,256619,3724,240,956217,948562,95336,235551,1125,68,275387,23718]},"pktlen": {"min":40,"avg":371.1,"max":1500,"stddev":516.0,"var":266233.0,"ent":3.9,"data": [60,48,40,279,125,93,40,40,99,1500,174,46,46,174,46,717,40,1500,238,46,525,40,1500,206,525,40,1500,46,557,46,40,1500]},"bins": {"c_to_s": [8,1,0,0,2,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0],"s_to_c": [7,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,1,1,0,0],"entropies": [4.705928802,5.176427841,4.831686974,5.818729401,6.126292229,6.106202126,4.781687737,4.781687260,5.941904068,7.857767582,6.910596848,4.609350204,4.462504387,6.922091484,4.565871716,7.688728809,4.831687450,7.879225254,7.100984097,4.652828693,7.572484970,4.831687450,7.874036789,7.033442974,7.572484970,4.831687450,7.874202251,4.652828693,7.581998825,4.652828693,4.731687546,7.891161442]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02344{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1328,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1490976085644885,"flow_src_last_pkt_time":1490976090198099,"flow_dst_last_pkt_time":1490976090039279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":8230,"flow_dst_tot_l4_payload_len":2302,"midstream":0,"thread_ts_usec":1490976090198099,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":65,"avg":288632.5,"max":1569527,"stddev":416979.2,"var":173871693824.0,"ent":3.7,"data": [325447,332868,307,247719,185,241306,284,257,23807,287,429915,65,1569527,1485936,352980,706902,73800,283,358821,365,256619,3724,240,956217,948562,95336,235551,1125,68,275387,23718]},"pktlen": {"min":40,"avg":371.1,"max":1500,"stddev":516.0,"var":266233.0,"ent":3.9,"data": [60,48,40,279,125,93,40,40,99,1500,174,46,46,174,46,717,40,1500,238,46,525,40,1500,206,525,40,1500,46,557,46,40,1500]},"bins": {"c_to_s": [8,1,0,0,2,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0],"s_to_c": [7,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,1,1,0,0],"entropies": [4.705928802,5.176427841,4.831686974,5.818729401,6.126292229,6.106202126,4.781687737,4.781687260,5.941904068,7.857767582,6.910596848,4.609350204,4.462504387,6.922091484,4.565871716,7.688728809,4.831687450,7.879225254,7.100984097,4.652828693,7.572484970,4.831687450,7.874036789,7.033442974,7.572484970,4.831687450,7.874202251,4.652828693,7.581998825,4.652828693,4.731687546,7.891161442]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1339,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":5,"flow_src_last_pkt_time":1490976090174233,"flow_dst_last_pkt_time":1490976090282675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976090282675,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwkgFAAOcGDfk0XuiGrBAq2ABQwds2rrGpGjBje3ASH\/5IDwAAAgQFtAEDAwY="} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":5,"flow_src_last_pkt_time":1490976090191085,"flow_dst_last_pkt_time":1490976090313083,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976090313083,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9oyNAAOcG\/Ik0XuiGrBAq2AG7spNBzzb40hcuwFAYf\/gzBgAAFgMBAEoCAABGAwFY3n1aF6lPPNih6vU2L516RRA2PNaAuJQVoSG0DdNj8SCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1343,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976089239508,"flow_src_last_pkt_time":1490976090191085,"flow_dst_last_pkt_time":1490976090313083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976090313083,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1490976088958157,"flow_src_last_pkt_time":1490976090210793,"flow_dst_last_pkt_time":1490976090313160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976090313160,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1343,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976089239508,"flow_src_last_pkt_time":1490976090191085,"flow_dst_last_pkt_time":1490976090313083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976090313083,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1490976088958157,"flow_src_last_pkt_time":1490976090210793,"flow_dst_last_pkt_time":1490976090313160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976090313160,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":5,"flow_src_last_pkt_time":1490976090192268,"flow_dst_last_pkt_time":1490976090313192,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976090313192,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9gXVAAOcGHjg0XuiGrBAq2AG7spKfnILWmm2\/qlAYf\/graAAAFgMBAEoCAABGAwFY3n1ai4AZfffdz5bHBi2EULPj6iyOuJD7kDTLpt0SsyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1346,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976089227335,"flow_src_last_pkt_time":1490976090192268,"flow_dst_last_pkt_time":1490976090313192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976090313192,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1346,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976089227335,"flow_src_last_pkt_time":1490976090192268,"flow_dst_last_pkt_time":1490976090313192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976090313192,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1350,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":5,"flow_src_last_pkt_time":1490976090196942,"flow_dst_last_pkt_time":1490976090313380,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976090313380,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo829AANsGuJI0XuiGrBAq2ABQwd5KW8E8IbEJPlAQf\/BDYQAAAAAAAAAA"} 01553{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1353,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976089426961,"flow_src_last_pkt_time":1490976090196942,"flow_dst_last_pkt_time":1490976090314135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":996,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":996,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1490976090314135,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","proto_id":"7.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"alexa.amazon.com","domainame":"alexa.amazon.com","http": {"url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":404,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]","detected_os":"Android 5.1.1"}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1389,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976090572590,"flow_src_last_pkt_time":1490976090572590,"flow_dst_last_pkt_time":1490976090572590,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976090572590,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -696,11 +696,11 @@ 01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976091163513,"flow_dst_last_pkt_time":1490976091160874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976091163513,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1449,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_src_last_pkt_time":1490976091048429,"flow_dst_last_pkt_time":1490976091217295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1490976091217295,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0Sq8AACcG8u0250hYrBAq2AG7o117lZ8zZBSwSYAS\/\/89vAAAAgQFmAMDCAEEAgEB"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":3,"flow_src_last_pkt_time":1490976091219669,"flow_dst_last_pkt_time":1490976091217295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976091219669,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo0alAAEAGEv+sECrYNudIWKNdAbtkFLBJe5WfNFAQAVeEFQAA"} -02331{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1452,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1490976088631582,"flow_src_last_pkt_time":1490976090996390,"flow_dst_last_pkt_time":1490976091223863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1093,"flow_src_tot_l4_payload_len":7259,"flow_dst_tot_l4_payload_len":2355,"midstream":0,"thread_ts_usec":1490976091223863,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":30,"avg":159906.1,"max":1191626,"stddev":282043.2,"var":79548358656.0,"ent":3.5,"data": [214415,219069,3661,1161828,1191626,138,43,75944,170423,352,118993,9705,7936,105518,89968,79074,135403,22399,255382,307,202303,1216,199697,125,147,204784,30,11403,221917,129,253154]},"pktlen": {"min":40,"avg":343.0,"max":1500,"stddev":486.7,"var":236894.1,"ent":3.9,"data": [60,48,40,279,279,46,125,93,40,46,178,40,99,1500,46,206,46,46,1133,1500,254,46,541,1500,270,162,46,46,525,1500,190,46]},"bins": {"c_to_s": [4,1,0,1,1,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0],"s_to_c": [10,1,1,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,1,0,1,1,0,0,0,1,0,1,1,1,0,0,1,1,0,0,0,1,1,1,0,0,1],"entropies": [4.672595501,5.134761333,4.762815475,5.883847237,5.876678944,4.609350204,6.148330688,5.967529297,4.712815285,4.565871716,6.521196365,4.662815094,5.915507793,7.852227211,4.565872192,6.894952297,4.565871716,4.565871716,7.832350731,7.860533714,7.115900993,4.609350204,7.520314217,7.876235962,7.163622856,6.629608631,4.522393703,4.609350204,7.614107132,7.867299557,6.817775249,4.609350204]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02347{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1452,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1490976088631582,"flow_src_last_pkt_time":1490976090996390,"flow_dst_last_pkt_time":1490976091223863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1093,"flow_src_tot_l4_payload_len":7259,"flow_dst_tot_l4_payload_len":2355,"midstream":0,"thread_ts_usec":1490976091223863,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":30,"avg":159906.1,"max":1191626,"stddev":282043.2,"var":79548358656.0,"ent":3.5,"data": [214415,219069,3661,1161828,1191626,138,43,75944,170423,352,118993,9705,7936,105518,89968,79074,135403,22399,255382,307,202303,1216,199697,125,147,204784,30,11403,221917,129,253154]},"pktlen": {"min":40,"avg":343.0,"max":1500,"stddev":486.7,"var":236894.1,"ent":3.9,"data": [60,48,40,279,279,46,125,93,40,46,178,40,99,1500,46,206,46,46,1133,1500,254,46,541,1500,270,162,46,46,525,1500,190,46]},"bins": {"c_to_s": [4,1,0,1,1,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0],"s_to_c": [10,1,1,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,1,0,1,1,0,0,0,1,0,1,1,1,0,0,1,1,0,0,0,1,1,1,0,0,1],"entropies": [4.672595501,5.134761333,4.762815475,5.883847237,5.876678944,4.609350204,6.148330688,5.967529297,4.712815285,4.565871716,6.521196365,4.662815094,5.915507793,7.852227211,4.565872192,6.894952297,4.565871716,4.565871716,7.832350731,7.860533714,7.115900993,4.609350204,7.520314217,7.876235962,7.163622856,6.629608631,4.522393703,4.609350204,7.614107132,7.867299557,6.817775249,4.609350204]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":5,"flow_src_last_pkt_time":1490976091163513,"flow_dst_last_pkt_time":1490976091345076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976091345076,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAozJ1AAOcGcQo250hYrBAq2AG7o1w0YmdvEBUP0lAQAD74ngAAAAAAAAAA"} 01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1454,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976091163513,"flow_dst_last_pkt_time":1490976091345211,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1490976091345211,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","ja3s":"ea615e28cb25adfb2f261151eab3314f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","blocks":0}}} 01686{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1456,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976091163513,"flow_dst_last_pkt_time":1490976091346214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":215,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":215,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1490976091346214,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"s3-external-2.amazonaws.com","domainame":"s3-external-2.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3s":"ea615e28cb25adfb2f261151eab3314f","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF","blocks":0}}} -02331{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1486,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976088958157,"flow_src_last_pkt_time":1490976092170541,"flow_dst_last_pkt_time":1490976092236982,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":661,"flow_src_tot_l4_payload_len":8342,"flow_dst_tot_l4_payload_len":1817,"midstream":0,"thread_ts_usec":1490976092236982,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":69,"avg":209393.8,"max":1080313,"stddev":303367.1,"var":92031574016.0,"ent":3.7,"data": [1005698,1080313,210230,18680,169715,18028,104975,95,107187,277,11694,34788,143,215183,306,69,21708,195595,278,202797,728,212905,264,205823,10952,236264,754701,277,888900,405375,377261]},"pktlen": {"min":40,"avg":360.5,"max":1500,"stddev":516.5,"var":266795.3,"ent":3.8,"data": [60,60,48,40,279,48,40,125,93,40,40,99,1500,254,46,46,46,541,1500,206,46,701,1500,238,46,557,40,1500,206,46,1500,46]},"bins": {"c_to_s": [7,1,0,0,0,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0],"s_to_c": [9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,1,1,0,0,0,1,0,1],"entropies": [4.693347454,4.647432327,5.119034290,4.831686974,5.881499290,5.077367306,4.881687164,6.046293259,6.063190460,4.781687260,4.881687164,5.804432392,7.875989437,7.151407242,4.652828693,4.565872192,4.609350681,7.607057095,7.888786316,6.953813553,4.652828693,7.704366207,7.873492241,7.130478382,4.609350204,7.637624264,4.881687164,7.872291088,6.858013630,4.501398087,7.871377945,4.522393703]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02347{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1486,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976088958157,"flow_src_last_pkt_time":1490976092170541,"flow_dst_last_pkt_time":1490976092236982,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":661,"flow_src_tot_l4_payload_len":8342,"flow_dst_tot_l4_payload_len":1817,"midstream":0,"thread_ts_usec":1490976092236982,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":69,"avg":209393.8,"max":1080313,"stddev":303367.1,"var":92031574016.0,"ent":3.7,"data": [1005698,1080313,210230,18680,169715,18028,104975,95,107187,277,11694,34788,143,215183,306,69,21708,195595,278,202797,728,212905,264,205823,10952,236264,754701,277,888900,405375,377261]},"pktlen": {"min":40,"avg":360.5,"max":1500,"stddev":516.5,"var":266795.3,"ent":3.8,"data": [60,60,48,40,279,48,40,125,93,40,40,99,1500,254,46,46,46,541,1500,206,46,701,1500,238,46,557,40,1500,206,46,1500,46]},"bins": {"c_to_s": [7,1,0,0,0,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0],"s_to_c": [9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,1,1,0,0,0,1,0,1],"entropies": [4.693347454,4.647432327,5.119034290,4.831686974,5.881499290,5.077367306,4.881687164,6.046293259,6.063190460,4.781687260,4.881687164,5.804432392,7.875989437,7.151407242,4.652828693,4.565872192,4.609350681,7.607057095,7.888786316,6.953813553,4.652828693,7.704366207,7.873492241,7.130478382,4.609350204,7.637624264,4.881687164,7.872291088,6.858013630,4.501398087,7.871377945,4.522393703]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1488,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":4,"flow_src_last_pkt_time":1490976092902682,"flow_dst_last_pkt_time":1490976085883325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976092902682,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/hAAEAGPiGsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/91dAAAAgQFtAQCCAoA9mKZAAAAAAEDAwg="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976093238253,"flow_src_last_pkt_time":1490976093238253,"flow_dst_last_pkt_time":1490976093238253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976093238253,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_src_last_pkt_time":1490976093238253,"flow_dst_last_pkt_time":1490976093238253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1490976093238253,"pkt":"AMDKkaPvePiC0\/vCCABFAABEWltAAEARM1SsECrYrBAqAaKnADUAMOTtwQkBAAABAAAAAAAAC2RwLWd3LW5hLWpzBmFtYXpvbgNjb20AAAEAAQ=="} @@ -727,7 +727,7 @@ 01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1529,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041150466,"flow_src_last_pkt_time":1490976041150466,"flow_dst_last_pkt_time":1490976041151487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1490976094742222,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pitangui.amazon.com"}} 00952{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1529,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1490976023731065,"flow_src_last_pkt_time":1490976031750280,"flow_dst_last_pkt_time":1490976023731065,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976094742222,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1536,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":5,"flow_src_last_pkt_time":1490976094725672,"flow_dst_last_pkt_time":1490976094927183,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":1490976094927183,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAvXMBAAOcG4OA250hYrBAq2AG7o117lZ80ZBSwSlAYADpuIQAAFQAAAAIBAA=="} -01358{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1586,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1490976088937719,"flow_src_last_pkt_time":1490976099220208,"flow_dst_last_pkt_time":1490976099286339,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":717,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976099286339,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1586,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1490976088937719,"flow_src_last_pkt_time":1490976099220208,"flow_dst_last_pkt_time":1490976099286339,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":717,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976099286339,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1598,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976100559988,"flow_src_last_pkt_time":1490976100559988,"flow_dst_last_pkt_time":1490976100559988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976100559988,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1598,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_src_last_pkt_time":1490976100559988,"flow_dst_last_pkt_time":1490976100559988,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976100559988,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8EgZAAEAGAiWsECrYNu8YuoUZAbtS0XeRAAAAAKAC\/\/9pqQAAAgQFtAQCCAoA9mWXAAAAAAEDAwg="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1600,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976100811415,"flow_src_last_pkt_time":1490976100811415,"flow_dst_last_pkt_time":1490976100811415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976100811415,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -790,7 +790,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1814,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":4,"flow_src_last_pkt_time":1490976108550030,"flow_dst_last_pkt_time":1490976108548394,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976108550030,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoyZBAAEAGRWusECrYNu8d\/Z+XAbtod6HPdPcDJ1AQAVde8QAA"} 02311{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1830,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1490976107365814,"flow_src_last_pkt_time":1490976108753694,"flow_dst_last_pkt_time":1490976108749413,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5131,"flow_dst_tot_l4_payload_len":7946,"midstream":0,"thread_ts_usec":1490976108753694,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":38,"avg":89402.5,"max":932653,"stddev":197976.2,"var":39194591232.0,"ent":3.0,"data": [109911,111642,1568,102004,158,101584,303,1866,56194,150,87519,19070,7646,147913,304065,639361,932653,32742,136,49,686,68,38,318,579,110731,248,1820,214,123,120]},"pktlen": {"min":40,"avg":450.1,"max":1500,"stddev":541.5,"var":293230.8,"ent":4.0,"data": [60,48,40,251,1500,1275,40,40,366,46,99,40,1500,254,46,1500,1500,46,1021,589,589,589,589,589,1469,77,40,40,40,40,40,40]},"bins": {"c_to_s": [11,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0],"s_to_c": [4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0],"entropies": [4.660013676,5.218094349,4.762815475,5.646678925,7.241643429,7.258272171,4.781687260,4.831686974,7.252469063,4.652828693,6.063538551,4.881687164,7.878282547,7.156798363,4.522393703,7.878647804,7.879301548,4.652828693,7.771139622,7.614057541,7.658779144,7.663974285,7.639388084,7.634205341,7.870131969,5.701726913,4.831686974,4.831687450,4.881687164,4.831686974,4.881687164,4.881687164]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1837,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":5,"flow_src_last_pkt_time":1490976109912231,"flow_dst_last_pkt_time":1490976108548394,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976109912231,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoyZFAAEAGRWqsECrYNu8d\/Z+XAbtod6HPdPcDJ1ARAVde8AAA"} -02357{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1838,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1490976088937719,"flow_src_last_pkt_time":1490976109911223,"flow_dst_last_pkt_time":1490976110045165,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":901,"flow_src_tot_l4_payload_len":10414,"flow_dst_tot_l4_payload_len":1844,"midstream":0,"thread_ts_usec":1490976110045165,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":138,"avg":1357450.1,"max":9247029,"stddev":2197151.2,"var":4827473510400.0,"ent":3.5,"data": [992408,1100523,1068,243574,812,17238,3008616,6019841,9247029,138,67248,300,303,66691,669495,281,275185,528033,1079938,2835215,349963,114629,72089,219293,5051089,276,5193864,64990,174211,2275400,2411210]},"pktlen": {"min":40,"avg":425.8,"max":1500,"stddev":556.2,"var":309356.4,"ent":3.9,"data": [60,60,48,48,40,40,279,279,279,125,93,40,40,99,46,1500,1118,1500,1500,1500,46,1118,46,941,40,1500,222,46,845,40,40,46]},"bins": {"c_to_s": [9,1,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,5,0,0],"s_to_c": [7,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,1,0,1,1,0,0,0,1,1,0,0,1],"entropies": [4.705928802,4.705928802,5.160700798,5.077367783,4.881687164,4.881687164,5.840246201,5.847414970,5.847414970,6.003486633,5.947547913,4.693943024,4.831686974,6.024143219,4.609350204,7.869801998,7.823491096,7.871860504,7.870593548,7.871356964,4.565872192,7.822906017,4.609350204,7.791450024,4.681686878,7.872803211,6.941987991,4.652828693,7.739228249,4.881687164,4.931686878,4.544876575]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02373{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1838,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1490976088937719,"flow_src_last_pkt_time":1490976109911223,"flow_dst_last_pkt_time":1490976110045165,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":901,"flow_src_tot_l4_payload_len":10414,"flow_dst_tot_l4_payload_len":1844,"midstream":0,"thread_ts_usec":1490976110045165,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":138,"avg":1357450.1,"max":9247029,"stddev":2197151.2,"var":4827473510400.0,"ent":3.5,"data": [992408,1100523,1068,243574,812,17238,3008616,6019841,9247029,138,67248,300,303,66691,669495,281,275185,528033,1079938,2835215,349963,114629,72089,219293,5051089,276,5193864,64990,174211,2275400,2411210]},"pktlen": {"min":40,"avg":425.8,"max":1500,"stddev":556.2,"var":309356.4,"ent":3.9,"data": [60,60,48,48,40,40,279,279,279,125,93,40,40,99,46,1500,1118,1500,1500,1500,46,1118,46,941,40,1500,222,46,845,40,40,46]},"bins": {"c_to_s": [9,1,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,5,0,0],"s_to_c": [7,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,1,0,1,1,0,0,0,1,1,0,0,1],"entropies": [4.705928802,4.705928802,5.160700798,5.077367783,4.881687164,4.881687164,5.840246201,5.847414970,5.847414970,6.003486633,5.947547913,4.693943024,4.831686974,6.024143219,4.609350204,7.869801998,7.823491096,7.871860504,7.870593548,7.871356964,4.565872192,7.822906017,4.609350204,7.791450024,4.681686878,7.872803211,6.941987991,4.652828693,7.739228249,4.881687164,4.931686878,4.544876575]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 02345{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1855,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1490976093358419,"flow_src_last_pkt_time":1490976114866501,"flow_dst_last_pkt_time":1490976095732113,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3149,"flow_dst_tot_l4_payload_len":4067,"midstream":0,"thread_ts_usec":1490976114866501,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":32,"avg":770379.9,"max":19096185,"stddev":3357549.8,"var":11273140961280.0,"ent":1.4,"data": [123577,127990,5388,470526,584,630,42,1232537,1463,5048,697,664,10016,973197,496,53,32,190922,73204,348,171867,142,116971,408177,413652,66693,140934,83299,138,166304,19096185]},"pktlen": {"min":40,"avg":267.5,"max":1500,"stddev":412.9,"var":170449.2,"ent":3.9,"data": [60,48,40,232,46,1500,1500,522,232,232,40,40,40,166,46,46,46,85,40,1500,276,46,198,104,278,233,232,46,46,258,40,342]},"bins": {"c_to_s": [7,0,1,1,0,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [8,1,0,0,1,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,1,0,0,1,1,1,0,0],"entropies": [4.739262104,5.134761333,4.812815189,5.509502888,4.565871716,7.166137695,7.318473339,7.577383041,5.500881672,5.500882149,4.831686974,4.881687164,4.734184265,6.340515137,4.501398087,4.501398087,4.835486889,5.641122818,4.831686974,7.860523701,7.242097378,4.462505341,6.761913776,6.045580387,7.062158108,7.012423515,6.904469013,4.522393703,4.565872192,7.040098190,4.831687450,7.286717415]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1856,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976114879774,"flow_src_last_pkt_time":1490976114879774,"flow_dst_last_pkt_time":1490976114879774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976114879774,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1856,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_src_last_pkt_time":1490976114879774,"flow_dst_last_pkt_time":1490976114879774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1490976114879774,"pkt":"AMDKkaPvePiC0\/vCCABFAABBWl1AAEARM1WsECrYrBAqAVG6ADUALQ0pp4sBAAABAAAAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAQ=="} @@ -818,25 +818,25 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1872,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":3,"flow_src_last_pkt_time":1490976115066220,"flow_dst_last_pkt_time":1490976115061168,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976115066220,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7MxAAEAGWjasECrYNF7ohrKjAbuMuIgApZSj01AQAVeoMAAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1873,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_src_last_pkt_time":1490976115066341,"flow_dst_last_pkt_time":1490976115061264,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976115066341,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoCnNAAEAGPJCsECrYNF7ohrKkAbvN5GFIckqrkVAQAVe5RwAA"} 00859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1874,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":4,"flow_src_last_pkt_time":1490976115066464,"flow_dst_last_pkt_time":1490976115060908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976115066464,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX8bRAAEAGVF+sECrYNF7ohrKhAbvIHJqEjYGDWFAYAVerKQAAFgMBAOoBAADmAwMTUXxa84E2F3pyMjY2W\/V+lEhi9FqJ+EKlZzRwMn7VOCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgGhrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9enoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACFpaAB0AFwAYWloAAQA="} -01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1874,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976114894065,"flow_src_last_pkt_time":1490976115066464,"flow_dst_last_pkt_time":1490976115060908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115066464,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1874,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976114894065,"flow_src_last_pkt_time":1490976115066464,"flow_dst_last_pkt_time":1490976115060908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115066464,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1875,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":4,"flow_src_last_pkt_time":1490976115066590,"flow_dst_last_pkt_time":1490976115061052,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976115066590,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXu1RAAEAGir+sECrYNF7ohrKgAbstn9Bj0Qs3IlAYAVf4uwAAFgMBAOoBAADmAwP360WETO0hSDqvk2qAYkKwSgYBIFaAvPrL9FgCIcYj3SCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAg+vrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9SkoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACOrqAB0AFwAYiooAAQA="} -01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1875,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976114885072,"flow_src_last_pkt_time":1490976115066590,"flow_dst_last_pkt_time":1490976115061052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115066590,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1875,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976114885072,"flow_src_last_pkt_time":1490976115066590,"flow_dst_last_pkt_time":1490976115061052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115066590,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1876,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":4,"flow_src_last_pkt_time":1490976115066798,"flow_dst_last_pkt_time":1490976115061096,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976115066798,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXmqRAAEAGq2+sECrYNF7ohrKiAbt67fGRhH1dDlAYAVcYsgAAFgMBAOoBAADmAwO2XSVDdXNQjGmQUibPeB5qMKhST7rrpP3BhCu+r5mY3yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgurrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9KioAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACFpaAB0AFwAYSkoAAQA="} -01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1876,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976114906930,"flow_src_last_pkt_time":1490976115066798,"flow_dst_last_pkt_time":1490976115061096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115066798,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1876,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976114906930,"flow_src_last_pkt_time":1490976115066798,"flow_dst_last_pkt_time":1490976115061096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115066798,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1877,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":4,"flow_src_last_pkt_time":1490976115066928,"flow_dst_last_pkt_time":1490976115061168,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976115066928,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX7M1AAEAGWUasECrYNF7ohrKjAbuMuIgApZSj01AYAVdJYgAAFgMBAOoBAADmAwN\/4n78\/jPCxa1OijX2MR8fx7sU0O7ARqXBjxgvMTAhtiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9enoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACOrqAB0AFwAY+voAAQA="} -01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1877,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976114921759,"flow_src_last_pkt_time":1490976115066928,"flow_dst_last_pkt_time":1490976115061168,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115066928,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1877,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976114921759,"flow_src_last_pkt_time":1490976115066928,"flow_dst_last_pkt_time":1490976115061168,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115066928,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1878,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":4,"flow_src_last_pkt_time":1490976115067054,"flow_dst_last_pkt_time":1490976115061264,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976115067054,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXCnRAAEAGO6CsECrYNF7ohrKkAbvN5GFIckqrkVAYAVfgTwAAFgMBAOoBAADmAwOHALGigIjvApxLIe0mGRpTgcLEUyJobZ3dCQZJexl6RCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgiorMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9uroAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACAoKAB0AFwAYqqoAAQA="} -01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1878,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976114940294,"flow_src_last_pkt_time":1490976115067054,"flow_dst_last_pkt_time":1490976115061264,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115067054,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1878,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976114940294,"flow_src_last_pkt_time":1490976115067054,"flow_dst_last_pkt_time":1490976115061264,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115067054,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1879,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":5,"flow_src_last_pkt_time":1490976115066464,"flow_dst_last_pkt_time":1490976115189981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976115189981,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9YoNAAOcGPSo0XuiGrBAq2AG7sqGNgYNYyBybc1AYf\/ijGAAAFgMBAEoCAABGAwFY3n1zINgI1Vy\/FXdUMuPvUGDLWthjR2H7WINeUtzlBCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1879,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976114894065,"flow_src_last_pkt_time":1490976115066464,"flow_dst_last_pkt_time":1490976115189981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976115189981,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01375{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1879,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976114894065,"flow_src_last_pkt_time":1490976115066464,"flow_dst_last_pkt_time":1490976115189981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976115189981,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1882,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":5,"flow_src_last_pkt_time":1490976115066798,"flow_dst_last_pkt_time":1490976115200136,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976115200136,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9ReVAAOcGWcg0XuiGrBAq2AG7sqKEfV0Oeu3ygFAYf\/ig1AAAFgMBAEoCAABGAwFY3n1zJme6pFAslczvpX19TcUFgg3DbLK17SjfiEEQUyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1882,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976114906930,"flow_src_last_pkt_time":1490976115066798,"flow_dst_last_pkt_time":1490976115200136,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976115200136,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01375{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1882,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976114906930,"flow_src_last_pkt_time":1490976115066798,"flow_dst_last_pkt_time":1490976115200136,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976115200136,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1883,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":5,"flow_src_last_pkt_time":1490976115066590,"flow_dst_last_pkt_time":1490976115200184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976115200184,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9RCRAAOcGW4k0XuiGrBAq2AG7sqDRCzciLZ\/RUlAYf\/gsyQAAFgMBAEoCAABGAwFY3n1zE6Tufw7kJSJXbVavRo\/6lNuOwDxaW+i7VIwIKCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1883,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976114885072,"flow_src_last_pkt_time":1490976115066590,"flow_dst_last_pkt_time":1490976115200184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976115200184,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01375{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1883,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976114885072,"flow_src_last_pkt_time":1490976115066590,"flow_dst_last_pkt_time":1490976115200184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976115200184,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1884,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":5,"flow_src_last_pkt_time":1490976115066928,"flow_dst_last_pkt_time":1490976115200219,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976115200219,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9RepAAOcGWcM0XuiGrBAq2AG7sqOllKPTjLiI71AYf\/jGMAAAFgMBAEoCAABGAwFY3n1zTn6J09aDxTBb8TVltBdGJeEW\/LDcikVqGAruryCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1884,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976114921759,"flow_src_last_pkt_time":1490976115066928,"flow_dst_last_pkt_time":1490976115200219,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976115200219,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01375{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1884,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976114921759,"flow_src_last_pkt_time":1490976115066928,"flow_dst_last_pkt_time":1490976115200219,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976115200219,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":5,"flow_src_last_pkt_time":1490976115067054,"flow_dst_last_pkt_time":1490976115201662,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976115201662,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB95rdAAOcGuPU0XuiGrBAq2AG7sqRySquRzeRiN1AYf\/gEdwAAFgMBAEoCAABGAwFY3n1z\/bQjY2ZjlLbA3DZTa+cwMTsfQ+lvAGzSBsvFwiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1888,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976114940294,"flow_src_last_pkt_time":1490976115067054,"flow_dst_last_pkt_time":1490976115201662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976115201662,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01375{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1888,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976114940294,"flow_src_last_pkt_time":1490976115067054,"flow_dst_last_pkt_time":1490976115201662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976115201662,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1937,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976115835926,"flow_src_last_pkt_time":1490976115835926,"flow_dst_last_pkt_time":1490976115835926,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115835926,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1937,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_src_last_pkt_time":1490976115835926,"flow_dst_last_pkt_time":1490976115835926,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_usec":1490976115835926,"pkt":"AMDKkaPvePiC0\/vCCABFAABVWl5AAEARM0CsECrYrBAqAW\/GADUAQT0E1ZsBAAABAAAAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQAB"} 01135{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1937,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976115835926,"flow_src_last_pkt_time":1490976115835926,"flow_dst_last_pkt_time":1490976115835926,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976115835926,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -1004,9 +1004,9 @@ 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2507,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_src_last_pkt_time":1490976150029230,"flow_dst_last_pkt_time":1490976150125051,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976150125051,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwoZ9AAOcG\/lo0XuiGrBAq2AG7sra0EJrCzlCTz3ASH\/4K2QAAAgQFtAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2508,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":3,"flow_src_last_pkt_time":1490976150126970,"flow_dst_last_pkt_time":1490976150125051,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976150126970,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo6yhAAEAGW9qsECrYNF7ohrK2AbvOUJPPtBCaw1AQAVdVSgAA"} 00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2509,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":4,"flow_src_last_pkt_time":1490976150127984,"flow_dst_last_pkt_time":1490976150125051,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976150127984,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX6ylAAEAGWuqsECrYNF7ohrK2AbvOUJPPtBCaw1AYAVchEAAAFgMBAOoBAADmAwOKdjFFpOOXsbbSqMMeJaFC\/d12VQO5ox2KdTo39VCnrCB4kgfiZLrEZoIvfOT\/tQMGZLL4w9FhfVsGJHEZL4q82wAgiorMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9OjoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACHp6AB0AFwAYSkoAAQA="} -01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2509,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976150029230,"flow_src_last_pkt_time":1490976150127984,"flow_dst_last_pkt_time":1490976150125051,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976150127984,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2509,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976150029230,"flow_src_last_pkt_time":1490976150127984,"flow_dst_last_pkt_time":1490976150125051,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976150127984,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2510,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":5,"flow_src_last_pkt_time":1490976150127984,"flow_dst_last_pkt_time":1490976150196553,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976150196553,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAokKxAAOcGD1Y0XuiGrBAq2AG7sra0EJrDzlCUvlAQf\/jVuQAAAAAAAAAA"} -01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2511,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976150029230,"flow_src_last_pkt_time":1490976150127984,"flow_dst_last_pkt_time":1490976150196755,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976150196755,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01375{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2511,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976150029230,"flow_src_last_pkt_time":1490976150127984,"flow_dst_last_pkt_time":1490976150196755,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976150196755,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00928{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976022741105,"flow_src_last_pkt_time":1490976022741164,"flow_dst_last_pkt_time":1490976022741105,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976150210618,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00937{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2517,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976022731312,"flow_src_last_pkt_time":1490976022731374,"flow_dst_last_pkt_time":1490976022731312,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976150210618,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 02352{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2519,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1490976029248822,"flow_src_last_pkt_time":1490976030758212,"flow_dst_last_pkt_time":1490976150757970,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5474,"flow_dst_tot_l4_payload_len":6814,"midstream":0,"thread_ts_usec":1490976150757970,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":33,"avg":3968339.8,"max":120002762,"stddev":21185284.0,"var":448816230694912.0,"ent":0.3,"data": [77142,79508,13198,60889,401,551,135,48584,1797,3570,177758,227426,44512,20026,267154,445550,122636,142,45,33,282451,8709,270484,1626,407007,145,164075,140,290013,120002762,69]},"pktlen": {"min":52,"avg":436.5,"max":1500,"stddev":570.0,"var":324877.8,"ent":3.9,"data": [60,60,52,273,52,1500,1500,626,52,52,52,178,294,52,1416,1416,52,1500,300,96,86,52,52,1500,1003,52,52,1315,86,52,83,52]},"bins": {"c_to_s": [9,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0],"s_to_c": [7,3,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,0,1,1],"entropies": [4.739262104,5.306893826,5.017560959,5.448555946,5.115703583,6.960030556,7.238288403,7.584036827,5.017560959,5.094483852,5.041505337,6.602245331,7.164677143,5.041505337,7.862887383,7.863117218,5.115703106,7.885983467,7.259884357,6.084556580,5.826154709,5.094483852,5.132945538,7.862029552,7.810581207,5.115703106,5.077241421,7.851958752,5.873827457,5.132945538,5.636672497,5.115703106]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -1015,9 +1015,9 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2532,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_src_last_pkt_time":1490976158680003,"flow_dst_last_pkt_time":1490976158840127,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976158840127,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwc8dAAOcGLDM0XuiGrBAq2AG7sreYM6oZdo6CxHASH\/6AKwAAAgQFtAEDAwY="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2533,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":3,"flow_src_last_pkt_time":1490976158841362,"flow_dst_last_pkt_time":1490976158840127,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976158841362,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo\/olAAEAGSHmsECrYNF7ohrK3Abt2joLEmDOqGlAQAVfKnAAA"} 00861{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2534,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":4,"flow_src_last_pkt_time":1490976158842060,"flow_dst_last_pkt_time":1490976158840127,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976158842060,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX\/opAAEAGR4msECrYNF7ohrK3Abt2joLEmDOqGlAYAVepYwAAFgMBAOoBAADmAwPtGRNrH\/FF66PH1PCooAX1Dd1\/3OeWvWeSDYxuFGcUDiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAg6urMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9GhoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACBoaAB0AFwAYamoAAQA="} -01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2534,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976158680003,"flow_src_last_pkt_time":1490976158842060,"flow_dst_last_pkt_time":1490976158840127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976158842060,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2534,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976158680003,"flow_src_last_pkt_time":1490976158842060,"flow_dst_last_pkt_time":1490976158840127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976158842060,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2535,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":5,"flow_src_last_pkt_time":1490976158842060,"flow_dst_last_pkt_time":1490976159147892,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976159147892,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9ZJ1AAOcGOxA0XuiGrBAq2AG7sreYM6oado6Ds1AYf\/jWEQAAFgMBAEoCAABGAwFY3n2ejsBVJxuO9LpSs5v2aSzauuFSRGgpga0DGSdUzyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2535,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976158680003,"flow_src_last_pkt_time":1490976158842060,"flow_dst_last_pkt_time":1490976159147892,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976159147892,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01375{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2535,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976158680003,"flow_src_last_pkt_time":1490976158842060,"flow_dst_last_pkt_time":1490976159147892,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976159147892,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 01055{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2549,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1490976027958387,"flow_src_last_pkt_time":1490976030758514,"flow_dst_last_pkt_time":1490976027958387,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976160361375,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01033{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1490976031691694,"flow_src_last_pkt_time":1490976032855148,"flow_dst_last_pkt_time":1490976032852924,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":808,"flow_dst_max_l4_payload_len":1346,"flow_src_tot_l4_payload_len":808,"flow_dst_tot_l4_payload_len":1346,"midstream":0,"thread_ts_usec":1490976160361375,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","proto_id":"7.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"alexa.amazon.com"}} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1490976035553389,"flow_src_last_pkt_time":1490976036358790,"flow_dst_last_pkt_time":1490976036357145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":707,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1768,"flow_dst_tot_l4_payload_len":3944,"midstream":0,"thread_ts_usec":1490976160361375,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -1043,23 +1043,23 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2577,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_src_last_pkt_time":1490976169531098,"flow_dst_last_pkt_time":1490976169726806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976169726806,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwhFlAAOcGG6E0XuiGrBAq2AG7srhwEXla75rq83ASH\/73zwAAAgQFtAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2578,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":3,"flow_src_last_pkt_time":1490976169729899,"flow_dst_last_pkt_time":1490976169726806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976169729899,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoanVAAEAG3I2sECrYNF7ohrK4AbvvmurzcBF5W1AQAVdCQQAA"} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2579,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":4,"flow_src_last_pkt_time":1490976169731050,"flow_dst_last_pkt_time":1490976169726806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1490976169731050,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXanZAAEAG252sECrYNF7ohrK4AbvvmurzcBF5W1AYAVfzhwAAFgMBAOoBAADmAwNQGProSMl78hAUDaTmTX5yUTx4scZiFRjHHV08S9IO6yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgWlrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9+voAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACBoaAB0AFwAY6uoAAQA="} -01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2579,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976169531098,"flow_src_last_pkt_time":1490976169731050,"flow_dst_last_pkt_time":1490976169726806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976169731050,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2579,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976169531098,"flow_src_last_pkt_time":1490976169731050,"flow_dst_last_pkt_time":1490976169726806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976169731050,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2580,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":5,"flow_src_last_pkt_time":1490976169731050,"flow_dst_last_pkt_time":1490976169888180,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_usec":1490976169888180,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9eExAAOcGJ2E0XuiGrBAq2AG7srhwEXlb75rr4lAYf\/iM1wAAFgMBAEoCAABGAwFY3n2pJltIvltxhfK2SiAqZURuo+oby5xQQ9okKpdqHCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="} -01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2580,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976169531098,"flow_src_last_pkt_time":1490976169731050,"flow_dst_last_pkt_time":1490976169888180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976169888180,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01375{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2580,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1490976169531098,"flow_src_last_pkt_time":1490976169731050,"flow_dst_last_pkt_time":1490976169888180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976169888180,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1490976041870965,"flow_src_last_pkt_time":1490976042512458,"flow_dst_last_pkt_time":1490976042511689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":766,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1346,"flow_dst_tot_l4_payload_len":5556,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1490976047014580,"flow_src_last_pkt_time":1490976048924178,"flow_dst_last_pkt_time":1490976048922012,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":510,"flow_src_tot_l4_payload_len":5741,"flow_dst_tot_l4_payload_len":1061,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01051{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":19,"flow_first_seen":1490976047050685,"flow_src_last_pkt_time":1490976048924429,"flow_dst_last_pkt_time":1490976048922814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":510,"flow_src_tot_l4_payload_len":21470,"flow_dst_tot_l4_payload_len":1061,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"mobileanalytics.us-east-1.amazonaws.com"}} -01143{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976041156517,"flow_src_last_pkt_time":1490976043655892,"flow_dst_last_pkt_time":1490976043654956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1114,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":4861,"flow_dst_tot_l4_payload_len":5515,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com"}} -01103{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1490976041384197,"flow_src_last_pkt_time":1490976042405856,"flow_dst_last_pkt_time":1490976042404787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1098,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":1396,"flow_dst_tot_l4_payload_len":975,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01103{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1490976041400900,"flow_src_last_pkt_time":1490976042398416,"flow_dst_last_pkt_time":1490976042395904,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1130,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":1428,"flow_dst_tot_l4_payload_len":975,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01105{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1490976044189172,"flow_src_last_pkt_time":1490976046415971,"flow_dst_last_pkt_time":1490976046413320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1178,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":3736,"flow_dst_tot_l4_payload_len":2649,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01105{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1490976044219115,"flow_src_last_pkt_time":1490976046417844,"flow_dst_last_pkt_time":1490976046413363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1194,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":3768,"flow_dst_tot_l4_payload_len":2649,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01105{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1490976044488653,"flow_src_last_pkt_time":1490976046418245,"flow_dst_last_pkt_time":1490976046413440,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1146,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":2590,"flow_dst_tot_l4_payload_len":1812,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01103{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1490976044502988,"flow_src_last_pkt_time":1490976046415716,"flow_dst_last_pkt_time":1490976046413197,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1130,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":1428,"flow_dst_tot_l4_payload_len":975,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01099{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1490976044509891,"flow_src_last_pkt_time":1490976046418508,"flow_dst_last_pkt_time":1490976046413500,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":138,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01099{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1490976044521564,"flow_src_last_pkt_time":1490976046418383,"flow_dst_last_pkt_time":1490976046413470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":138,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01105{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1490976046418630,"flow_src_last_pkt_time":1490976048924554,"flow_dst_last_pkt_time":1490976048922912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1194,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":6299,"flow_dst_tot_l4_payload_len":3486,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01100{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1490976047096758,"flow_src_last_pkt_time":1490976048927819,"flow_dst_last_pkt_time":1490976048926772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":138,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":276,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01159{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976041156517,"flow_src_last_pkt_time":1490976043655892,"flow_dst_last_pkt_time":1490976043654956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1114,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":4861,"flow_dst_tot_l4_payload_len":5515,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com"}} +01119{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1490976041384197,"flow_src_last_pkt_time":1490976042405856,"flow_dst_last_pkt_time":1490976042404787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1098,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":1396,"flow_dst_tot_l4_payload_len":975,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01119{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1490976041400900,"flow_src_last_pkt_time":1490976042398416,"flow_dst_last_pkt_time":1490976042395904,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1130,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":1428,"flow_dst_tot_l4_payload_len":975,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01121{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1490976044189172,"flow_src_last_pkt_time":1490976046415971,"flow_dst_last_pkt_time":1490976046413320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1178,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":3736,"flow_dst_tot_l4_payload_len":2649,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01121{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1490976044219115,"flow_src_last_pkt_time":1490976046417844,"flow_dst_last_pkt_time":1490976046413363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1194,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":3768,"flow_dst_tot_l4_payload_len":2649,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01121{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1490976044488653,"flow_src_last_pkt_time":1490976046418245,"flow_dst_last_pkt_time":1490976046413440,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1146,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":2590,"flow_dst_tot_l4_payload_len":1812,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01119{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1490976044502988,"flow_src_last_pkt_time":1490976046415716,"flow_dst_last_pkt_time":1490976046413197,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1130,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":1428,"flow_dst_tot_l4_payload_len":975,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01115{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1490976044509891,"flow_src_last_pkt_time":1490976046418508,"flow_dst_last_pkt_time":1490976046413500,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":138,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01115{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1490976044521564,"flow_src_last_pkt_time":1490976046418383,"flow_dst_last_pkt_time":1490976046413470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":138,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01121{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1490976046418630,"flow_src_last_pkt_time":1490976048924554,"flow_dst_last_pkt_time":1490976048922912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1194,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":6299,"flow_dst_tot_l4_payload_len":3486,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01116{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1490976047096758,"flow_src_last_pkt_time":1490976048927819,"flow_dst_last_pkt_time":1490976048926772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":138,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":276,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 01145{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1490976044439648,"flow_src_last_pkt_time":1490976046418120,"flow_dst_last_pkt_time":1490976046413394,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":996,"flow_dst_max_l4_payload_len":183,"flow_src_tot_l4_payload_len":1992,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","proto_id":"7.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"alexa.amazon.com"}} 01021{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":38,"flow_first_seen":1490976041942417,"flow_src_last_pkt_time":1490976046399542,"flow_dst_last_pkt_time":1490976046398342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":7185,"flow_dst_tot_l4_payload_len":34248,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com"}} 00985{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1490976041961796,"flow_src_last_pkt_time":1490976042341365,"flow_dst_last_pkt_time":1490976042200368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":5353,"midstream":0,"thread_ts_usec":1490976171313736,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -1100,37 +1100,37 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2619,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":3,"flow_src_last_pkt_time":1490976177232232,"flow_dst_last_pkt_time":1490976177226809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976177232232,"pkt":"AMDKkaPvePiC0\/vCCABFAAAok49AAEAGfLesECrYNu8cssZsAbvv1RDxxhHYKlAQAVccyQAA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2620,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":3,"flow_src_last_pkt_time":1490976177232543,"flow_dst_last_pkt_time":1490976177226953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976177232543,"pkt":"AMDKkaPvePiC0\/vCCABFAAAopC1AAEAGbBmsECrYNu8cssZtAbubwSdU47ys2VAQAVdoHwAA"} 00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2622,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":4,"flow_src_last_pkt_time":1490976177233706,"flow_dst_last_pkt_time":1490976177226809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_usec":1490976177233706,"pkt":"AMDKkaPvePiC0\/vCCABFAAD3k5BAAEAGe+esECrYNu8cssZsAbvv1RDxxhHYKlAYAVegdQAAFgMBAMoBAADGAwNlXadIw7yx7VLHe4UdO3wZiu\/EcwTKyJ+o5joejNiDegAAIGpqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAfaqqAAD\/AQABAAAAABgAFgAAE3BpdGFuZ3VpLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAhaWgAdABcAGEpKAAEA"} -01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2622,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976177116210,"flow_src_last_pkt_time":1490976177233706,"flow_dst_last_pkt_time":1490976177226809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976177233706,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2622,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976177116210,"flow_src_last_pkt_time":1490976177233706,"flow_dst_last_pkt_time":1490976177226809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976177233706,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2623,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":4,"flow_src_last_pkt_time":1490976177235757,"flow_dst_last_pkt_time":1490976177226953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_usec":1490976177235757,"pkt":"AMDKkaPvePiC0\/vCCABFAAD3pC5AAEAGa0msECrYNu8cssZtAbubwSdU47ys2VAYAVdEqAAAFgMBAMoBAADGAwPJsGFZNlhJRMty6KrMnV1YFeE+Nh3uPX+8iS4ufNPtYgAAIMrKzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAfWpqAAD\/AQABAAAAABgAFgAAE3BpdGFuZ3VpLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAi6ugAdABcAGFpaAAEA"} -01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2623,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976177116594,"flow_src_last_pkt_time":1490976177235757,"flow_dst_last_pkt_time":1490976177226953,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976177235757,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2623,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976177116594,"flow_src_last_pkt_time":1490976177235757,"flow_dst_last_pkt_time":1490976177226953,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976177235757,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2624,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976177276176,"flow_src_last_pkt_time":1490976177276176,"flow_dst_last_pkt_time":1490976177276176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976177276176,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2624,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_src_last_pkt_time":1490976177276176,"flow_dst_last_pkt_time":1490976177276176,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976177276176,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZidAAEAGqgusECrYNu8cssZvAbuB1uWoAAAAAKAC\/\/9pRgAAAgQFtAQCCAoA9oOPAAAAAAEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2625,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_src_last_pkt_time":1490976177276176,"flow_dst_last_pkt_time":1490976177409998,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976177409998,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwnrRAAOcGyok27xyyrBAq2AG7xm8x5Gl6gdblqXASH\/5ueAAAAgQFtAEDAwY="} 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2626,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":5,"flow_src_last_pkt_time":1490976177233706,"flow_dst_last_pkt_time":1490976177410580,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1490976177410580,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcHZxAAOcGRfY27xyyrBAq2AG7xmzGEdgq79URwFAYf\/krDwAAFgMBDLwCAABGAwFY3n2xoE\/i6JhK5Md85LDgTL+hjMKOoOipyrc3Qs63NyBbMnlmo5paikbiPJoGHJv6QkaI+z+FCbdHU5bqJU8HCAAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} -01970{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2628,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976177116210,"flow_src_last_pkt_time":1490976177233706,"flow_dst_last_pkt_time":1490976177411170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976177411170,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} +01986{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2628,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976177116210,"flow_src_last_pkt_time":1490976177233706,"flow_dst_last_pkt_time":1490976177411170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976177411170,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} 02503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2629,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":5,"flow_src_last_pkt_time":1490976177235757,"flow_dst_last_pkt_time":1490976177411710,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1490976177411710,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcV8VAAOcGC8027xyyrBAq2AG7xm3jvKzZm8EoI1AYf\/nh\/QAAFgMBDLwCAABGAwFY3n2xaq9TiacLU53\/Dedeq5VgVwSB6e5nEATT\/X1YcSB4k7UGdAl7o2Fj7GR\/vQXOKrGMzABpKlhDsMZpJU8HCAAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} -01970{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2631,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976177116594,"flow_src_last_pkt_time":1490976177235757,"flow_dst_last_pkt_time":1490976177412370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976177412370,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} +01986{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2631,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976177116594,"flow_src_last_pkt_time":1490976177235757,"flow_dst_last_pkt_time":1490976177412370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976177412370,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2632,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":3,"flow_src_last_pkt_time":1490976177416579,"flow_dst_last_pkt_time":1490976177409998,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976177416579,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZihAAEAGqh6sECrYNu8cssZvAbuB1uWpMeRpe1AQAVe46QAA"} 00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2637,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":4,"flow_src_last_pkt_time":1490976177419812,"flow_dst_last_pkt_time":1490976177409998,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_usec":1490976177419812,"pkt":"AMDKkaPvePiC0\/vCCABFAAD3ZilAAEAGqU6sECrYNu8cssZvAbuB1uWpMeRpe1AYAVfk5AAAFgMBAMoBAADGAwMsuk8budl5l63szylFKYvttXtVR+FVs3ji\/ibU4XOTkgAAICoqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAfUpKAAD\/AQABAAAAABgAFgAAE3BpdGFuZ3VpLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAi6ugAdABcAGBoaAAEA"} -01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2637,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976177276176,"flow_src_last_pkt_time":1490976177419812,"flow_dst_last_pkt_time":1490976177409998,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976177419812,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2637,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976177276176,"flow_src_last_pkt_time":1490976177419812,"flow_dst_last_pkt_time":1490976177409998,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976177419812,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2642,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":5,"flow_src_last_pkt_time":1490976177419812,"flow_dst_last_pkt_time":1490976177551603,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1490976177551603,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXckcFAAOcG0dA27xyyrBAq2AG7xm8x5Gl7gdbmeFAYf\/ku2AAAFgMBDLwCAABGAwFY3n2xtTCgBX2XxOgCNPe4QWinehtmaqxVaZztY5JDAyCbTc\/lJnWdRZ6KEAYyDThaI+O9lRqgAB2UK+xdOk8HCAAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} -01970{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2644,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976177276176,"flow_src_last_pkt_time":1490976177419812,"flow_dst_last_pkt_time":1490976177553024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976177553024,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} +01986{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2644,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976177276176,"flow_src_last_pkt_time":1490976177419812,"flow_dst_last_pkt_time":1490976177553024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976177553024,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2670,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":2,"flow_src_last_pkt_time":1490976178110288,"flow_dst_last_pkt_time":1490976177116910,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976178110288,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8lfxAAEAGejasECrYNu8cssZuAbts9RaEAAAAAKAC\/\/9M+QAAAgQFtAQCCAoA9oPjAAAAAAEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2672,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":3,"flow_src_last_pkt_time":1490976178110288,"flow_dst_last_pkt_time":1490976178284687,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976178284687,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAww9ZAAOcGpWc27xyyrBAq2AG7xm5KXM+cbPUWhXASH\/7T5AAAAgQFtAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2673,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":4,"flow_src_last_pkt_time":1490976178285843,"flow_dst_last_pkt_time":1490976178284687,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976178285843,"pkt":"AMDKkaPvePiC0\/vCCABFAAAolf1AAEAGekmsECrYNu8cssZuAbts9RaFSlzPnVAQAVceVgAA"} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2680,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1490976180796726,"flow_dst_last_pkt_time":1490976055356710,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_usec":1490976180796726,"pkt":"AQBeAAABAMDKkaPvCABGwAAgAABAAAECBBcAAAAA4AAAAZQEAAARZO6bAAAAAA=="} 00991{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1490976058103747,"flow_src_last_pkt_time":1490976058813424,"flow_dst_last_pkt_time":1490976058811894,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":395,"flow_src_tot_l4_payload_len":4158,"flow_dst_tot_l4_payload_len":551,"midstream":0,"thread_ts_usec":1490976180796726,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -01103{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1490976054009715,"flow_src_last_pkt_time":1490976055604779,"flow_dst_last_pkt_time":1490976055601585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1146,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":2590,"flow_dst_tot_l4_payload_len":975,"midstream":0,"thread_ts_usec":1490976180796726,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01103{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1490976057977153,"flow_src_last_pkt_time":1490976058806854,"flow_dst_last_pkt_time":1490976058804936,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":3816,"flow_dst_tot_l4_payload_len":975,"midstream":0,"thread_ts_usec":1490976180796726,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01119{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1490976054009715,"flow_src_last_pkt_time":1490976055604779,"flow_dst_last_pkt_time":1490976055601585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1146,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":2590,"flow_dst_tot_l4_payload_len":975,"midstream":0,"thread_ts_usec":1490976180796726,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01119{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1490976057977153,"flow_src_last_pkt_time":1490976058806854,"flow_dst_last_pkt_time":1490976058804936,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":837,"flow_src_tot_l4_payload_len":3816,"flow_dst_tot_l4_payload_len":975,"midstream":0,"thread_ts_usec":1490976180796726,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 01008{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2681,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976133936541,"flow_src_last_pkt_time":1490976133936541,"flow_dst_last_pkt_time":1490976134135541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":210,"midstream":0,"thread_ts_usec":1490976180796726,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ecx.images-amazon.com"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2681,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976186164818,"flow_src_last_pkt_time":1490976186164818,"flow_dst_last_pkt_time":1490976186164818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976186164818,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2681,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_src_last_pkt_time":1490976186164818,"flow_dst_last_pkt_time":1490976186164818,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976186164818,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8hhtAAEAGihesECrYNu8cssZwAbtODwEcAAAAAKAC\/\/9+IQAAAgQFtAQCCAoA9ocHAAAAAAEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2682,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_src_last_pkt_time":1490976186164818,"flow_dst_last_pkt_time":1490976186394721,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976186394721,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwCmJAAOcGXtw27xyyrBAq2AG7xnDcplSHTg8BHXASH\/7w+wAAAgQFtAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2683,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_src_last_pkt_time":1490976186398073,"flow_dst_last_pkt_time":1490976186394721,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976186398073,"pkt":"AMDKkaPvePiC0\/vCCABFAAAohhxAAEAGiiqsECrYNu8cssZwAbtODwEd3KZUiFAQAVc7bQAA"} 00814{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2684,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":4,"flow_src_last_pkt_time":1490976186398375,"flow_dst_last_pkt_time":1490976186394721,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_usec":1490976186398375,"pkt":"AMDKkaPvePiC0\/vCCABFAAD3hh1AAEAGiVqsECrYNu8cssZwAbtODwEd3KZUiFAYAVcX6AAAFgMBAMoBAADGAwNIp1N542sFVSo0EG+FRg60u0Yye1+MLqKN0bYZ2TEvIQAAIEpKzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAfVpaAAD\/AQABAAAAABgAFgAAE3BpdGFuZ3VpLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAiqqgAdABcAGHp6AAEA"} -01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2684,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976186164818,"flow_src_last_pkt_time":1490976186398375,"flow_dst_last_pkt_time":1490976186394721,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976186398375,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} +01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2684,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976186164818,"flow_src_last_pkt_time":1490976186398375,"flow_dst_last_pkt_time":1490976186394721,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976186398375,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}} 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2685,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":5,"flow_src_last_pkt_time":1490976186398375,"flow_dst_last_pkt_time":1490976186550555,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1490976186550555,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcACpAAOcGY2g27xyyrBAq2AG7xnDcplSITg8B7FAYf\/kOiwAAFgMBDLwCAABGAwFY3n26REB5NKXR3I9dkWggmGDU6jpRlw5FpVJBuUrB1SCeZzFPhCqe0IawM80i0LIK\/kW95mA05nnVAtHMuFIHCAAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} -01970{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2687,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976186164818,"flow_src_last_pkt_time":1490976186398375,"flow_dst_last_pkt_time":1490976186551062,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976186551062,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} +01986{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2687,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976186164818,"flow_src_last_pkt_time":1490976186398375,"flow_dst_last_pkt_time":1490976186551062,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976186551062,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com","domainame":"pitangui.amazon.com","tls": {"version":"TLSv1.2","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t12d1510h2_f0daf39aad75_e69ac49eb88f","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","advertised_alpns":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2698,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976186818047,"flow_src_last_pkt_time":1490976186818047,"flow_dst_last_pkt_time":1490976186818047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976186818047,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2698,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_src_last_pkt_time":1490976186818047,"flow_dst_last_pkt_time":1490976186818047,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_usec":1490976186818047,"pkt":"AMDKkaPvePiC0\/vCCABFAABVWmJAAEARMzysECrYrBAqASHdADUAQT24ItEBAAABAAAAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQAB"} 01134{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2698,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976186818047,"flow_src_last_pkt_time":1490976186818047,"flow_dst_last_pkt_time":1490976186818047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976186818047,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mobileanalytics.us-east-1.amazonaws.com","domainame":"mobileanalytics.us-east-1.amazonaws.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}} @@ -1153,12 +1153,12 @@ 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2737,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976187511761,"flow_src_last_pkt_time":1490976187511761,"flow_dst_last_pkt_time":1490976187511761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976187511761,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2737,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_src_last_pkt_time":1490976187511761,"flow_dst_last_pkt_time":1490976187511761,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976187511761,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8IbxAAEAG7nasECrYNu8cspdlAbtMyaYzAAAAAKAC\/\/8I0wAAAgQFtAQCCAoA9oePAAAAAAEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2739,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_src_last_pkt_time":1490976187511761,"flow_dst_last_pkt_time":1490976187571606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1490976187571606,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw3K9AAOcGjI427xyyrBAq2AG7l2UCDLyqTMmmNHASH\/7urAAAAgQFtAEDAwY="} -02343{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2741,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976177276176,"flow_src_last_pkt_time":1490976187574979,"flow_dst_last_pkt_time":1490976187571653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":8229,"flow_dst_tot_l4_payload_len":4012,"midstream":0,"thread_ts_usec":1490976187574979,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":112,"avg":664331.6,"max":8001087,"stddev":1905246.8,"var":3629965115392.0,"ent":2.5,"data": [133822,140403,3233,141605,1309,112,137230,287,136,2714,82197,163,95708,410,359058,405413,633638,688626,100774,373131,50752,202632,7767064,1576,8001087,353783,410110,314766,108314,179,84048]},"pktlen": {"min":40,"avg":424.7,"max":1500,"stddev":584.7,"var":341856.6,"ent":3.8,"data": [60,48,40,247,1500,1500,385,40,40,40,366,46,99,1500,190,46,1500,99,40,1500,46,669,40,1500,286,46,40,46,1500,46,46,40]},"bins": {"c_to_s": [9,0,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0],"s_to_c": [8,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,0,1,0,0,1,1,0,0,0,1,0,1,0,1,1,0],"entropies": [4.739262104,5.176427841,4.831687450,5.587803364,6.784171104,7.276063442,7.379589558,4.681686878,4.831686974,4.881687164,7.374952793,4.565872192,6.002931595,7.862873554,6.853326321,4.609350204,7.863068104,6.002931595,4.831687450,7.863775730,4.652828693,7.736141205,4.831687450,7.863870144,7.273199081,4.501398087,4.781687260,4.544876099,7.864799976,4.565871716,4.609350204,4.881687164]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02359{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2741,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1490976177276176,"flow_src_last_pkt_time":1490976187574979,"flow_dst_last_pkt_time":1490976187571653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":8229,"flow_dst_tot_l4_payload_len":4012,"midstream":0,"thread_ts_usec":1490976187574979,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":112,"avg":664331.6,"max":8001087,"stddev":1905246.8,"var":3629965115392.0,"ent":2.5,"data": [133822,140403,3233,141605,1309,112,137230,287,136,2714,82197,163,95708,410,359058,405413,633638,688626,100774,373131,50752,202632,7767064,1576,8001087,353783,410110,314766,108314,179,84048]},"pktlen": {"min":40,"avg":424.7,"max":1500,"stddev":584.7,"var":341856.6,"ent":3.8,"data": [60,48,40,247,1500,1500,385,40,40,40,366,46,99,1500,190,46,1500,99,40,1500,46,669,40,1500,286,46,40,46,1500,46,46,40]},"bins": {"c_to_s": [9,0,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0],"s_to_c": [8,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,0,1,0,0,1,1,0,0,0,1,0,1,0,1,1,0],"entropies": [4.739262104,5.176427841,4.831687450,5.587803364,6.784171104,7.276063442,7.379589558,4.681686878,4.831686974,4.881687164,7.374952793,4.565872192,6.002931595,7.862873554,6.853326321,4.609350204,7.863068104,6.002931595,4.831687450,7.863775730,4.652828693,7.736141205,4.831687450,7.863870144,7.273199081,4.501398087,4.781687260,4.544876099,7.864799976,4.565871716,4.609350204,4.881687164]},"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2742,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":3,"flow_src_last_pkt_time":1490976187575232,"flow_dst_last_pkt_time":1490976187571606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976187575232,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoIb1AAEAG7omsECrYNu8cspdlAbtMyaY0Agy8q1AQAVc5HgAA"} 00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2743,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":4,"flow_src_last_pkt_time":1490976187577439,"flow_dst_last_pkt_time":1490976187571606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1490976187577439,"pkt":"AMDKkaPvePiC0\/vCCABFAADWIb5AAEAG7dqsECrYNu8cspdlAbtMyaY0Agy8q1AYAVf+iAAAFgMBAKkBAAClAwG16AV0b+GAfYYNp1IOTvu8DJ0f7IEfHu7urYszcZFfGCCDPveyl8oknA6Yiw9M10d1fqyNuQQHuX5ZwIOnN4q82wAcwAnACsATwBQAMwA5ADIAOMAHwBEALwA1AAUA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"} 01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2743,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976187511761,"flow_src_last_pkt_time":1490976187577439,"flow_dst_last_pkt_time":1490976187571606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976187577439,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 02499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":5,"flow_src_last_pkt_time":1490976187577439,"flow_dst_last_pkt_time":1490976187703787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1490976187703787,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc5VlAAOcGfjg27xyyrBAq2AG7l2UCDLyrTMmm4lAYf\/o3xAAAFgMBDLwCAABGAwFY3n27mBV2WbDPq95nUgHVHgPA3C3vs5uXZdBrRcVDiCCh56jEaMWoPL9OuslqKXpycwU0yxHxmHJEb6cXK1MHCAAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="} -02012{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2747,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976187511761,"flow_src_last_pkt_time":1490976187577439,"flow_dst_last_pkt_time":1490976187704396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976187704396,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} +02028{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2747,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1490976187511761,"flow_src_last_pkt_time":1490976187577439,"flow_dst_last_pkt_time":1490976187704396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":3265,"midstream":0,"thread_ts_usec":1490976187704396,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"","domainame":"","tls": {"version":"TLSv1","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24","blocks":0}}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2790,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":5,"flow_src_last_pkt_time":1490976195480744,"flow_dst_last_pkt_time":1490976178284687,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1490976195480744,"pkt":"AMDKkaPvePiC0\/vCCABFAAAolf5AAEAGekisECrYNu8cssZuAbts9RaFSlzPnVARAVceVQAA"} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2791,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976195484942,"flow_src_last_pkt_time":1490976195484942,"flow_dst_last_pkt_time":1490976195484942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976195484942,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2791,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_src_last_pkt_time":1490976195484942,"flow_dst_last_pkt_time":1490976195484942,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1490976195484942,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WmRAAEARM1OsECrYrBAqATpWADUAKI0W4msBAAABAAAAAAAAA3d3dwZhbWF6b24DY29tAAABAAE="} @@ -1229,12 +1229,12 @@ 01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2913,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1490976196016602,"flow_src_last_pkt_time":1490976196079939,"flow_dst_last_pkt_time":1490976196075142,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976196079939,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2924,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":5,"flow_src_last_pkt_time":1490976196079939,"flow_dst_last_pkt_time":1490976196143111,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1490976196143111,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoKCNAAOcGQSM27xyyrBAq2AG74sBbwNFwZBCoN1AQf\/rnWwAAAAAAAAAA"} 01384{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2925,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1490976196016602,"flow_src_last_pkt_time":1490976196079939,"flow_dst_last_pkt_time":1490976196143271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":85,"midstream":0,"thread_ts_usec":1490976196143271,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1","ja3s":"18e962e106761869a61045bed0e81c2c","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","blocks":0}}} -01106{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976071286664,"flow_src_last_pkt_time":1490976075975082,"flow_dst_last_pkt_time":1490976075957057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3582,"flow_dst_tot_l4_payload_len":5044,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01104{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1490976071306483,"flow_src_last_pkt_time":1490976075950122,"flow_dst_last_pkt_time":1490976075948173,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1231,"flow_dst_tot_l4_payload_len":3873,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01105{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1490976071349196,"flow_src_last_pkt_time":1490976075957794,"flow_dst_last_pkt_time":1490976075955793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":501,"flow_src_tot_l4_payload_len":3630,"flow_dst_tot_l4_payload_len":1124,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01103{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":9,"flow_first_seen":1490976071380614,"flow_src_last_pkt_time":1490976075949846,"flow_dst_last_pkt_time":1490976075948034,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":453,"flow_src_tot_l4_payload_len":6240,"flow_dst_tot_l4_payload_len":591,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01099{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":5,"flow_first_seen":1490976071385523,"flow_src_last_pkt_time":1490976075957661,"flow_dst_last_pkt_time":1490976075955747,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":537,"flow_dst_tot_l4_payload_len":138,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01100{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1490976071583104,"flow_src_last_pkt_time":1490976075957279,"flow_dst_last_pkt_time":1490976075955548,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":138,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":276,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01122{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1490976071286664,"flow_src_last_pkt_time":1490976075975082,"flow_dst_last_pkt_time":1490976075957057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3582,"flow_dst_tot_l4_payload_len":5044,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01120{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1490976071306483,"flow_src_last_pkt_time":1490976075950122,"flow_dst_last_pkt_time":1490976075948173,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1231,"flow_dst_tot_l4_payload_len":3873,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01121{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1490976071349196,"flow_src_last_pkt_time":1490976075957794,"flow_dst_last_pkt_time":1490976075955793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":501,"flow_src_tot_l4_payload_len":3630,"flow_dst_tot_l4_payload_len":1124,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01119{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":9,"flow_first_seen":1490976071380614,"flow_src_last_pkt_time":1490976075949846,"flow_dst_last_pkt_time":1490976075948034,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":453,"flow_src_tot_l4_payload_len":6240,"flow_dst_tot_l4_payload_len":591,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01115{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":5,"flow_first_seen":1490976071385523,"flow_src_last_pkt_time":1490976075957661,"flow_dst_last_pkt_time":1490976075955747,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":537,"flow_dst_tot_l4_payload_len":138,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01116{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1490976071583104,"flow_src_last_pkt_time":1490976075957279,"flow_dst_last_pkt_time":1490976075955548,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":138,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":276,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 01033{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1490976071237623,"flow_src_last_pkt_time":1490976075957509,"flow_dst_last_pkt_time":1490976075955700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":780,"flow_dst_max_l4_payload_len":1346,"flow_src_tot_l4_payload_len":780,"flow_dst_tot_l4_payload_len":1346,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.AmazonAlexa","proto_id":"7.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"alexa.amazon.com"}} 01020{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":15,"flow_first_seen":1490976064452332,"flow_src_last_pkt_time":1490976068180386,"flow_dst_last_pkt_time":1490976068174801,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":7862,"flow_dst_tot_l4_payload_len":9710,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.amazon.com"}} 00985{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2931,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":8,"flow_first_seen":1490976064328375,"flow_src_last_pkt_time":1490976064897914,"flow_dst_last_pkt_time":1490976064895983,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":5083,"flow_dst_tot_l4_payload_len":547,"midstream":0,"thread_ts_usec":1490976196149644,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -1314,7 +1314,7 @@ 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1490976041680864,"flow_src_last_pkt_time":1490976168960939,"flow_dst_last_pkt_time":1490976041680864,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01109{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1490976085883325,"flow_src_last_pkt_time":1490976149040436,"flow_dst_last_pkt_time":1490976085883325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","domainame":"","http": {}}} 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1490976085883325,"flow_src_last_pkt_time":1490976149040436,"flow_dst_last_pkt_time":1490976085883325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":8,"flow_first_seen":1490976187511761,"flow_src_last_pkt_time":1490976190310465,"flow_dst_last_pkt_time":1490976190271131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1290,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5660,"flow_dst_tot_l4_payload_len":3521,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01239{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":8,"flow_first_seen":1490976187511761,"flow_src_last_pkt_time":1490976190310465,"flow_dst_last_pkt_time":1490976190271131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1290,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5660,"flow_dst_tot_l4_payload_len":3521,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976164994460,"flow_src_last_pkt_time":1490976164994460,"flow_dst_last_pkt_time":1490976165058589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"alexa.amazon.com"}} 00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1490976090991595,"flow_src_last_pkt_time":1490976094931678,"flow_dst_last_pkt_time":1490976094927244,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":700,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":1041,"flow_dst_tot_l4_payload_len":4216,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00931{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976091048429,"flow_src_last_pkt_time":1490976094931528,"flow_dst_last_pkt_time":1490976094927214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":7,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":7,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -1329,25 +1329,25 @@ 01148{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":21,"flow_first_seen":1490976136930982,"flow_src_last_pkt_time":1490976140745901,"flow_dst_last_pkt_time":1490976140742729,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":6666,"flow_dst_tot_l4_payload_len":7020,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"skills-store.amazon.com"}} 01107{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1490976142629437,"flow_src_last_pkt_time":1490976148981070,"flow_dst_last_pkt_time":1490976148979222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1093,"flow_src_tot_l4_payload_len":2226,"flow_dst_tot_l4_payload_len":1369,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490976023267639,"flow_src_last_pkt_time":1490976023267639,"flow_dst_last_pkt_time":1490976023267639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01143{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":24,"flow_first_seen":1490976085644885,"flow_src_last_pkt_time":1490976098828477,"flow_dst_last_pkt_time":1490976098827474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":16338,"flow_dst_tot_l4_payload_len":5015,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com"}} -01103{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":9,"flow_first_seen":1490976085829927,"flow_src_last_pkt_time":1490976088478616,"flow_dst_last_pkt_time":1490976088474318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":565,"flow_src_tot_l4_payload_len":3641,"flow_dst_tot_l4_payload_len":703,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01103{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1490976085832410,"flow_src_last_pkt_time":1490976088478745,"flow_dst_last_pkt_time":1490976088474363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":549,"flow_src_tot_l4_payload_len":1908,"flow_dst_tot_l4_payload_len":687,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01159{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":24,"flow_first_seen":1490976085644885,"flow_src_last_pkt_time":1490976098828477,"flow_dst_last_pkt_time":1490976098827474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":16338,"flow_dst_tot_l4_payload_len":5015,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com"}} +01119{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":9,"flow_first_seen":1490976085829927,"flow_src_last_pkt_time":1490976088478616,"flow_dst_last_pkt_time":1490976088474318,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":565,"flow_src_tot_l4_payload_len":3641,"flow_dst_tot_l4_payload_len":703,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01119{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1490976085832410,"flow_src_last_pkt_time":1490976088478745,"flow_dst_last_pkt_time":1490976088474363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":549,"flow_src_tot_l4_payload_len":1908,"flow_dst_tot_l4_payload_len":687,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 00932{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1490976085884523,"flow_src_last_pkt_time":1490976088478345,"flow_dst_last_pkt_time":1490976088474183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00782{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1490976085884523,"flow_src_last_pkt_time":1490976088478345,"flow_dst_last_pkt_time":1490976088474183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01102{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1490976088605994,"flow_src_last_pkt_time":1490976094930868,"flow_dst_last_pkt_time":1490976094926813,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":565,"flow_src_tot_l4_payload_len":1235,"flow_dst_tot_l4_payload_len":703,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01144{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":23,"flow_first_seen":1490976088631582,"flow_src_last_pkt_time":1490976098828773,"flow_dst_last_pkt_time":1490976098827615,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":11639,"flow_dst_tot_l4_payload_len":7245,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com"}} -01143{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":11,"flow_first_seen":1490976088937719,"flow_src_last_pkt_time":1490976110046973,"flow_dst_last_pkt_time":1490976110045165,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":901,"flow_src_tot_l4_payload_len":10414,"flow_dst_tot_l4_payload_len":1844,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com"}} -01142{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":18,"flow_first_seen":1490976088958157,"flow_src_last_pkt_time":1490976094931279,"flow_dst_last_pkt_time":1490976094927090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":661,"flow_src_tot_l4_payload_len":9904,"flow_dst_tot_l4_payload_len":2867,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com"}} -01105{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":10,"flow_first_seen":1490976089227335,"flow_src_last_pkt_time":1490976107676457,"flow_dst_last_pkt_time":1490976107673300,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":645,"flow_src_tot_l4_payload_len":6604,"flow_dst_tot_l4_payload_len":1412,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01105{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":11,"flow_first_seen":1490976089239508,"flow_src_last_pkt_time":1490976111839243,"flow_dst_last_pkt_time":1490976111837462,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":501,"flow_src_tot_l4_payload_len":9374,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01104{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1490976114885072,"flow_src_last_pkt_time":1490976117017810,"flow_dst_last_pkt_time":1490976117015060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":3384,"flow_dst_tot_l4_payload_len":655,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01104{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1490976114894065,"flow_src_last_pkt_time":1490976116921018,"flow_dst_last_pkt_time":1490976116919339,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":565,"flow_src_tot_l4_payload_len":2020,"flow_dst_tot_l4_payload_len":703,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01106{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1490976114906930,"flow_src_last_pkt_time":1490976117017178,"flow_dst_last_pkt_time":1490976117015012,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1093,"flow_src_tot_l4_payload_len":3384,"flow_dst_tot_l4_payload_len":1231,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01104{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1490976114921759,"flow_src_last_pkt_time":1490976117016896,"flow_dst_last_pkt_time":1490976117014871,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":501,"flow_src_tot_l4_payload_len":1972,"flow_dst_tot_l4_payload_len":639,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01104{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":8,"flow_first_seen":1490976114940294,"flow_src_last_pkt_time":1490976120960098,"flow_dst_last_pkt_time":1490976120957858,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":501,"flow_src_tot_l4_payload_len":4892,"flow_dst_tot_l4_payload_len":639,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01104{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1490976150029230,"flow_src_last_pkt_time":1490976164211909,"flow_dst_last_pkt_time":1490976164210095,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":565,"flow_src_tot_l4_payload_len":1694,"flow_dst_tot_l4_payload_len":1268,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01104{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1490976158680003,"flow_src_last_pkt_time":1490976164214328,"flow_dst_last_pkt_time":1490976164210237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":485,"flow_src_tot_l4_payload_len":2190,"flow_dst_tot_l4_payload_len":623,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01104{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":7,"flow_first_seen":1490976169531098,"flow_src_last_pkt_time":1490976175920517,"flow_dst_last_pkt_time":1490976175918861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":805,"flow_src_tot_l4_payload_len":1940,"flow_dst_tot_l4_payload_len":943,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01118{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1490976088605994,"flow_src_last_pkt_time":1490976094930868,"flow_dst_last_pkt_time":1490976094926813,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":565,"flow_src_tot_l4_payload_len":1235,"flow_dst_tot_l4_payload_len":703,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01160{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":23,"flow_first_seen":1490976088631582,"flow_src_last_pkt_time":1490976098828773,"flow_dst_last_pkt_time":1490976098827615,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":11639,"flow_dst_tot_l4_payload_len":7245,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com"}} +01159{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":11,"flow_first_seen":1490976088937719,"flow_src_last_pkt_time":1490976110046973,"flow_dst_last_pkt_time":1490976110045165,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":901,"flow_src_tot_l4_payload_len":10414,"flow_dst_tot_l4_payload_len":1844,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com"}} +01158{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":18,"flow_first_seen":1490976088958157,"flow_src_last_pkt_time":1490976094931279,"flow_dst_last_pkt_time":1490976094927090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":661,"flow_src_tot_l4_payload_len":9904,"flow_dst_tot_l4_payload_len":2867,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com"}} +01121{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":10,"flow_first_seen":1490976089227335,"flow_src_last_pkt_time":1490976107676457,"flow_dst_last_pkt_time":1490976107673300,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":645,"flow_src_tot_l4_payload_len":6604,"flow_dst_tot_l4_payload_len":1412,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01121{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":11,"flow_first_seen":1490976089239508,"flow_src_last_pkt_time":1490976111839243,"flow_dst_last_pkt_time":1490976111837462,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":501,"flow_src_tot_l4_payload_len":9374,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01120{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1490976114885072,"flow_src_last_pkt_time":1490976117017810,"flow_dst_last_pkt_time":1490976117015060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":3384,"flow_dst_tot_l4_payload_len":655,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01120{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1490976114894065,"flow_src_last_pkt_time":1490976116921018,"flow_dst_last_pkt_time":1490976116919339,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":565,"flow_src_tot_l4_payload_len":2020,"flow_dst_tot_l4_payload_len":703,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01122{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":8,"flow_first_seen":1490976114906930,"flow_src_last_pkt_time":1490976117017178,"flow_dst_last_pkt_time":1490976117015012,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1093,"flow_src_tot_l4_payload_len":3384,"flow_dst_tot_l4_payload_len":1231,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01120{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1490976114921759,"flow_src_last_pkt_time":1490976117016896,"flow_dst_last_pkt_time":1490976117014871,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":501,"flow_src_tot_l4_payload_len":1972,"flow_dst_tot_l4_payload_len":639,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01120{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":8,"flow_first_seen":1490976114940294,"flow_src_last_pkt_time":1490976120960098,"flow_dst_last_pkt_time":1490976120957858,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":501,"flow_src_tot_l4_payload_len":4892,"flow_dst_tot_l4_payload_len":639,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01120{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1490976150029230,"flow_src_last_pkt_time":1490976164211909,"flow_dst_last_pkt_time":1490976164210095,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":565,"flow_src_tot_l4_payload_len":1694,"flow_dst_tot_l4_payload_len":1268,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01120{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":9,"flow_first_seen":1490976158680003,"flow_src_last_pkt_time":1490976164214328,"flow_dst_last_pkt_time":1490976164210237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":485,"flow_src_tot_l4_payload_len":2190,"flow_dst_tot_l4_payload_len":623,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01120{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":7,"flow_first_seen":1490976169531098,"flow_src_last_pkt_time":1490976175920517,"flow_dst_last_pkt_time":1490976175918861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":805,"flow_src_tot_l4_payload_len":1940,"flow_dst_tot_l4_payload_len":943,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 01157{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":28,"flow_first_seen":1490976067968666,"flow_src_last_pkt_time":1490976071076849,"flow_dst_last_pkt_time":1490976168824692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3760,"flow_dst_tot_l4_payload_len":23045,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"api.amazon.com"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976196840676,"flow_src_last_pkt_time":1490976196840676,"flow_dst_last_pkt_time":1490976196938799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fls-na.amazon.com"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976090796987,"flow_src_last_pkt_time":1490976090796987,"flow_dst_last_pkt_time":1490976090982120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":89,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"s3-external-2.amazonaws.com"}} @@ -1378,18 +1378,18 @@ 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976031581495,"flow_src_last_pkt_time":1490976031581495,"flow_dst_last_pkt_time":1490976031687199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"alexa.amazon.com"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976186818047,"flow_src_last_pkt_time":1490976186818047,"flow_dst_last_pkt_time":1490976186879188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mobileanalytics.us-east-1.amazonaws.com"}} 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976093238253,"flow_src_last_pkt_time":1490976093238253,"flow_dst_last_pkt_time":1490976093355795,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":79,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":79,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dp-gw-na-js.amazon.com"}} -01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1490976177116210,"flow_src_last_pkt_time":1490976177850302,"flow_dst_last_pkt_time":1490976177810169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2159,"flow_dst_tot_l4_payload_len":4417,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1490976177116594,"flow_src_last_pkt_time":1490976187290360,"flow_dst_last_pkt_time":1490976187287288,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5213,"flow_dst_tot_l4_payload_len":4294,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1490976177116210,"flow_src_last_pkt_time":1490976177850302,"flow_dst_last_pkt_time":1490976177810169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2159,"flow_dst_tot_l4_payload_len":4417,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} +01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1490976177116594,"flow_src_last_pkt_time":1490976187290360,"flow_dst_last_pkt_time":1490976187287288,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5213,"flow_dst_tot_l4_payload_len":4294,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 00933{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1490976177116910,"flow_src_last_pkt_time":1490976195547004,"flow_dst_last_pkt_time":1490976195546035,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00783{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1490976177116910,"flow_src_last_pkt_time":1490976195547004,"flow_dst_last_pkt_time":1490976195546035,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01144{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":17,"flow_first_seen":1490976177276176,"flow_src_last_pkt_time":1490976187754826,"flow_dst_last_pkt_time":1490976187753096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":8229,"flow_dst_tot_l4_payload_len":4566,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"pitangui.amazon.com"}} -01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1490976186164818,"flow_src_last_pkt_time":1490976186790474,"flow_dst_last_pkt_time":1490976186758377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":730,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1263,"flow_dst_tot_l4_payload_len":3889,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01160{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":17,"flow_first_seen":1490976177276176,"flow_src_last_pkt_time":1490976187754826,"flow_dst_last_pkt_time":1490976187753096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":8229,"flow_dst_tot_l4_payload_len":4566,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant","hostname":"pitangui.amazon.com"}} +01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1490976186164818,"flow_src_last_pkt_time":1490976186790474,"flow_dst_last_pkt_time":1490976186758377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":730,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1263,"flow_dst_tot_l4_payload_len":3889,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976027724821,"flow_src_last_pkt_time":1490976027724821,"flow_dst_last_pkt_time":1490976027725831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976043611721,"flow_src_last_pkt_time":1490976043611721,"flow_dst_last_pkt_time":1490976043811357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fls-na.amazon.com"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976064333083,"flow_src_last_pkt_time":1490976064333083,"flow_dst_last_pkt_time":1490976064448088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.amazon.com"}} 01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1490976030894150,"flow_src_last_pkt_time":1490976194743282,"flow_dst_last_pkt_time":1490976194740400,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":9283,"flow_dst_tot_l4_payload_len":4582,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976024857901,"flow_src_last_pkt_time":1490976024994180,"flow_dst_last_pkt_time":1490976024992071,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":83,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":83,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"connectivitycheck.android.com"}} -01338{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1490976071392707,"flow_src_last_pkt_time":1490976176431262,"flow_dst_last_pkt_time":1490976176430015,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1130,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1650,"flow_dst_tot_l4_payload_len":4006,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01354{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1490976071392707,"flow_src_last_pkt_time":1490976176431262,"flow_dst_last_pkt_time":1490976176430015,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1130,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1650,"flow_dst_tot_l4_payload_len":4006,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.AmazonAlexa","proto_id":"91.110","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":32,"category":"VirtAssistant"}} 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976107217569,"flow_src_last_pkt_time":1490976107217569,"flow_dst_last_pkt_time":1490976107359299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":57,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":57,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"skills-store.amazon.com"}} 01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976195484942,"flow_src_last_pkt_time":1490976195484942,"flow_dst_last_pkt_time":1490976195524157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.amazon.com"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976029184743,"flow_src_last_pkt_time":1490976029184743,"flow_dst_last_pkt_time":1490976029244910,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.amazon.com"}} @@ -1405,14 +1405,14 @@ 01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976029669574,"flow_src_last_pkt_time":1490976029669574,"flow_dst_last_pkt_time":1490976029753315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mads.amazon-adsystem.com"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976027514649,"flow_src_last_pkt_time":1490976027514649,"flow_dst_last_pkt_time":1490976027560355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":79,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":79,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mtalk.google.com"}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976114879774,"flow_src_last_pkt_time":1490976114879774,"flow_dst_last_pkt_time":1490976114880618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pitangui.amazon.com"}} -01119{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1490976029756146,"flow_src_last_pkt_time":1490976030370083,"flow_dst_last_pkt_time":1490976171313736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":588,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":945,"flow_dst_tot_l4_payload_len":4079,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01145{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1490976029756146,"flow_src_last_pkt_time":1490976030370083,"flow_dst_last_pkt_time":1490976171313736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":588,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":945,"flow_dst_tot_l4_payload_len":4079,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041770147,"flow_src_last_pkt_time":1490976041770147,"flow_dst_last_pkt_time":1490976041866893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":73,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":73,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mobileanalytics.us-east-1.amazonaws.com"}} 01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1490976027733585,"flow_src_last_pkt_time":1490976027826378,"flow_dst_last_pkt_time":1490976027824538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":83,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":83,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Google","proto_id":"7.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"connectivitycheck.android.com"}} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976041150466,"flow_src_last_pkt_time":1490976041150466,"flow_dst_last_pkt_time":1490976041151487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pitangui.amazon.com"}} 01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976024847601,"flow_src_last_pkt_time":1490976024847601,"flow_dst_last_pkt_time":1490976024848551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"connectivitycheck.android.com"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976035502440,"flow_src_last_pkt_time":1490976035502440,"flow_dst_last_pkt_time":1490976035549103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":154,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"cognito-identity.us-east-1.amazonaws.com"}} 01241{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":30,"flow_first_seen":1490976196223999,"flow_src_last_pkt_time":1490976196880268,"flow_dst_last_pkt_time":1490976196870225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":666,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1652,"flow_dst_tot_l4_payload_len":23158,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00866{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":3103,"packets-processed":3074,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":987205,"total-not-detected-flows":0,"total-guessed-flows":14,"total-detected-flows":146,"total-detection-updates":143,"total-updates":77,"current-active-flows":0,"total-active-flows":160,"total-idle-flows":160,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1415,"global_ts_usec":1490976198776068} +00866{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.15.0-5258-f8869cd","ndpi_api_version":12317,"size_per_flow":1384,"packets-captured":3103,"packets-processed":3074,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":987205,"total-not-detected-flows":0,"total-guessed-flows":14,"total-detected-flows":146,"total-detection-updates":143,"total-updates":77,"current-active-flows":0,"total-active-flows":160,"total-idle-flows":160,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":1415,"global_ts_usec":1490976198776068} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3103/3074 ~~ skipped flows.............: 0 @@ -1421,9 +1421,9 @@ ~~ total active/idle flows...: 160/160 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 10410119 bytes -~~ total memory freed........: 10410119 bytes -~~ total allocations/frees...: 150753/150753 +~~ total memory allocated....: 11185912 bytes +~~ total memory freed........: 11185912 bytes +~~ total allocations/frees...: 155651/155651 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 300 chars ~~ json message max len.......: 2508 chars |