aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/android.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/default/android.pcap.out')
-rw-r--r--test/results/default/android.pcap.out96
1 files changed, 48 insertions, 48 deletions
diff --git a/test/results/default/android.pcap.out b/test/results/default/android.pcap.out
index d56965a27..eeca9833f 100644
--- a/test/results/default/android.pcap.out
+++ b/test/results/default/android.pcap.out
@@ -1,5 +1,5 @@
-00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4365-b08c787f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4365-b08c787f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1582454769772338}
+00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4537-4543385d","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4537-4543385d","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1582454769772338}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454769772338,"flow_src_last_pkt_time":1582454769772338,"flow_dst_last_pkt_time":1582454769772338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1582454769772338,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1582454769772338,"flow_dst_last_pkt_time":1582454769772338,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1582454769772338,"pkt":"xGGLNYKpxiwDYGpkCABFAABMMy4AADUGGCtfZRg1wKgCEQG7xfVNnd4qbhnKg4AYAUXNDgAAAQEICmx+XigR4ZkoFwMDABMwxZA0Xbk6ucnG2OFNZYAG8R1y"}
00912{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454769772338,"flow_src_last_pkt_time":1582454769772338,"flow_dst_last_pkt_time":1582454769772338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1582454769772338,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
@@ -113,24 +113,24 @@
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1582454867723627,"flow_dst_last_pkt_time":1582454867723627,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1582454867723627,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqYtAAEARC7\/AqAIQwKgCAdY1ADUALYAStecBAAABAAAAAAAABHBsYXkKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="}
01079{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454867723627,"flow_src_last_pkt_time":1582454867723627,"flow_dst_last_pkt_time":1582454867723627,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454867723627,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"play.googleapis.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1582454867759068,"flow_dst_last_pkt_time":1582454867702373,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":232,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":232,"pkt_l4_len":198,"thread_ts_usec":1582454867759068,"pkt":"xiwDYGpkTGr2n\/YnCABFAADaoxtAAEAG1OLAqAIQ2O8meIDOAbtPCpBt7LnzAIAYAVcMzgAAAQEICv\/\/M4cG5BElFgMBAKEBAACdAwMRGw5cHdksc9heZfp3I+xA9Dx3FfWs\/ESCI9YfdinRawAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABY\/wEAAQAAAAAYABYAABNjbGllbnRzMS5nb29nbGUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAALAAIBAAAKAAgABgAdABcAGA=="}
-01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454867688207,"flow_src_last_pkt_time":1582454867759068,"flow_dst_last_pkt_time":1582454867702373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":166,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":166,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454867759068,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients1.google.com","tls": {"version":"TLSv1.2","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454867688207,"flow_src_last_pkt_time":1582454867759068,"flow_dst_last_pkt_time":1582454867702373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":166,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":166,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454867759068,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients1.google.com","tls": {"version":"TLSv1.2","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"","ja4":"t12d140700_c866b44c5a26_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1582454867723627,"flow_dst_last_pkt_time":1582454867761577,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1582454867761577,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRO4cAAEARubPAqAIBwKgCEAA11jUAPbDuteeBgAABAAEAAAAABHBsYXkKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAARgABKzZFEo="}
01095{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454867723627,"flow_src_last_pkt_time":1582454867723627,"flow_dst_last_pkt_time":1582454867761577,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1582454867761577,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"play.googleapis.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}}}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1582454867759068,"flow_dst_last_pkt_time":1582454867772247,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454867772247,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA044kAAHYGnxrY7yZ4wKgCEAG7gM7sufMATwqRE4AQAPAldAAAAQEICgbkEWz\/\/zOH"}
-01300{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454867688207,"flow_src_last_pkt_time":1582454867759068,"flow_dst_last_pkt_time":1582454867788871,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":166,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":166,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454867788871,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients1.google.com","tls": {"version":"TLSv1.2","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}}
-02630{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454867688207,"flow_src_last_pkt_time":1582454867759068,"flow_dst_last_pkt_time":1582454867789734,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":166,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":166,"flow_dst_tot_l4_payload_len":3721,"midstream":0,"thread_ts_usec":1582454867789734,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients1.google.com","tls": {"version":"TLSv1.2","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}}
+01345{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454867688207,"flow_src_last_pkt_time":1582454867759068,"flow_dst_last_pkt_time":1582454867788871,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":166,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":166,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454867788871,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients1.google.com","tls": {"version":"TLSv1.2","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","ja4":"t12d140700_c866b44c5a26_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}}
+02675{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454867688207,"flow_src_last_pkt_time":1582454867759068,"flow_dst_last_pkt_time":1582454867789734,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":166,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":166,"flow_dst_tot_l4_payload_len":3721,"midstream":0,"thread_ts_usec":1582454867789734,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients1.google.com","tls": {"version":"TLSv1.2","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","ja4":"t12d140700_c866b44c5a26_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454868348648,"flow_src_last_pkt_time":1582454868348648,"flow_dst_last_pkt_time":1582454868348648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868348648,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1582454868348648,"flow_dst_last_pkt_time":1582454868348648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454868348648,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8A3VAAEAGs2vAqAIQrNkUSs0GAbvbqzdvAAAAAKAC\/\/+uLAAAAgQFtAQCCAr\/\/zQaAAAAAAEDAwg="}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1582454868348648,"flow_dst_last_pkt_time":1582454868386134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454868386134,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8PjQAAHUGg6ys2RRKwKgCEAG7zQbWjo3E26s3cKAS6yAJ1AAAAgQFZAQCCAq9hJee\/\/80GgEDAwg="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1582454868386954,"flow_dst_last_pkt_time":1582454868386134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454868386954,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0A3ZAAEAGs3LAqAIQrNkUSs0GAbvbqzdw1o6NxYAQAVciEQAAAQEICv\/\/NCS9hJee"}
00799{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1582454868424791,"flow_dst_last_pkt_time":1582454868386134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"thread_ts_usec":1582454868424791,"pkt":"xiwDYGpkTGr2n\/YnCABFAADtA3dAAEAGsrjAqAIQrNkUSs0GAbvbqzdw1o6NxYAYAVdNBgAAAQEICv\/\/NC29hJeeFgMBALQBAACwAwMhPT2KHzHW0LHLGe6T2CwyHBBvprpU2QgwVPHkrHLB\/AAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABr\/wEAAQAAAAAYABYAABNwbGF5Lmdvb2dsZWFwaXMuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEAALAAkIaHR0cC8xLjEACwACAQAACgAIAAYAHQAXABg="}
-01140{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454868348648,"flow_src_last_pkt_time":1582454868424791,"flow_dst_last_pkt_time":1582454868386134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868424791,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.googleapis.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
+01185{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454868348648,"flow_src_last_pkt_time":1582454868424791,"flow_dst_last_pkt_time":1582454868386134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868424791,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.googleapis.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1582454868424791,"flow_dst_last_pkt_time":1582454868461131,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454868461131,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0PwMAAHUGguWs2RRKwKgCEAG7zQbWjo3F26s4KYAQAPAhagAAAQEICr2El+r\/\/zQt"}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454868462800,"flow_src_last_pkt_time":1582454868462800,"flow_dst_last_pkt_time":1582454868462800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868462800,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1582454868462800,"flow_dst_last_pkt_time":1582454868462800,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1582454868462800,"pkt":"xiwDYGpkTGr2n\/YnCABFAABLqjFAAEARCw\/AqAIQwKgCAbfpADUAN\/8RnJ4BAAABAAAAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2dzdGF0aWMDY29tAAABAAE="}
01081{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454868462800,"flow_src_last_pkt_time":1582454868462800,"flow_dst_last_pkt_time":1582454868462800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868462800,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"connectivitycheck.gstatic.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
-01232{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454868348648,"flow_src_last_pkt_time":1582454868424791,"flow_dst_last_pkt_time":1582454868466397,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454868466397,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.googleapis.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1"}}}
-01906{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454868348648,"flow_src_last_pkt_time":1582454868424791,"flow_dst_last_pkt_time":1582454868466414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":2992,"midstream":0,"thread_ts_usec":1582454868466414,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.googleapis.com","tls": {"version":"TLSv1.2","server_names":"*.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9"}}}
+01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454868348648,"flow_src_last_pkt_time":1582454868424791,"flow_dst_last_pkt_time":1582454868466397,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454868466397,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.googleapis.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1"}}}
+01951{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454868348648,"flow_src_last_pkt_time":1582454868424791,"flow_dst_last_pkt_time":1582454868466414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":2992,"midstream":0,"thread_ts_usec":1582454868466414,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.googleapis.com","tls": {"version":"TLSv1.2","server_names":"*.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9"}}}
00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1582454868462800,"flow_dst_last_pkt_time":1582454868503086,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1582454868503086,"pkt":"TGr2n\/YnxiwDYGpkCABFAABbmZAAAEARW6DAqAIBwKgCEAA1t+kAR93wnJ6BgAABAAEAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2dzdGF0aWMDY29tAAABAAHADAABAAEAAACxAASs2RID"}
01096{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454868462800,"flow_src_last_pkt_time":1582454868462800,"flow_dst_last_pkt_time":1582454868503086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1582454868503086,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"connectivitycheck.gstatic.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.18.3"}}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454868511574,"flow_src_last_pkt_time":1582454868511574,"flow_dst_last_pkt_time":1582454868511574,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868511574,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -140,22 +140,22 @@
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1582454868527203,"flow_dst_last_pkt_time":1582454868559889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454868559889,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8mn0AAHYGKKqs2RIDwKgCEAG7kBpu4mZiXaaGlKAS6yC\/LgAAAgQFZAQCCApPRk15\/\/80RgEDAwg="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1582454868563343,"flow_dst_last_pkt_time":1582454868559889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454868563343,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0stZAAEAGBlnAqAIQrNkSA5AaAbtdpoaUbuJmY4AQAVfXbAAAAQEICv\/\/NE9PRk15"}
00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1582454868563401,"flow_dst_last_pkt_time":1582454868559889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_usec":1582454868563401,"pkt":"xiwDYGpkTGr2n\/YnCABFAAD3stdAAEAGBZXAqAIQrNkSA5AaAbtdpoaUbuJmY4AYAVcAOwAAAQEICv\/\/NFBPRk15FgMBAL4BAAC6AwOZySzIWyWPFv9jpx+5YWNqQg+xq9GVJmpUnw7vrnZc6QAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAAB1\/wEAAQAAAAAiACAAAB1jb25uZWN0aXZpdHljaGVjay5nc3RhdGljLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"}
-01148{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454868527203,"flow_src_last_pkt_time":1582454868563401,"flow_dst_last_pkt_time":1582454868559889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868563401,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"connectivitycheck.gstatic.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
+01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454868527203,"flow_src_last_pkt_time":1582454868563401,"flow_dst_last_pkt_time":1582454868559889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868563401,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"connectivitycheck.gstatic.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1582454868563401,"flow_dst_last_pkt_time":1582454868595991,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454868595991,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0mn4AAHYGKLGs2RIDwKgCEAG7kBpu4mZjXaaHV4AQAPDW6gAAAQEICk9GTZ7\/\/zRQ"}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454868597303,"flow_src_last_pkt_time":1582454868597303,"flow_dst_last_pkt_time":1582454868597303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868597303,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1582454868597303,"flow_dst_last_pkt_time":1582454868597303,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1582454868597303,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqkFAAEARCwnAqAIQwKgCAcjmADUALYwU2tsBAAABAAAAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAQ=="}
01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454868597303,"flow_src_last_pkt_time":1582454868597303,"flow_dst_last_pkt_time":1582454868597303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868597303,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"app-measurement.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1582454868597303,"flow_dst_last_pkt_time":1582454868597743,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1582454868597743,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRZjUAAEARjwXAqAIBwKgCEAA1yOYAPQ9d2tuBgAABAAEAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAcAMAAEAAQAAAEEABKzZqM4="}
01089{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454868597303,"flow_src_last_pkt_time":1582454868597303,"flow_dst_last_pkt_time":1582454868597743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1582454868597743,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"app-measurement.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.168.206"}}}
-01240{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454868527203,"flow_src_last_pkt_time":1582454868563401,"flow_dst_last_pkt_time":1582454868603874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454868603874,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"connectivitycheck.gstatic.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1"}}}
-02570{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454868527203,"flow_src_last_pkt_time":1582454868563401,"flow_dst_last_pkt_time":1582454868603921,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":3708,"midstream":0,"thread_ts_usec":1582454868603921,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"connectivitycheck.gstatic.com","tls": {"version":"TLSv1.2","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}}
+01285{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454868527203,"flow_src_last_pkt_time":1582454868563401,"flow_dst_last_pkt_time":1582454868603874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454868603874,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"connectivitycheck.gstatic.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1"}}}
+02615{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454868527203,"flow_src_last_pkt_time":1582454868563401,"flow_dst_last_pkt_time":1582454868603921,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":3708,"midstream":0,"thread_ts_usec":1582454868603921,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"connectivitycheck.gstatic.com","tls": {"version":"TLSv1.2","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1582454868606764,"flow_dst_last_pkt_time":1582454866448783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_usec":1582454868606764,"pkt":"MzMAAQACTGr2n\/Ynht1gBNipADwRAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAQACAiICIwA8Uc8B2OT+AAEADgABAAEl5RSOTGr2n\/YnAAMADA4ACMoAAAAAAAAAAAAIAAIAAAAGAAQAFwAY"}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1582454868511574,"flow_dst_last_pkt_time":1582454868843663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454868843663,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8fo0AAHYGRJqs2RIDwKgCEAG7kBjGuYRJgnUILaAS6yAZNAAAAgQFZAQCCApRt9Th\/\/80QwEDAwg="}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1582454868844578,"flow_dst_last_pkt_time":1582454868843663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454868844578,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0PHBAAEAGfL\/AqAIQrNkSA5AYAbuCdQgtxrmESoAQAVcxKAAAAQEICv\/\/NJZRt9Th"}
00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1582454868936798,"flow_dst_last_pkt_time":1582454868843663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"thread_ts_usec":1582454868936798,"pkt":"xiwDYGpkTGr2n\/YnCABFAAD3PHFAAEAGe\/vAqAIQrNkSA5AYAbuCdQgtxrmESoAYAVdmqgAAAQEICv\/\/NK1Rt9ThFgMBAL4BAAC6AwPJiz4b6rt+LTNT4uSDXUKsbprZa0zZMc753ZkGH\/Y+XwAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAAB1\/wEAAQAAAAAiACAAAB1jb25uZWN0aXZpdHljaGVjay5nc3RhdGljLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"}
-01148{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454868511574,"flow_src_last_pkt_time":1582454868936798,"flow_dst_last_pkt_time":1582454868843663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868936798,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"connectivitycheck.gstatic.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
+01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454868511574,"flow_src_last_pkt_time":1582454868936798,"flow_dst_last_pkt_time":1582454868843663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454868936798,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"connectivitycheck.gstatic.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1582454868936798,"flow_dst_last_pkt_time":1582454868964867,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454868964867,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0ft4AAHYGRFGs2RIDwKgCEAG7kBjGuYRKgnUI8IAQAPAwPAAAAQEIClG31Vr\/\/zSt"}
-01160{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454868511574,"flow_src_last_pkt_time":1582454868936798,"flow_dst_last_pkt_time":1582454869031105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":872,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":872,"midstream":0,"thread_ts_usec":1582454869031105,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"connectivitycheck.gstatic.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
+01205{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454868511574,"flow_src_last_pkt_time":1582454868936798,"flow_dst_last_pkt_time":1582454869031105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":872,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":872,"midstream":0,"thread_ts_usec":1582454869031105,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":30,"category":"ConnCheck","hostname":"connectivitycheck.gstatic.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454869361238,"flow_src_last_pkt_time":1582454869361238,"flow_dst_last_pkt_time":1582454869361238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454869361238,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1582454869361238,"flow_dst_last_pkt_time":1582454869361238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1582454869361238,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA+qnVAAEARCtjAqAIQwKgCAZhgADUAKv996DEBAAABAAAAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAQ=="}
01076{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454869361238,"flow_src_last_pkt_time":1582454869361238,"flow_dst_last_pkt_time":1582454869361238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454869361238,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mtalk.google.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -166,12 +166,12 @@
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1582454869517223,"flow_dst_last_pkt_time":1582454869556140,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454869556140,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA80VwAAHUGW\/+s2ajOwKgCEAG7xNCPRbjJ\/OqXoqAS6yAGLQAAAgQFZAQCCApmsf+J\/\/81LQEDAwg="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1582454869557517,"flow_dst_last_pkt_time":1582454869556140,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454869557517,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oo1AAEAGf9bAqAIQrNmozsTQAbv86peij0W4yoAQAVceWQAAAQEICv\/\/NUhmsf+J"}
00800{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_src_last_pkt_time":1582454869614403,"flow_dst_last_pkt_time":1582454869556140,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"thread_ts_usec":1582454869614403,"pkt":"xiwDYGpkTGr2n\/YnCABFAADtoo5AAEAGfxzAqAIQrNmozsTQAbv86peij0W4yoAYAVd6YwAAAQEICv\/\/NVdmsf+JFgMBALQBAACwAwNEQVlrFj9Y47MgZ8vO8k2FXJJ0JJ\/6X8XoKgfa\/cCzYgAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABrAAAAGAAWAAATYXBwLW1lYXN1cmVtZW50LmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAAEAALAAkIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgE="}
-01134{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454869517223,"flow_src_last_pkt_time":1582454869614403,"flow_dst_last_pkt_time":1582454869556140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454869614403,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"app-measurement.com","tls": {"version":"TLSv1.2","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
+01179{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454869517223,"flow_src_last_pkt_time":1582454869614403,"flow_dst_last_pkt_time":1582454869556140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454869614403,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"app-measurement.com","tls": {"version":"TLSv1.2","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454869626114,"flow_src_last_pkt_time":1582454869626114,"flow_dst_last_pkt_time":1582454869626114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454869626114,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1582454869626114,"flow_dst_last_pkt_time":1582454869626114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454869626114,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2ZAAEAG9TXAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9vQQAAAgQFtAQCCAr\/\/zVZAAAAAAEDAwg="}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_src_last_pkt_time":1582454869614403,"flow_dst_last_pkt_time":1582454869652270,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454869652270,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA00aQAAHUGW7+s2ajOwKgCEAG7xNCPRbjK\/OqYW4AQAPAdlwAAAQEICmax\/+r\/\/zVX"}
-01224{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454869517223,"flow_src_last_pkt_time":1582454869614403,"flow_dst_last_pkt_time":1582454869657605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454869657605,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"app-measurement.com","tls": {"version":"TLSv1.2","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1"}}}
-01719{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454869517223,"flow_src_last_pkt_time":1582454869614403,"flow_dst_last_pkt_time":1582454869657623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":3201,"midstream":0,"thread_ts_usec":1582454869657623,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"app-measurement.com","tls": {"version":"TLSv1.2","server_names":"*.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01"}}}
+01269{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454869517223,"flow_src_last_pkt_time":1582454869614403,"flow_dst_last_pkt_time":1582454869657605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454869657605,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"app-measurement.com","tls": {"version":"TLSv1.2","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1"}}}
+01764{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1582454869517223,"flow_src_last_pkt_time":1582454869614403,"flow_dst_last_pkt_time":1582454869657623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":3201,"midstream":0,"thread_ts_usec":1582454869657623,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"app-measurement.com","tls": {"version":"TLSv1.2","server_names":"*.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01"}}}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1582454870649882,"flow_dst_last_pkt_time":1582454869626114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454870649882,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2dAAEAG9TTAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9uQgAAAgQFtAQCCAr\/\/zZYAAAAAAEDAwg="}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454870996454,"flow_src_last_pkt_time":1582454870996454,"flow_dst_last_pkt_time":1582454870996454,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454870996454,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1582454870996454,"flow_dst_last_pkt_time":1582454870996454,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1582454870996454,"pkt":"xiwDYGpkTGr2n\/YnCABFAABIq6dAAEARCZzAqAIQwKgCAY8FADUANFCq5z4BAAABAAAAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAE="}
@@ -206,9 +206,9 @@
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871103439,"flow_src_last_pkt_time":1582454871103439,"flow_dst_last_pkt_time":1582454871103439,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871103439,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871103439,"flow_dst_last_pkt_time":1582454871103439,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871103439,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8ApdAAEAGssnAqAIQrNkVysrYAbsvYjRcAAAAAKAC\/\/9bhgAAAgQFtAQCCAr\/\/zbLAAAAAAEDAwg="}
01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871103583,"flow_dst_last_pkt_time":1582454871088655,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454871103583,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5xApAAEAGspTAqAIQ2O8meIDeAbsJrvLNIL8rFYAYAVc5mwAAAQEICv\/\/NstclUhuFgMBAgABAAH8AwMxTXvusHBDhpdSzKEoPqQ2o90gb87HP3QFZwA4kEZ\/QyD4xr0gtG8NjPlWhUg7IfWsznkFNClZBNvxMyLqGIrBHgAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAfAB0AABphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACBI0V5haWJofMB6PMnUO4IQ7keMeAwbqHFyCH7tJ8MoLgAtAAIBAQArAAkIAwQDAwMCAwEAFQDxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-01311{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871075698,"flow_src_last_pkt_time":1582454871103583,"flow_dst_last_pkt_time":1582454871088655,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871103583,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","tls": {"version":"TLSv1.2","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01356{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871075698,"flow_src_last_pkt_time":1582454871103583,"flow_dst_last_pkt_time":1582454871088655,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871103583,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","tls": {"version":"TLSv1.2","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","ja4":"t13d171100_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871105198,"flow_dst_last_pkt_time":1582454871056176,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454871105198,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI53w5AAEAGl5DAqAIQ2O8meIDaAbu5DOmx\/LuGm4AYAVc8kAAAAQEICv\/\/NsuJFH+\/FgMBAgABAAH8AwNXR4IBK0icLctGWlxjvV\/JiAB62cpYMwCtfNZyJo3zdyCr3\/X3EqQMslzWKxfodTxbMmxBkYxsWxP2dnqi9pIeZQAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAfAB0AABphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACDrv790wU6es29sORpkI+NUqAeVoQxGptljCga\/6WmGZAAtAAIBAQArAAkIAwQDAwMCAwEAFQDxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-01311{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871042436,"flow_src_last_pkt_time":1582454871105198,"flow_dst_last_pkt_time":1582454871056176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871105198,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","tls": {"version":"TLSv1.2","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01356{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871042436,"flow_src_last_pkt_time":1582454871105198,"flow_dst_last_pkt_time":1582454871056176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871105198,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","tls": {"version":"TLSv1.2","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","ja4":"t13d171100_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871115584,"flow_src_last_pkt_time":1582454871115584,"flow_dst_last_pkt_time":1582454871115584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871115584,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871115584,"flow_dst_last_pkt_time":1582454871115584,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871115584,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8q7VAAEARCZrAqAIQwKgCAZ6EADUAKMiehDwBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="}
01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871115584,"flow_src_last_pkt_time":1582454871115584,"flow_dst_last_pkt_time":1582454871115584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871115584,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -220,28 +220,28 @@
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1582454871130064,"flow_dst_last_pkt_time":1582454871128611,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871130064,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0RuJAAEAGM\/XAqAIQrcJPco\/iAFBu6HApJij0c4AQAVdDYAAAAQEICv\/\/NtHBhO\/i"}
00947{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871131065,"flow_dst_last_pkt_time":1582454871128611,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"thread_ts_usec":1582454871131065,"pkt":"xiwDYGpkTGr2n\/YnCABFAAFdRuNAAEAGMsvAqAIQrcJPco\/iAFBu6HApJij0c4AYAVesTgAAAQEICv\/\/NtLBhO\/iR0VUIC9jb25uZWN0IEhUVFAvMS4xDQpIb3N0OiBjaGVjay5nb29nbGV6aXAubmV0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgOTsgTm9raWEgMi4yKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzkuMC4zOTQ1LjkzIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogaXQtSVQsaXQ7cT0wLjksZW4tVVM7cT0wLjgsZW47cT0wLjcNCg0K"}
01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871094545,"flow_src_last_pkt_time":1582454871131065,"flow_dst_last_pkt_time":1582454871128611,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":297,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871131065,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.DataSaver","proto_id":"7.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":5,"category":"Web","hostname":"check.googlezip.net","http": {"url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36","detected_os":"Android 9"}}}
-01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871075698,"flow_src_last_pkt_time":1582454871103583,"flow_dst_last_pkt_time":1582454871132684,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871132684,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","tls": {"version":"TLSv1.3","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01401{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871075698,"flow_src_last_pkt_time":1582454871103583,"flow_dst_last_pkt_time":1582454871132684,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871132684,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","tls": {"version":"TLSv1.3","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d171100_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871103439,"flow_dst_last_pkt_time":1582454871132705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871132705,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8KYcAAHYGldms2RXKwKgCEAG7ytjkokMBL2I0XaAS6yDzNwAAAgQFZAQCCAptKuid\/\/82ywEDAwg="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1582454871135219,"flow_dst_last_pkt_time":1582454871132705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871135219,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0AphAAEAGstDAqAIQrNkVysrYAbsvYjRd5KJDAoAQAVcLdwAAAQEICv\/\/NtNtKuid"}
-01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871042436,"flow_src_last_pkt_time":1582454871105198,"flow_dst_last_pkt_time":1582454871135248,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871135248,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","tls": {"version":"TLSv1.3","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01401{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871042436,"flow_src_last_pkt_time":1582454871105198,"flow_dst_last_pkt_time":1582454871135248,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871135248,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","tls": {"version":"TLSv1.3","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d171100_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871138480,"flow_dst_last_pkt_time":1582454871132705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454871138480,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5AplAAEAGsMrAqAIQrNkVysrYAbsvYjRd5KJDAoAYAVcUdQAAAQEICv\/\/NtRtKuidFgMBAgABAAH8AwMLzOxtO6hOmIYWfBvitg4r+7Wglg8GVNMAJsb\/jQkPqyB1NOTF0gGFb6IK4+2hAOm9SIxGs64I4ihATDO0kHBwJQAiuroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZG6ugAAAAAAHQAbAAAYZGF0YXNhdmVyLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBABIAAAAzACsAKaqqAAEAAB0AII9uaDFaArcbql7rcKk4GhOXI2ordsjsf6j3VCsurBUOAC0AAgEBACsACwp6egMEAwMDAgMBABsAAwIAAhoaAAEAABUAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871103439,"flow_src_last_pkt_time":1582454871138480,"flow_dst_last_pkt_time":1582454871132705,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871138480,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"datasaver.googleapis.com","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01245{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871103439,"flow_src_last_pkt_time":1582454871138480,"flow_dst_last_pkt_time":1582454871132705,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871138480,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"datasaver.googleapis.com","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","ja4":"t00d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871152402,"flow_src_last_pkt_time":1582454871152402,"flow_dst_last_pkt_time":1582454871152402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871152402,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871152402,"flow_dst_last_pkt_time":1582454871152402,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871152402,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA82rlAAEAGneLAqAIQ2O8meIDkAbvMauxuAAAAAKAC\/\/8TjwAAAgQFtAQCCAr\/\/zbXAAAAAAEDAwg="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1582454871131065,"flow_dst_last_pkt_time":1582454871164798,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871164798,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA03fEAAGcGteWtwk9ywKgCEABQj+ImKPRzbuhxUoAQAPhCcAAAAQEICsGE8Af\/\/zbS"}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871152402,"flow_dst_last_pkt_time":1582454871166075,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871166075,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA82hIAAHUGqYnY7yZ4wKgCEAG7gOSVNE5IzGrsb6AS6yB0TQAAAgQFZAQCCArIBAje\/\/821wEDAwg="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1582454871138480,"flow_dst_last_pkt_time":1582454871167064,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871167064,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0KaEAAHYGlces2RXKwKgCEAG7ytjkokMCL2I2YoAQAPAJtQAAAQEICm0q6MD\/\/zbU"}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1582454871167424,"flow_dst_last_pkt_time":1582454871166075,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871167424,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA02rpAAEAGnenAqAIQ2O8meIDkAbvMauxvlTROSYAQAVeMkAAAAQEICv\/\/NtvIBAje"}
-01245{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871103439,"flow_src_last_pkt_time":1582454871138480,"flow_dst_last_pkt_time":1582454871175159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871175159,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"datasaver.googleapis.com","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871103439,"flow_src_last_pkt_time":1582454871138480,"flow_dst_last_pkt_time":1582454871175159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871175159,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"datasaver.googleapis.com","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t00d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871200149,"flow_dst_last_pkt_time":1582454871166075,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_usec":1582454871200149,"pkt":"xiwDYGpkTGr2n\/YnCABFAADo2rtAAEAGnTTAqAIQ2O8meIDkAbvMauxvlTROSYAYAVcGiwAAAQEICv\/\/NuPIBAjeFgMBAK8BAACrAwNFVUmkRCYrsTAD0Sv7c78jm6\/45rXgRFs9zPd5tSprMAAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABmAAAAEwARAAAOd3d3Lmdvb2dsZS5jb20AFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAABAACwAJCGh0dHAvMS4xAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIB"}
-01128{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871152402,"flow_src_last_pkt_time":1582454871200149,"flow_dst_last_pkt_time":1582454871166075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871200149,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.2","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
+01173{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871152402,"flow_src_last_pkt_time":1582454871200149,"flow_dst_last_pkt_time":1582454871166075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871200149,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.2","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871207179,"flow_dst_last_pkt_time":1582454871083686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454871207179,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5\/AlAAEAGepXAqAIQ2O8meIDcAbs4lMrGVf45RYAYAVcaagAAAQEICv\/\/NuUm516WFgMBAgABAAH8AwM37xcvxqGOp1ZnThmurrs0HSWrnpg6Spe\/m2OgtSLfXSCC4Pfhq3JTS\/EIU4w5K41jaeqfs8B1xjYOKn01wppgBwAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAfAB0AABphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACAOqSgSSv06T6U6O4sZxiexLl9ocxA7uiPWoPZ34phLJgAtAAIBAQArAAkIAwQDAwMCAwEAFQDxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-01311{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871069614,"flow_src_last_pkt_time":1582454871207179,"flow_dst_last_pkt_time":1582454871083686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871207179,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","tls": {"version":"TLSv1.2","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01356{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871069614,"flow_src_last_pkt_time":1582454871207179,"flow_dst_last_pkt_time":1582454871083686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871207179,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","tls": {"version":"TLSv1.2","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","ja4":"t13d171100_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1582454871200149,"flow_dst_last_pkt_time":1582454871213549,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871213549,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA02kYAAHUGqV3Y7yZ4wKgCEAG7gOSVNE5JzGrtI4AQAPCMDAAAAQEICsgECQ3\/\/zbj"}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1582454871207179,"flow_dst_last_pkt_time":1582454871221044,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871221044,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0bqkAAHYGE\/vY7yZ4wKgCEAG7gNxV\/jlFOJTMy4AQAPDfhQAAAQEICibnXyD\/\/zbl"}
-01220{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871152402,"flow_src_last_pkt_time":1582454871200149,"flow_dst_last_pkt_time":1582454871230117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871230117,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.2","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1"}}}
-01470{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1582454871152402,"flow_src_last_pkt_time":1582454871200149,"flow_dst_last_pkt_time":1582454871230120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":2554,"midstream":0,"thread_ts_usec":1582454871230120,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.2","server_names":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0"}}}
-01356{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871069614,"flow_src_last_pkt_time":1582454871207179,"flow_dst_last_pkt_time":1582454871237524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871237524,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","tls": {"version":"TLSv1.3","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01265{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871152402,"flow_src_last_pkt_time":1582454871200149,"flow_dst_last_pkt_time":1582454871230117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871230117,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.2","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1"}}}
+01515{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1582454871152402,"flow_src_last_pkt_time":1582454871200149,"flow_dst_last_pkt_time":1582454871230120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":2554,"midstream":0,"thread_ts_usec":1582454871230120,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.2","server_names":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","ja4":"t12d1409ht_c866b44c5a26_b39be8c56a14","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0"}}}
+01401{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871069614,"flow_src_last_pkt_time":1582454871207179,"flow_dst_last_pkt_time":1582454871237524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871237524,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.PlayStore","proto_id":"91.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","tls": {"version":"TLSv1.3","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d171100_5b57614c22b0_3f5d972527c0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871292222,"flow_src_last_pkt_time":1582454871292222,"flow_dst_last_pkt_time":1582454871292222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871292222,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871292222,"flow_dst_last_pkt_time":1582454871292222,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1582454871292222,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq9RAAEARCXbAqAIQwKgCAbUXADUALUF1Da4BAAABAAAAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAQ=="}
01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871292222,"flow_src_last_pkt_time":1582454871292222,"flow_dst_last_pkt_time":1582454871292222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871292222,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"accounts.google.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -252,12 +252,12 @@
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871321492,"flow_dst_last_pkt_time":1582454871334763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871334763,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8saEAAHUG0frY7yZ4wKgCEAG7gOY64cVhLkGq8aAS6yCKsAAAAgQFZAQCCAofL14G\/\/83AQEDAwg="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1582454871335705,"flow_dst_last_pkt_time":1582454871334763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871335705,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0nfJAAEAG2rHAqAIQ2O8meIDmAbsuQarxOuHFYoAQAVei8wAAAQEICv\/\/NwUfL14G"}
01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871339142,"flow_dst_last_pkt_time":1582454871334763,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454871339142,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5nfNAAEAG2KvAqAIQ2O8meIDmAbsuQarxOuHFYoAYAVe\/wgAAAQEICv\/\/NwYfL14GFgMBAgABAAH8AwM2HQqqNkiYixPn9BwY+6aPMTBPHUYVai51sP\/t1krD8iCPeQv28z7\/GLsaGfQh98BpWEFaJzPvJz3ZigJL3Bq7jwAiqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZG6ugAAAAAAGAAWAAATYWNjb3VudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAoACNraAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQASAAAAMwArACna2gABAAAdACDaIvjlTeWP\/EfNzQgKtZHyge+ZIFM5wilp\/lsIRx8ZUQAtAAIBAQArAAsKiooDBAMDAwIDAQAbAAMCAAIKCgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871321492,"flow_src_last_pkt_time":1582454871339142,"flow_dst_last_pkt_time":1582454871334763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871339142,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01245{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871321492,"flow_src_last_pkt_time":1582454871339142,"flow_dst_last_pkt_time":1582454871334763,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871339142,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","ja4":"t00d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871343067,"flow_src_last_pkt_time":1582454871343067,"flow_dst_last_pkt_time":1582454871343067,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871343067,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871343067,"flow_dst_last_pkt_time":1582454871343067,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1582454871343067,"pkt":"xiwDYGpkTGr2n\/YnCABFAABQq9VAAEARCWbAqAIQwKgCAYtpADUAPJHqlgwBAAABAAAAAAAAE3NlbWFudGljbG9jYXRpb24tcGEKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="}
01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871343067,"flow_src_last_pkt_time":1582454871343067,"flow_dst_last_pkt_time":1582454871343067,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871343067,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"semanticlocation-pa.googleapis.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1582454871339142,"flow_dst_last_pkt_time":1582454871352300,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871352300,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0sbMAAHUG0fDY7yZ4wKgCEAG7gOY64cViLkGs9oAQAPChQgAAAQEICh8vXhj\/\/zcG"}
-01245{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1582454871321492,"flow_src_last_pkt_time":1582454871359254,"flow_dst_last_pkt_time":1582454871370051,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871370051,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1582454871321492,"flow_src_last_pkt_time":1582454871359254,"flow_dst_last_pkt_time":1582454871370051,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871370051,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t00d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871343067,"flow_dst_last_pkt_time":1582454871383146,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1582454871383146,"pkt":"TGr2n\/YnxiwDYGpkCABFAABgqGIAAEARTMnAqAIBwKgCEAA1i2kATI9glgyBgAABAAEAAAAAE3NlbWFudGljbG9jYXRpb24tcGEKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAALIABKzZFEo="}
01110{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871343067,"flow_src_last_pkt_time":1582454871343067,"flow_dst_last_pkt_time":1582454871383146,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1582454871383146,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"semanticlocation-pa.googleapis.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871496841,"flow_src_last_pkt_time":1582454871496841,"flow_dst_last_pkt_time":1582454871496841,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871496841,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -275,22 +275,22 @@
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871600718,"flow_dst_last_pkt_time":1582454871601103,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1582454871601103,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRUPMAAEARpEfAqAIBwKgCEAA15gwAPWHd5u6BgAABAAEAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
01088{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871600718,"flow_src_last_pkt_time":1582454871600718,"flow_dst_last_pkt_time":1582454871601103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1582454871601103,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"accounts.google.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}}
01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871614271,"flow_dst_last_pkt_time":1582454871591165,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454871614271,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5o7hAAEAGESnAqAIQrNkUTKpyAbt9gJSOD\/piSoAYAVdLzQAAAQEICv\/\/N0uRSuAVFgMBAgABAAH8AwNx38g8c64XBkE7jetV3Cdtn9z0vCweKrcHtwdhHbSQ+SAUmDom3MjZPcHpObhTXaYvtFsSBZnsdLd6vfStLts0RQAiuroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZE6OgAAAAAAGAAWAAATcHJveHkuZ29vZ2xlemlwLm5ldAAXAAD\/AQABAAAKAAoACGpqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQASAAAAMwArAClqagABAAAdACBvCWpMIieU6hTvNOrIocRNkNYDiS7EYWL5ZMqbRo33UAAtAAIBAQArAAsKKioDBAMDAwIDAQAbAAMCAALq6gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871553292,"flow_src_last_pkt_time":1582454871614271,"flow_dst_last_pkt_time":1582454871591165,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871614271,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"proxy.googlezip.net","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871553292,"flow_src_last_pkt_time":1582454871614271,"flow_dst_last_pkt_time":1582454871591165,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871614271,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"proxy.googlezip.net","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","ja4":"t00d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871623035,"flow_src_last_pkt_time":1582454871623035,"flow_dst_last_pkt_time":1582454871623035,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871623035,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871623035,"flow_dst_last_pkt_time":1582454871623035,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871623035,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8E0lAAEAGZVPAqAIQ2O8meIDqAbtXpCQEAAAAAKAC\/\/9QRAAAAgQFtAQCCAr\/\/zdNAAAAAAEDAwg="}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1582454871627484,"flow_dst_last_pkt_time":1582454871591165,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871627484,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0o7lAAEAGEy3AqAIQrNkUTKpyAbt9gJaTD\/piSoARAVcWUwAAAQEICv\/\/N06RSuAV"}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871623035,"flow_dst_last_pkt_time":1582454871636179,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871636179,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8YK4AAHYGIe7Y7yZ4wKgCEAG7gOoEIWijV6QkBaAS6yBQGwAAAgQFZAQCCAqpXP8l\/\/83TQEDAwg="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1582454871641192,"flow_dst_last_pkt_time":1582454871636179,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871641192,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0E0pAAEAGZVrAqAIQ2O8meIDqAbtXpCQFBCFopIAQAVdoXgAAAQEICv\/\/N1GpXP8l"}
-01239{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1582454871553292,"flow_src_last_pkt_time":1582454871627484,"flow_dst_last_pkt_time":1582454871657677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871657677,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"proxy.googlezip.net","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1582454871553292,"flow_src_last_pkt_time":1582454871627484,"flow_dst_last_pkt_time":1582454871657677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871657677,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"proxy.googlezip.net","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t00d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871671535,"flow_dst_last_pkt_time":1582454871636179,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454871671535,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5E0tAAEAGY1TAqAIQ2O8meIDqAbtXpCQFBCFopIAYAVf46AAAAQEICv\/\/N1mpXP8lFgMBAgABAAH8AwOnqdAL3NdvDJFQu00MJRohbBr\/QjZxpgAY\/BGSZ5WHGyAH\/0kdSaWWl14l1kSxYkKqhEzX\/PL9dJ3FIy4nXY+zSwAi+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZFaWgAAAAAAGAAWAAATYWNjb3VudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQASAAAAMwArAClKSgABAAAdACAb6mJErdFzNWCA7OLn3TVZSxKHowP8hLIwdOOd3\/6PSQAtAAIBAQArAAsKKioDBAMDAwIDAQAbAAMCAAKamgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871623035,"flow_src_last_pkt_time":1582454871671535,"flow_dst_last_pkt_time":1582454871636179,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871671535,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01245{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871623035,"flow_src_last_pkt_time":1582454871671535,"flow_dst_last_pkt_time":1582454871636179,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871671535,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","ja4":"t00d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871676950,"flow_src_last_pkt_time":1582454871676950,"flow_dst_last_pkt_time":1582454871676950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871676950,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871676950,"flow_dst_last_pkt_time":1582454871676950,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1582454871676950,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrABAAEARCUrAqAIQwKgCAYHYADUALeidI0IBAAABAAAAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAQ=="}
01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871676950,"flow_src_last_pkt_time":1582454871676950,"flow_dst_last_pkt_time":1582454871676950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871676950,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","proto_id":"5.46","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"check.googlezip.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871676950,"flow_dst_last_pkt_time":1582454871677331,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1582454871677331,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRtlYAAEARPuTAqAIBwKgCEAA1gdgAPR0+I0KBgAABAAEAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAQMABK3CT3I="}
01083{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871676950,"flow_src_last_pkt_time":1582454871676950,"flow_dst_last_pkt_time":1582454871677331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1582454871677331,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","proto_id":"5.46","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"check.googlezip.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}}}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1582454871671535,"flow_dst_last_pkt_time":1582454871684801,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871684801,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0YMIAAHYGIeLY7yZ4wKgCEAG7gOoEIWikV6QmCoAQAPBmhwAAAQEICqlc\/1b\/\/zdZ"}
-01245{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871623035,"flow_src_last_pkt_time":1582454871671535,"flow_dst_last_pkt_time":1582454871702687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871702687,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871623035,"flow_src_last_pkt_time":1582454871671535,"flow_dst_last_pkt_time":1582454871702687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871702687,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t00d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871741833,"flow_src_last_pkt_time":1582454871741833,"flow_dst_last_pkt_time":1582454871741833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871741833,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871741833,"flow_dst_last_pkt_time":1582454871741833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871741833,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8FotAAEAGoFXAqAIQrNkUSs0iAbsOnCHhAAAAAKAC\/\/+NXgAAAgQFtAQCCAr\/\/zdqAAAAAAEDAwg="}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871745826,"flow_src_last_pkt_time":1582454871745826,"flow_dst_last_pkt_time":1582454871745826,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871745826,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -334,31 +334,31 @@
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871829800,"flow_dst_last_pkt_time":1582454871867294,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871867294,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8+7cAAHUGxias2RRMwKgCEAG7qn7jcCu5pd5966AS6yBHnwAAAgQFZAQCCArp2ZEZ\/\/83gAEDAwg="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_src_last_pkt_time":1582454871873337,"flow_dst_last_pkt_time":1582454871867294,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871873337,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SmtAAEAGbHvAqAIQrNkUTKp+Abul3n3r43AruoAQAVdf2wAAAQEICv\/\/N4vp2ZEZ"}
01346{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871879681,"flow_dst_last_pkt_time":1582454871848736,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":660,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":660,"pkt_l4_len":626,"thread_ts_usec":1582454871879681,"pkt":"xiwDYGpkTGr2n\/YnCABFAAKGCFNAAEAGqsPAqAIQrNkVysroAbtCYT8toOwsPoAYAVfGNQAAAQEICv\/\/N43vemfUFgMBAk0BAAJJAwNrXT7L+PJep4B\/dk8AB+uJB9Pwzmj4f8u29vBYTRHG4CDv0sgDEuW0ydkkTNHJWYUIu7zui1THvKT7nSHdEo4WbQAiysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAd6qqgAAAAAAHQAbAAAYZGF0YXNhdmVyLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACgAIysoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBABIAAAAzACsAKcrKAAEAAB0AIA7SNmfcO9z5Fk8eILAkK8oUeEYOBFCgnNeuFUKzBOEGAC0AAgEBACsACwpKSgMEAwMDAgMBABsAAwIAAvr6AAEAACkBDQDoAOIBlHTCUkrnq2qUV7Uc6bRUrJdD\/LtOX9saWvlSIiAibjKIU0wHw9yQxl9yfCDql2xDdrNsm7zbF6\/OGNfdahzYSr6RfqSfTZGLDMZZfk1MJbPFSKnzYvS6jOEo3TW7x+9BZ4+3KDyjSvE5m\/8l2XSPqIu13oiFGgsmpE4gdERCudtURq0Ogikb8MlcSRimaW6Jyuzxd70fGrtNyd8LfqifFc1h2FkIDgK11FO2C2BHwFuqglbOegGmZKZuntDRxgQqNPVB57xYszkl2XDvW62m55mBMYgOxxISmOX9JOYaN4l\/oAeAdwAhICV8acJGk5urIeyURl35qfHipUs4BWNlBpXTDG5xEgou"}
-01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871814833,"flow_src_last_pkt_time":1582454871879681,"flow_dst_last_pkt_time":1582454871848736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":594,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":594,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871879681,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"datasaver.googleapis.com","tls": {"version":"TLSv1.2","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01245{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871814833,"flow_src_last_pkt_time":1582454871879681,"flow_dst_last_pkt_time":1582454871848736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":594,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":594,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871879681,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"datasaver.googleapis.com","tls": {"version":"TLSv1.2","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"","ja4":"t00d1615h2_46e7e9700bed_13c35ee53a8e","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871880409,"flow_dst_last_pkt_time":1582454871853794,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454871880409,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5wi1AAEAGtHHAqAIQ2O8meID2AbsYfvWpTGBDc4AYAVfJZAAAAQEICv\/\/N43Dx9w1FgMBAgABAAH8AwOizyXUznqR2zg8twjqz4c\/1LcXNiJz8Xl8G8QuY+oU9yAcL+vdmf\/YPEco\/YkV+JSTvE9P1MbaTiaPYiMm3qSYcAAiqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZFaWgAAAAAAEwARAAAOd3d3Lmdvb2dsZS5jb20AFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAEgAAADMAKwApWloAAQAAHQAg3dtD4+BEPVHHfNtYISH7IY66a0OPmtM6OXNpxMB89XwALQACAQEAKwALCpqaAwQDAwMCAwEAGwADAgACKioAAQAAFQDKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-01195{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871839297,"flow_src_last_pkt_time":1582454871880409,"flow_dst_last_pkt_time":1582454871853794,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871880409,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871839297,"flow_src_last_pkt_time":1582454871880409,"flow_dst_last_pkt_time":1582454871853794,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871880409,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","ja4":"t00d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871881494,"flow_src_last_pkt_time":1582454871881494,"flow_dst_last_pkt_time":1582454871881494,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871881494,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871881494,"flow_dst_last_pkt_time":1582454871881494,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1582454871881494,"pkt":"xiwDYGpkTGr2n\/YnCABFAABErDBAAEARCRfAqAIQwKgCAZtQADUAMNjjuKUBAAABAAAAAAAAB2FuZHJvaWQKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="}
01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871881494,"flow_src_last_pkt_time":1582454871881494,"flow_dst_last_pkt_time":1582454871881494,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871881494,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"android.googleapis.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1582454871890562,"flow_dst_last_pkt_time":1582454871867294,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454871890562,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5SmxAAEAGanXAqAIQrNkUTKp+Abul3n3r43AruoAYAVdhvAAAAQEICv\/\/N5Dp2ZEZFgMBAgABAAH8AwNXABRh0bUwv02\/tcLYJb8tWNqjNMehgKwAQKR+V6qhpSB5nowSHXSTk06sjSwrAIShPUtbUgvH7+EkOPJ+Q5cJZAAiuroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZHKygAAAAAAGAAWAAATcHJveHkuZ29vZ2xlemlwLm5ldAAXAAD\/AQABAAAKAAoACAoKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQASAAAAMwArACkKCgABAAAdACBLZwILTiy6lRDHwjubzrib1KyQtw7d5xCTjiQBUnoNPgAtAAIBAQArAAsKqqoDBAMDAwIDAQAbAAMCAALq6gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871829800,"flow_src_last_pkt_time":1582454871890562,"flow_dst_last_pkt_time":1582454871867294,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871890562,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"proxy.googlezip.net","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871829800,"flow_src_last_pkt_time":1582454871890562,"flow_dst_last_pkt_time":1582454871867294,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871890562,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"proxy.googlezip.net","tls": {"version":"TLSv1.2","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","ja4":"t00d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1582454871880409,"flow_dst_last_pkt_time":1582454871894669,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871894669,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0AIIAAHUGgyLY7yZ4wKgCEAG7gPZMYENzGH73roAQAPC5RwAAAQEICsPH3F7\/\/zeN"}
02178{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1582454871152402,"flow_src_last_pkt_time":1582454871906464,"flow_dst_last_pkt_time":1582454871901421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":819,"flow_dst_tot_l4_payload_len":10828,"midstream":0,"thread_ts_usec":1582454871906464,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":48486.5,"max":404574,"stddev":104241.1,"var":10866214912.0,"ent":3.0,"data": [13673,15022,32725,47474,16568,3,34518,282,386517,404574,19668,197623,221096,19209,15019,27735,41804,1657,22,36,1002,1575,133,18,9,1204,14,1169,2703,19,10]},"pktlen": {"min":52,"avg":416.5,"max":1470,"stddev":552.7,"var":305506.2,"ent":3.9,"data": [60,60,52,232,52,1470,1188,52,52,145,344,52,564,52,86,52,641,52,1470,1470,1407,1470,52,1470,382,88,52,52,52,52,52,52]},"bins": {"c_to_s": [13,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,5,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,1,0,0,1,0,1,1,0,1,1,1,1,0,1,1,1,0,0,0,0,0,0],"entropies": [4.671797276,5.277319908,5.092563152,5.518131256,5.077241421,7.236341000,7.433474064,5.131024837,5.131024837,6.086913109,7.119209766,4.962661266,7.515064716,4.947339535,5.439514160,5.038779736,7.633175850,5.015639782,7.866302967,7.846067905,7.867026806,7.835390091,5.092563152,7.847195148,7.413039684,5.580356598,5.054101467,5.092563152,5.054101467,5.092563152,5.015639782,4.977178097]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01240{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871839297,"flow_src_last_pkt_time":1582454871880409,"flow_dst_last_pkt_time":1582454871911317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871911317,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01285{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871839297,"flow_src_last_pkt_time":1582454871880409,"flow_dst_last_pkt_time":1582454871911317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871911317,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t00d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1582454871879681,"flow_dst_last_pkt_time":1582454871913560,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871913560,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0ogoAAHYGHV6s2RXKwKgCEAG7yuig7Cw+QmFBf4AQAPBDpgAAAQEICu96aBT\/\/zeN"}
-01243{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871814833,"flow_src_last_pkt_time":1582454871879681,"flow_dst_last_pkt_time":1582454871913572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":594,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":594,"flow_dst_tot_l4_payload_len":212,"midstream":0,"thread_ts_usec":1582454871913572,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"datasaver.googleapis.com","tls": {"version":"TLSv1.3","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01288{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871814833,"flow_src_last_pkt_time":1582454871879681,"flow_dst_last_pkt_time":1582454871913572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":594,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":594,"flow_dst_tot_l4_payload_len":212,"midstream":0,"thread_ts_usec":1582454871913572,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"datasaver.googleapis.com","tls": {"version":"TLSv1.3","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"t00d1615h2_46e7e9700bed_13c35ee53a8e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871881494,"flow_dst_last_pkt_time":1582454871920611,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1582454871920611,"pkt":"TGr2n\/YnxiwDYGpkCABFAABUFXQAAEAR38PAqAIBwKgCEAA1m1AAQNQ0uKWBgAABAAEAAAAAB2FuZHJvaWQKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAARcABKzZFgo="}
01098{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871881494,"flow_src_last_pkt_time":1582454871881494,"flow_dst_last_pkt_time":1582454871920611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1582454871920611,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"android.googleapis.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.22.10"}}}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":5,"flow_src_last_pkt_time":1582454871890562,"flow_dst_last_pkt_time":1582454871928396,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871928396,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0++4AAHUGxfes2RRMwKgCEAG7qn7jcCu6pd5\/8IAQAPBd+wAAAQEICunZkVb\/\/zeQ"}
-01239{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871829800,"flow_src_last_pkt_time":1582454871890562,"flow_dst_last_pkt_time":1582454871933947,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871933947,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"proxy.googlezip.net","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871829800,"flow_src_last_pkt_time":1582454871890562,"flow_dst_last_pkt_time":1582454871933947,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454871933947,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DataSaver","proto_id":"91.46","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"proxy.googlezip.net","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t00d1615h2_46e7e9700bed_45f260be83e2","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454871947536,"flow_src_last_pkt_time":1582454871947536,"flow_dst_last_pkt_time":1582454871947536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454871947536,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1582454871947536,"flow_dst_last_pkt_time":1582454871947536,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871947536,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8i1NAAEAGKc3AqAIQrNkWCq1WAbtFj7zOAAAAAKAC\/\/\/ZVgAAAgQFtAQCCAr\/\/zedAAAAAAEDAwg="}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1582454871947536,"flow_dst_last_pkt_time":1582454871972438,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454871972438,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8OOwAAHYGhjSs2RYKwKgCEAG7rVbtvX7+RY+8z6AS6yDuawAAAgQFZAQCCAq7R9gE\/\/83nQEDAwg="}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1582454871974035,"flow_dst_last_pkt_time":1582454871972438,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454871974035,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0i1RAAEAGKdTAqAIQrNkWCq1WAbtFj7zP7b1+\/4AQAVcGrAAAAQEICv\/\/N6S7R9gE"}
01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1582454872014369,"flow_dst_last_pkt_time":1582454871972438,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454872014369,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5i1VAAEAGJ87AqAIQrNkWCq1WAbtFj7zP7b1+\/4AYAVeASwAAAQEICv\/\/N6+7R9gEFgMBAgABAAH8AwMkp2qM\/0db0DeLmsnG5Et9Elmp4AHL6ZUbDww1dSGLViDedzf23GKLBGTQ\/F9lciqAnLFBg\/D1SaN73F0X8icbJwAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAbABkAABZhbmRyb2lkLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBdVAAAAAzACYAJAAdACB+eKFCipAuqOQg5XnASQ8WeZbYj9YMN6X04Jt8S8pzfAAtAAIBAQArAAkIAwQDAwMCAwEAFQDxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-01305{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871947536,"flow_src_last_pkt_time":1582454872014369,"flow_dst_last_pkt_time":1582454871972438,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872014369,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"android.googleapis.com","tls": {"version":"TLSv1.2","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01350{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871947536,"flow_src_last_pkt_time":1582454872014369,"flow_dst_last_pkt_time":1582454871972438,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872014369,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"android.googleapis.com","tls": {"version":"TLSv1.2","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"","ja4":"t13d171200_5b57614c22b0_931b75671d98","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1582454872015952,"flow_dst_last_pkt_time":1582454871781183,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1582454872015952,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5Fo1AAEAGnlbAqAIQrNkUSs0iAbsOnCHi4lFSVIAYAVerwAAAAQEICv\/\/N68TCsRqFgMBAgABAAH8AwNz1LPSLb66vIVVbsJEbO8rYoUzZ7GYYLjTyvNVKkYlfSDBTSmXKzrioGGWwSCGVWAYIYzoWG\/0EeuQQ9g0J6ik9QAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAnACUAACJzZW1hbnRpY2xvY2F0aW9uLXBhLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAABAABQADAmgyAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBADMAJgAkAB0AIMPUFJ0SGA7J26IrfYJXpc5MBLMHrRFiHqhzJJp5bVBqAC0AAgEBACsACQgDBAMDAwIDAQAVAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871741833,"flow_src_last_pkt_time":1582454872015952,"flow_dst_last_pkt_time":1582454871781183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872015952,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"semanticlocation-pa.googleapis.com","tls": {"version":"TLSv1.2","ja3":"33490b1d5377580b19f7f9b5849d7991","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1582454871741833,"flow_src_last_pkt_time":1582454872015952,"flow_dst_last_pkt_time":1582454871781183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872015952,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"semanticlocation-pa.googleapis.com","tls": {"version":"TLSv1.2","ja3":"33490b1d5377580b19f7f9b5849d7991","ja3s":"","ja4":"t13d1712h","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454872021787,"flow_src_last_pkt_time":1582454872021787,"flow_dst_last_pkt_time":1582454872021787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872021787,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1582454872021787,"flow_dst_last_pkt_time":1582454872021787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1582454872021787,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrFBAAEARCPrAqAIQwKgCAdv4ADUALYKcD\/4BAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="}
01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454872021787,"flow_src_last_pkt_time":1582454872021787,"flow_dst_last_pkt_time":1582454872021787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872021787,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","proto_id":"5.46","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"proxy.googlezip.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -367,7 +367,7 @@
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454872031849,"flow_src_last_pkt_time":1582454872031849,"flow_dst_last_pkt_time":1582454872031849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454872031849,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1582454872031849,"flow_dst_last_pkt_time":1582454872031849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1582454872031849,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8+JhAAEAGvkXAqAIQrNkUTKqEAbsc\/M8rAAAAAKAC\/\/\/0BgAAAgQFtAQCCAr\/\/zezAAAAAAEDAwg="}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1582454872014369,"flow_dst_last_pkt_time":1582454872038562,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1582454872038562,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0OQUAAHYGhiOs2RYKwKgCEAG7rVbtvX7\/RY++1IAQAPAEwQAAAQEICrtH2Eb\/\/zev"}
-01350{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871947536,"flow_src_last_pkt_time":1582454872014369,"flow_dst_last_pkt_time":1582454872047699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"android.googleapis.com","tls": {"version":"TLSv1.3","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01395{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1582454871947536,"flow_src_last_pkt_time":1582454872014369,"flow_dst_last_pkt_time":1582454872047699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"android.googleapis.com","tls": {"version":"TLSv1.3","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d171200_5b57614c22b0_931b75671d98","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
01079{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1582454780612355,"flow_src_last_pkt_time":1582454799515347,"flow_dst_last_pkt_time":1582454780612355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":539,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01079{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1582454779631132,"flow_src_last_pkt_time":1582454799004089,"flow_dst_last_pkt_time":1582454779631132,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":539,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871115584,"flow_src_last_pkt_time":1582454871115584,"flow_dst_last_pkt_time":1582454871117429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
@@ -434,7 +434,7 @@
00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871061577,"flow_src_last_pkt_time":1582454871061577,"flow_dst_last_pkt_time":1582454871100485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":58,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","proto_id":"5.46","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}}
00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871600718,"flow_src_last_pkt_time":1582454871600718,"flow_dst_last_pkt_time":1582454871601103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454867723627,"flow_src_last_pkt_time":1582454867723627,"flow_dst_last_pkt_time":1582454867761577,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4365-b08c787f","packets-captured":500,"packets-processed":475,"total-skipped-flows":0,"total-l4-payload-len":101980,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":60,"total-detection-updates":45,"total-updates":3,"current-active-flows":0,"total-active-flows":63,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":437,"global_ts_usec":1582454872047699}
+00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4537-4543385d","packets-captured":500,"packets-processed":475,"total-skipped-flows":0,"total-l4-payload-len":101980,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":60,"total-detection-updates":45,"total-updates":3,"current-active-flows":0,"total-active-flows":63,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":437,"global_ts_usec":1582454872047699}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 500/475
~~ skipped flows.............: 0
@@ -443,10 +443,10 @@
~~ total active/idle flows...: 63/63
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 11863690 bytes
-~~ total memory freed........: 11863690 bytes
-~~ total allocations/frees...: 218067/218067
+~~ total memory allocated....: 5728418 bytes
+~~ total memory freed........: 5728418 bytes
+~~ total allocations/frees...: 87458/87458
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 546 chars
-~~ json message max len.......: 2635 chars
-~~ json message avg len.......: 1590 chars
+~~ json message max len.......: 2680 chars
+~~ json message avg len.......: 1613 chars
Powered by cgit, Themed by Ted Yin.