aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/tor-browser.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/default/tor-browser.pcap.out')
-rw-r--r--test/results/default/tor-browser.pcap.out91
1 files changed, 91 insertions, 0 deletions
diff --git a/test/results/default/tor-browser.pcap.out b/test/results/default/tor-browser.pcap.out
new file mode 100644
index 000000000..d717820cb
--- /dev/null
+++ b/test/results/default/tor-browser.pcap.out
@@ -0,0 +1,91 @@
+00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1740414101931034}
+00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740414101931034,"flow_src_last_pkt_time":1740414101931034,"flow_dst_last_pkt_time":1740414101931034,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414101931034,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"192.168.0.16","src_port":55566,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
+00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1740414101931034,"flow_dst_last_pkt_time":1740414101931034,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1740414101931034,"pkt":"vCQRCcFhvCQRHuR3CABFAABIeAIAAIARAADAqAB7wKgAENkOADUANIIhZ9QBAAABAAAAAAAADGNoZWNrYXBwZXhlYwltaWNyb3NvZnQDY29tAAABAAE="}
+01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740414101931034,"flow_src_last_pkt_time":1740414101931034,"flow_dst_last_pkt_time":1740414101931034,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414101931034,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"192.168.0.16","src_port":55566,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"checkappexec.microsoft.com","domainame":"checkappexec.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
+00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1740414101931034,"flow_dst_last_pkt_time":1740414101932924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_usec":1740414101932924,"pkt":"vCQRHuR3vCQRCcFhCABFAADDvtxAAEAR+XHAqAAQwKgAewA12Q4ArxvEZ9SBgAABAAMAAAAADGNoZWNrYXBwZXhlYwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAALRACgTcHJvZC1hdG0td2RzLWFwcHJlcA50cmFmZmljbWFuYWdlcgNuZXQAwDgABQABAAAAZAArDnByb2QtYWdpYy13ZS03Cndlc3RldXJvcGUIY2xvdWRhcHAFYXp1cmXAI8BsAAEAAQAAADcABKzTn5g="}
+01141{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1740414101931034,"flow_src_last_pkt_time":1740414101931034,"flow_dst_last_pkt_time":1740414101932924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":167,"midstream":0,"thread_ts_usec":1740414101932924,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"192.168.0.16","src_port":55566,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"checkappexec.microsoft.com","domainame":"checkappexec.microsoft.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["172.211.159.152,ttl=55"]}}}
+00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740414101935457,"flow_src_last_pkt_time":1740414101935457,"flow_dst_last_pkt_time":1740414101935457,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414101935457,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"172.211.159.152","src_port":64613,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1740414101935457,"flow_dst_last_pkt_time":1740414101935457,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1740414101935457,"pkt":"vCQRCcFhvCQRHuR3CABFAAA0jlxAAIAGAADAqAB7rNOfmPxlAbvxPWCLAAAAAIAC\/\/8NtgAAAgQFtAEDAwgBAQQC"}
+00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1740414101935457,"flow_dst_last_pkt_time":1740414101965649,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1740414101965649,"pkt":"vCQRHuR3vCQRCcFhCABFAAA0AABAADAGPTWs05+YwKgAewG7\/GXfOVAS8T1gjIAS+vDnqgAAAgQFUAEBBAIBAwMK"}
+00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1740414101965751,"flow_dst_last_pkt_time":1740414101965649,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1740414101965751,"pkt":"vCQRCcFhvCQRHuR3CABFAAAojl1AAIAGAADAqAB7rNOfmPxlAbvxPWCM3zlQE1AQBAANqgAA"}
+00817{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1740414101967367,"flow_dst_last_pkt_time":1740414101965649,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1740414101967367,"pkt":"vCQRCcFhvCQRHuR3CABFAAD7jl5AAIAGAADAqAB7rNOfmPxlAbvxPWCM3zlQE1AYBAAOfQAAFgMDAM4BAADKAwNnvJyVgW7UOjzWggSEYY3b37LXbKa2tKKS\/ivh+oGvYwAAJsAswCvAMMAvwCTAI8AowCfACsAJwBTAEwCdAJwAPQA8ADUALwAKAQAAewAAAB8AHQAAGmNoZWNrYXBwZXhlYy5taWNyb3NvZnQuY29tAAUABQEAAAAAAAoACAAGAB0AFwAYAAsAAgEAAA0AGgAYCAQIBQgGBAEFAQIBBAMFAwIDAgIGAQYDACMAAAAQAA4ADAJoMghodHRwLzEuMQAXAAD\/AQABAA=="}
+01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1740414101935457,"flow_src_last_pkt_time":1740414101967367,"flow_dst_last_pkt_time":1740414101965649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414101967367,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"172.211.159.152","src_port":64613,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"checkappexec.microsoft.com","domainame":"checkappexec.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d1909h2_d83cc789557e_7af1ed941c26","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1740414101967367,"flow_dst_last_pkt_time":1740414101997583,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1740414101997583,"pkt":"vCQRHuR3vCQRCcFhCABFAAAo52pAADAGVdas05+YwKgAewG7\/GXfOVAT8T1hX1AQAD8h+wAAAAAAAAAA"}
+01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1740414101935457,"flow_src_last_pkt_time":1740414101967367,"flow_dst_last_pkt_time":1740414101997727,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1740414101997727,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"172.211.159.152","src_port":64613,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"checkappexec.microsoft.com","domainame":"checkappexec.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"00447ab319e9d94ba2b4c1248e155917","ja4":"t12d1909h2_d83cc789557e_7af1ed941c26","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}}
+02780{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":9,"flow_first_seen":1740414101935457,"flow_src_last_pkt_time":1740414101997792,"flow_dst_last_pkt_time":1740414101998565,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":6199,"midstream":0,"thread_ts_usec":1740414101998565,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"172.211.159.152","src_port":64613,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"checkappexec.microsoft.com","domainame":"checkappexec.microsoft.com","tls": {"version":"TLSv1.2","server_names":"smartscreen.microsoft.com,*.wds.microsoft.com,*.urs.microsoft.com,*.smartscreen.microsoft.com,apprep.smartscreen.microsoft.com,beta.apprep.smartscreen.microsoft.com,beta.w.apprep.smartscreen.microsoft.com,w.apprep.smartscreen.microsoft.com,urs.microsoft.com,beta.urs.microsoft.com,c.urs.microsoft.com,i.apprep.smartscreen.microsoft.com,i.w.apprep.smartscreen.microsoft.com,t.urs.microsoft.com,beta.t.urs.microsoft.com,telemetry.urs.microsoft.com,d.urs.microsoft.com,x.urs.microsoft.com,p.urs.microsoft.com,api.smartscreen.microsoft.com,urs.smartscreen.microsoft.com,ars.smartscreen.microsoft.com,cp.smartscreen.microsoft.com,checkappexec.microsoft.com,data.checkappexec.microsoft.com,ping.checkappexec.microsoft.com,t.checkappexec.microsoft.com,pf.checkappexec.microsoft.com,sl.smartscreen.microsoft.com,ping.smartscreen.microsoft.com,nf.smartscreen.microsoft.com,data.nf.smartscreen.microsoft.com,ping.nf.smartscreen.microsoft.com,t.nf.smartscreen.microsoft.com,nav.smartscreen.microsoft.com,data.nav.smartscreen.microsoft.com,ping.nav.smartscreen.microsoft.com,t.nav.smartscreen.microsoft.com,bf.smartscreen.microsoft.com,t.bf.smartscreen.microsoft.com,smartscreen-prod.microsoft.com,*.smartscreen-prod.microsoft.com","ja3s":"00447ab319e9d94ba2b4c1248e155917","ja4":"t12d1909h2_d83cc789557e_7af1ed941c26","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 04","subjectDN":"C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=smartscreen.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"83:0D:87:5A:F6:F1:FA:DC:94:4D:7E:AD:7C:8B:71:47:6A:BB:DC:2B","blocks":0}}}
+00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740414107379492,"flow_src_last_pkt_time":1740414107379492,"flow_dst_last_pkt_time":1740414107379492,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414107379492,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"86.3.18.251","src_port":64621,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1740414107379492,"flow_dst_last_pkt_time":1740414107379492,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1740414107379492,"pkt":"vCQRCcFhvCQRHuR3CABFAAA0zCFAAIAGAADAqAB7VgMS+\/xtAbuXG61HAAAAAIAC+vAqSAAAAgQFtAEDAwgBAQQC"}
+00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740414107386697,"flow_src_last_pkt_time":1740414107386697,"flow_dst_last_pkt_time":1740414107386697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414107386697,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"178.17.170.254","src_port":64622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1740414107386697,"flow_dst_last_pkt_time":1740414107386697,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1740414107386697,"pkt":"vCQRCcFhvCQRHuR3CABFAAA0FOZAAIAGAADAqAB7shGq\/vxuAbuW2hViAAAAAIAC+vAeWgAAAgQFtAEDAwgBAQQC"}
+00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1740414107386697,"flow_dst_last_pkt_time":1740414107447185,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1740414107447185,"pkt":"vCQRHuR3vCQRCcFhCABFAAAwAABAADgGJJWyEar+wKgAewG7\/G7RDYialtoVY3AS+vBnOAAAAgQFUAEDAwc="}
+00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1740414107447272,"flow_dst_last_pkt_time":1740414107447185,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1740414107447272,"pkt":"vCQRCcFhvCQRHuR3CABFAAAoFOdAAIAGAADAqAB7shGq\/vxuAbuW2hVj0Q2Im1AQBAEeTgAA"}
+01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1740414107461520,"flow_dst_last_pkt_time":1740414107447185,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1740414107461520,"pkt":"vCQRCcFhvCQRHuR3CABFAAItFOhAAIAGAADAqAB7shGq\/vxuAbuW2hVj0Q2Im1AYBAEgUwAAFgMBAgABAAH8AwOA0nnWpDGh\/criGUrmr2gLfFLj7mXbibOKNxeHzXi13SA8pyMiENc50ciD62yLGzYf3yLrcDerILxo80m49jiK\/QAkEwITAxMBwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQD\/AQABjwAAACUAIwAAIHd3dy52MnRyZWZkZzYyeHNjazN1cHcyaWFkNXkuY29tAAsABAMAAQIACgAGAAQAFwAVACMAAAAWAAAAFwAAAA0AKgAoBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAwEDAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwBHAEUAFwBBBLDqD26qFJsfbCeDQnG9Qf9CJ5NI8nlfGgSc9IQQF8WuC4wNLusJoDsD7xr2FfIpw\/0f\/xrBGwSJ4HSUC2+U+AIAFQC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+01590{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1740414107386697,"flow_src_last_pkt_time":1740414107461520,"flow_dst_last_pkt_time":1740414107447185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414107461520,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"178.17.170.254","src_port":64622,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Tor","proto_by_ip_id":163,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.v2trefdg62xsck3upw2iad5y.com","domainame":"www.v2trefdg62xsck3upw2iad5y.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d181100_6c2ba73853a4_d41ae481755e","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}}
+00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740414107462120,"flow_src_last_pkt_time":1740414107462120,"flow_dst_last_pkt_time":1740414107462120,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414107462120,"l3_proto":"ip4","src_ip":"192.168.0.16","dst_ip":"192.168.0.123","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
+01253{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1740414107462120,"flow_dst_last_pkt_time":1740414107462120,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_usec":1740414107462120,"pkt":"vCQRHuR3vCQRCcFhCABFwAJAmQYAAEABXRvAqAAQwKgAewMDHVAAAAAARQACLRToQAB\/BsavwKgAe7IRqv78bgG7ltoVY9ENiJtQGAQBlwYAABYDAQIAAQAB\/AMDgNJ51qQxof3K4hlK5q9oC3xS4+5l24mzijcXh814td0gPKcjIhDXOdHIg+tsixs2H98i63A3qyC8aPNJuPY4iv0AJBMCEwMTAcArwC\/MqcyowCzAMMAKwAnAE8AUADMAOQAvADUA\/wEAAY8AAAAlACMAACB3d3cudjJ0cmVmZGc2MnhzY2szdXB3MmlhZDV5LmNvbQALAAQDAAECAAoABgAEABcAFQAjAAAAFgAAABcAAAANACoAKAQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwMBAwIEAgUCBgIAKwAJCAMEAwMDAgMBAC0AAgEBADMARwBFABcAQQSw6g9uqhSbH2wng0JxvUH\/QieTSPJ5XxoEnPSEEBfFrguMDS7rCaA7A+8a9hXyKcP9H\/8awRsEieB0lAtvlPgCABUAuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
+01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740414107462120,"flow_src_last_pkt_time":1740414107462120,"flow_dst_last_pkt_time":1740414107462120,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414107462120,"l3_proto":"ip4","src_ip":"192.168.0.16","dst_ip":"192.168.0.123","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":4.947535}}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1740414107379492,"flow_dst_last_pkt_time":1740414107467652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1740414107467652,"pkt":"vCQRHuR3vCQRCcFhCABFAAA0AABAADMGHaNWAxL7wKgAewG7\/G1NRNuslxutSIAS+vDe1AAAAgQFUAEBBAIBAwMH"}
+00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1740414107467723,"flow_dst_last_pkt_time":1740414107467652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1740414107467723,"pkt":"vCQRCcFhvCQRHuR3CABFAAAozCJAAIAGAADAqAB7VgMS+\/xtAbuXG61ITUTbrVAQBAEqPAAA"}
+01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1740414107468234,"flow_dst_last_pkt_time":1740414107467652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1740414107468234,"pkt":"vCQRCcFhvCQRHuR3CABFAAItzCNAAIAGAADAqAB7VgMS+\/xtAbuXG61ITUTbrVAYBAEsQQAAFgMBAgABAAH8AwNjkpHnw\/vUbsLDfpmUAElQXOtI8Ele1s3YJWiNkO4BuiB5YOhm6NGj+0Z8nlYsmAipLrZv3vZcCO5IPFaQfToOAgAkEwITAxMBwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQD\/AQABjwAAABsAGQAAFnd3dy53MmYzNGJ5azZzcm9pYy5jb20ACwAEAwABAgAKAAYABAAXABUAIwAAABYAAAAXAAAADQAqACgEAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMDAQMCBAIFAgYCACsACQgDBAMDAwIDAQAtAAIBAQAzAEcARQAXAEEERExSMWIs0CpapG5hFwT\/2HIB8buHRfSxvjvjphb3MX5kXEiSF4jrnJ1G3+QOotphw+P7g6tQU4Ay+WjDHNj+8gAVAMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+01567{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1740414107379492,"flow_src_last_pkt_time":1740414107468234,"flow_dst_last_pkt_time":1740414107467652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414107468234,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"86.3.18.251","src_port":64621,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Tor","proto_by_ip_id":163,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.w2f34byk6sroic.com","domainame":"www.w2f34byk6sroic.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d181100_6c2ba73853a4_d41ae481755e","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}}
+01255{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1740414107468674,"flow_dst_last_pkt_time":1740414107462120,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_usec":1740414107468674,"pkt":"vCQRHuR3vCQRCcFhCABFwAJAmQcAAEABXRrAqAAQwKgAewMDKT4AAAAARQACLcwjQAB\/BgOGwKgAe1YDEvv8bQG7lxutSE1E261QGAQBHyAAABYDAQIAAQAB\/AMDY5KR58P71G7Cw36ZlABJUFzrSPBJXtbN2CVojZDuAbogeWDoZujRo\/tGfJ5WLJgIqS62b972XAjuSDxWkH06DgIAJBMCEwMTAcArwC\/MqcyowCzAMMAKwAnAE8AUADMAOQAvADUA\/wEAAY8AAAAbABkAABZ3d3cudzJmMzRieWs2c3JvaWMuY29tAAsABAMAAQIACgAGAAQAFwAVACMAAAAWAAAAFwAAAA0AKgAoBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAwEDAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwBHAEUAFwBBBERMUjFiLNAqWqRuYRcE\/9hyAfG7h0X0sb4746YW9zF+ZFxIkheI65ydRt\/kDqLaYcPj+4OrUFOAMvlowxzY\/vIAFQDCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
+00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740414107584267,"flow_src_last_pkt_time":1740414107584267,"flow_dst_last_pkt_time":1740414107584267,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1740414107584267,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"155.133.248.43","src_port":64282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1740414107584267,"flow_dst_last_pkt_time":1740414107584267,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1740414107584267,"pkt":"vCQRCcFhvCQRHuR3CABFAABe7bJAAIAGAADAqAB7m4X4K\/saAbsT5ysFZdbfUlAYBABVJQAAFwMDADG2YTSKXT8F6s3zTj9irixpXjkUO5JVky0Mj3K6ux1dIi6H6\/0jtoYjPqzqHvFlegGB"}
+00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740414107584267,"flow_src_last_pkt_time":1740414107584267,"flow_dst_last_pkt_time":1740414107584267,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1740414107584267,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"155.133.248.43","src_port":64282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1740414107584267,"flow_dst_last_pkt_time":1740414107612678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1740414107612678,"pkt":"vCQRHuR3vCQRCcFhCABFAAAodr1AADYGeT6bhfgrwKgAewG7+xpl1t9SE+crO1AQEhjHxgAAAAAAAAAA"}
+01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1740414107753303,"flow_dst_last_pkt_time":1740414107447185,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1740414107753303,"pkt":"vCQRCcFhvCQRHuR3CABFAAItFOlAAIAGAADAqAB7shGq\/vxuAbuW2hVj0Q2Im1AYBAEgUwAAFgMBAgABAAH8AwOA0nnWpDGh\/criGUrmr2gLfFLj7mXbibOKNxeHzXi13SA8pyMiENc50ciD62yLGzYf3yLrcDerILxo80m49jiK\/QAkEwITAxMBwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQD\/AQABjwAAACUAIwAAIHd3dy52MnRyZWZkZzYyeHNjazN1cHcyaWFkNXkuY29tAAsABAMAAQIACgAGAAQAFwAVACMAAAAWAAAAFwAAAA0AKgAoBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAwEDAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwBHAEUAFwBBBLDqD26qFJsfbCeDQnG9Qf9CJ5NI8nlfGgSc9IQQF8WuC4wNLusJoDsD7xr2FfIpw\/0f\/xrBGwSJ4HSUC2+U+AIAFQC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+01253{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1740414107753597,"flow_dst_last_pkt_time":1740414107462120,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_usec":1740414107753597,"pkt":"vCQRHuR3vCQRCcFhCABFwAJAmRUAAEABXQzAqAAQwKgAewMDHVAAAAAARQACLRTpQAB\/BsauwKgAe7IRqv78bgG7ltoVY9ENiJtQGAQBlwYAABYDAQIAAQAB\/AMDgNJ51qQxof3K4hlK5q9oC3xS4+5l24mzijcXh814td0gPKcjIhDXOdHIg+tsixs2H98i63A3qyC8aPNJuPY4iv0AJBMCEwMTAcArwC\/MqcyowCzAMMAKwAnAE8AUADMAOQAvADUA\/wEAAY8AAAAlACMAACB3d3cudjJ0cmVmZGc2MnhzY2szdXB3MmlhZDV5LmNvbQALAAQDAAECAAoABgAEABcAFQAjAAAAFgAAABcAAAANACoAKAQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwMBAwIEAgUCBgIAKwAJCAMEAwMDAgMBAC0AAgEBADMARwBFABcAQQSw6g9uqhSbH2wng0JxvUH\/QieTSPJ5XxoEnPSEEBfFrguMDS7rCaA7A+8a9hXyKcP9H\/8awRsEieB0lAtvlPgCABUAuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
+01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1740414107768922,"flow_dst_last_pkt_time":1740414107467652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1740414107768922,"pkt":"vCQRCcFhvCQRHuR3CABFAAItzCRAAIAGAADAqAB7VgMS+\/xtAbuXG61ITUTbrVAYBAEsQQAAFgMBAgABAAH8AwNjkpHnw\/vUbsLDfpmUAElQXOtI8Ele1s3YJWiNkO4BuiB5YOhm6NGj+0Z8nlYsmAipLrZv3vZcCO5IPFaQfToOAgAkEwITAxMBwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQD\/AQABjwAAABsAGQAAFnd3dy53MmYzNGJ5azZzcm9pYy5jb20ACwAEAwABAgAKAAYABAAXABUAIwAAABYAAAAXAAAADQAqACgEAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMDAQMCBAIFAgYCACsACQgDBAMDAwIDAQAtAAIBAQAzAEcARQAXAEEERExSMWIs0CpapG5hFwT\/2HIB8buHRfSxvjvjphb3MX5kXEiSF4jrnJ1G3+QOotphw+P7g6tQU4Ay+WjDHNj+8gAVAMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+01255{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1740414107769250,"flow_dst_last_pkt_time":1740414107462120,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_usec":1740414107769250,"pkt":"vCQRHuR3vCQRCcFhCABFwAJAmRYAAEABXQvAqAAQwKgAewMDKT4AAAAARQACLcwkQAB\/BgOFwKgAe1YDEvv8bQG7lxutSE1E261QGAQBHyAAABYDAQIAAQAB\/AMDY5KR58P71G7Cw36ZlABJUFzrSPBJXtbN2CVojZDuAbogeWDoZujRo\/tGfJ5WLJgIqS62b972XAjuSDxWkH06DgIAJBMCEwMTAcArwC\/MqcyowCzAMMAKwAnAE8AUADMAOQAvADUA\/wEAAY8AAAAbABkAABZ3d3cudzJmMzRieWs2c3JvaWMuY29tAAsABAMAAQIACgAGAAQAFwAVACMAAAAWAAAAFwAAAA0AKgAoBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAwEDAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwBHAEUAFwBBBERMUjFiLNAqWqRuYRcE\/9hyAfG7h0X0sb4746YW9zF+ZFxIkheI65ydRt\/kDqLaYcPj+4OrUFOAMvlowxzY\/vIAFQDCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
+01253{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1740414108054440,"flow_dst_last_pkt_time":1740414107462120,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_usec":1740414108054440,"pkt":"vCQRHuR3vCQRCcFhCABFwAJAmSoAAEABXPfAqAAQwKgAewMDHVAAAAAARQACLRTqQAB\/BsatwKgAe7IRqv78bgG7ltoVY9ENiJtQGAQBlwYAABYDAQIAAQAB\/AMDgNJ51qQxof3K4hlK5q9oC3xS4+5l24mzijcXh814td0gPKcjIhDXOdHIg+tsixs2H98i63A3qyC8aPNJuPY4iv0AJBMCEwMTAcArwC\/MqcyowCzAMMAKwAnAE8AUADMAOQAvADUA\/wEAAY8AAAAlACMAACB3d3cudjJ0cmVmZGc2MnhzY2szdXB3MmlhZDV5LmNvbQALAAQDAAECAAoABgAEABcAFQAjAAAAFgAAABcAAAANACoAKAQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwMBAwIEAgUCBgIAKwAJCAMEAwMDAgMBAC0AAgEBADMARwBFABcAQQSw6g9uqhSbH2wng0JxvUH\/QieTSPJ5XxoEnPSEEBfFrguMDS7rCaA7A+8a9hXyKcP9H\/8awRsEieB0lAtvlPgCABUAuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
+00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740414126719988,"flow_src_last_pkt_time":1740414126719988,"flow_dst_last_pkt_time":1740414126719988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414126719988,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"86.3.18.251","src_port":64623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1740414126719988,"flow_dst_last_pkt_time":1740414126719988,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1740414126719988,"pkt":"vCQRCcFhvCQRHuR3CABFAAA0zCtAAIAGAADAqAB7VgMS+\/xvAbsShI3vAAAAAIAC+vAqSAAAAgQFtAEDAwgBAQQC"}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1740414126719988,"flow_dst_last_pkt_time":1740414126832113,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1740414126832113,"pkt":"vCQRHuR3vCQRCcFhCABFAAA0AABAADMGHaNWAxL7wKgAewG7\/G915cDaEoSN8IAS+vB08wAAAgQFUAEBBAIBAwMH"}
+00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1740414126838558,"flow_dst_last_pkt_time":1740414126832113,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1740414126838558,"pkt":"vCQRCcFhvCQRHuR3CABFAAAozCxAAIAGAADAqAB7VgMS+\/xvAbsShI3wdeXA21AQBAEqPAAA"}
+01228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1740414126838859,"flow_dst_last_pkt_time":1740414126832113,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1740414126838859,"pkt":"vCQRCcFhvCQRHuR3CABFAAItzC1AAIAGAADAqAB7VgMS+\/xvAbsShI3wdeXA21AYBAEsQQAAFgMBAgABAAH8AwMyvzd+z8YY1K7VazU1RuIaxseI13rQDWUuOD3F8x3lqyBwYuYeC63GdJkat8rwoS8BqGSp2WxsNxbtcQcVziTV5gAkEwITAxMBwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQD\/AQABjwAAABQAEgAAD3d3dy5zb2Rpbm42LmNvbQALAAQDAAECAAoABgAEABcAFQAjAAAAFgAAABcAAAANACoAKAQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwMBAwIEAgUCBgIAKwAJCAMEAwMDAgMBAC0AAgEBADMARwBFABcAQQTOYpC\/1JYuaCiSrtk8hWrfs4xxyrbJLflm9tzEkqvIVzkPYiS\/A83auACtLuD+1gVm6sUg4TGucH5SJUbCIUQ4ABUAyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+01445{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1740414126719988,"flow_src_last_pkt_time":1740414126838859,"flow_dst_last_pkt_time":1740414126832113,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414126838859,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"86.3.18.251","src_port":64623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Tor","proto_by_ip_id":163,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.sodinn6.com","domainame":"www.sodinn6.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d181100_6c2ba73853a4_d41ae481755e","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}}
+00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1740414126838859,"flow_dst_last_pkt_time":1740414126968035,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1740414126968035,"pkt":"vCQRHuR3vCQRCcFhCABFAAAopKNAADMGeQtWAxL7wKgAewG7\/G915cDbEoSP9VAQAfWsWAAAAAAAAAAA"}
+01490{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1740414126719988,"flow_src_last_pkt_time":1740414126838859,"flow_dst_last_pkt_time":1740414126968159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1173,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1173,"midstream":0,"thread_ts_usec":1740414126968159,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"86.3.18.251","src_port":64623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Tor","proto_by_ip_id":163,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.sodinn6.com","domainame":"www.sodinn6.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d181100_6c2ba73853a4_d41ae481755e","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}}
+02459{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1740414126719988,"flow_src_last_pkt_time":1740414128040668,"flow_dst_last_pkt_time":1740414128039998,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2078,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":8002,"flow_dst_tot_l4_payload_len":8709,"midstream":0,"thread_ts_usec":1740414128040668,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"86.3.18.251","src_port":64623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":85183.5,"max":184313,"stddev":46612.8,"var":2172756224.0,"ent":4.6,"data": [112125,118570,301,135922,124,141251,123927,112042,103917,133,104014,75898,83162,84012,94,0,91901,3300,103867,76057,184313,131950,110654,92069,92237,99973,100620,96030,94506,83912,83809]},"pktlen": {"min":40,"avg":563.5,"max":2118,"stddev":530.8,"var":281728.4,"ent":4.4,"data": [52,52,40,557,46,1213,120,119,73,119,1400,40,742,2118,46,1400,244,40,1604,46,576,576,1112,1090,576,576,576,576,576,576,576,576]},"bins": {"c_to_s": [4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2],"s_to_c": [4,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,2,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.421030998,4.748329639,4.571928501,4.569898129,4.414441109,7.784691811,6.166305542,6.431270123,5.470245361,6.408119678,7.850340843,4.621928692,7.698846340,7.899857998,4.457919598,7.844142437,7.122656345,4.571928501,7.879467010,4.501398087,7.672900200,7.592003345,7.810595512,7.793691635,7.613032818,7.591764927,7.627680779,7.602134705,7.641241550,7.625513554,7.636519909,7.610163212]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Tor","proto_by_ip_id":163,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
+00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740414129102228,"flow_src_last_pkt_time":1740414129102228,"flow_dst_last_pkt_time":1740414129102228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414129102228,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"178.17.170.254","src_port":64624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1740414129102228,"flow_dst_last_pkt_time":1740414129102228,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1740414129102228,"pkt":"vCQRCcFhvCQRHuR3CABFAAA0FPJAAIAGAADAqAB7shGq\/vxwAbvxfJc7AAAAAIAC+vAeWgAAAgQFtAEDAwgBAQQC"}
+00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1740414129102228,"flow_dst_last_pkt_time":1740414129162831,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1740414129162831,"pkt":"vCQRHuR3vCQRCcFhCABFAAAwAABAADgGJJWyEar+wKgAewG7\/HDBbgb\/8XyXPHAS+vAb9QAAAgQFUAEDAwc="}
+00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1740414129162881,"flow_dst_last_pkt_time":1740414129162831,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1740414129162881,"pkt":"vCQRCcFhvCQRHuR3CABFAAAoFPNAAIAGAADAqAB7shGq\/vxwAbvxfJc8wW4HAFAQBAEeTgAA"}
+01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1740414129163198,"flow_dst_last_pkt_time":1740414129162831,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1740414129163198,"pkt":"vCQRCcFhvCQRHuR3CABFAAItFPRAAIAGAADAqAB7shGq\/vxwAbvxfJc8wW4HAFAYBAEgUwAAFgMBAgABAAH8AwOPEf\/RLt2g+Cf2\/F8RRf8+Ds9TFak\/Zb4uMxh\/LdLJ6iCiXGGDQMoILM0RCx5djBmMjmb9sErtG8Zue8BvR4FSLAAkEwITAxMBwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQD\/AQABjwAAABEADwAADHd3dy4yeGlrLmNvbQALAAQDAAECAAoABgAEABcAFQAjAAAAFgAAABcAAAANACoAKAQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwMBAwIEAgUCBgIAKwAJCAMEAwMDAgMBAC0AAgEBADMARwBFABcAQQT8fX1Vud8QqnWXN3blIPTN90\/j7UZS4OAfOtkaWQLUPRf8GSn\/pd95zLi4KSAQn5BBVc5nZC4fohWdE6ykye\/oABUAzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+01443{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1740414129102228,"flow_src_last_pkt_time":1740414129163198,"flow_dst_last_pkt_time":1740414129162831,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414129163198,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"178.17.170.254","src_port":64624,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Tor","proto_by_ip_id":163,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.2xik.com","domainame":"www.2xik.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d181100_6c2ba73853a4_d41ae481755e","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}}
+00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1740414129163198,"flow_dst_last_pkt_time":1740414129223742,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1740414129223742,"pkt":"vCQRHuR3vCQRCcFhCABFAAAo3ZtAADgGRwGyEar+wKgAewG7\/HDBbgcA8XyZQVAQAfU+UwAAAAAAAAAA"}
+01488{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1740414129102228,"flow_src_last_pkt_time":1740414129163198,"flow_dst_last_pkt_time":1740414129234680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1170,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1170,"midstream":0,"thread_ts_usec":1740414129234680,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"178.17.170.254","src_port":64624,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Tor","proto_by_ip_id":163,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.2xik.com","domainame":"www.2xik.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d181100_6c2ba73853a4_d41ae481755e","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}}
+00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1740414129565167,"flow_src_last_pkt_time":1740414129565167,"flow_dst_last_pkt_time":1740414129565167,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414129565167,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"194.164.197.45","src_port":64625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1740414129565167,"flow_dst_last_pkt_time":1740414129565167,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1740414129565167,"pkt":"vCQRCcFhvCQRHuR3CABFAAA0ny9AAIAGAADAqAB7wqTFLfxxAbuxHlnHAAAAAIAC+vBJHAAAAgQFtAEDAwgBAQQC"}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1740414129565167,"flow_dst_last_pkt_time":1740414129594610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1740414129594610,"pkt":"vCQRHuR3vCQRCcFhCABFAAA0AABAADAGAc\/CpMUtwKgAewG7\/HEJJynjsR5ZyIAS+vDvYAAAAgQFUAEBBAIBAwMH"}
+00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1740414129594680,"flow_dst_last_pkt_time":1740414129594610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1740414129594680,"pkt":"vCQRCcFhvCQRHuR3CABFAAAonzBAAIAGAADAqAB7wqTFLfxxAbuxHlnICScp5FAQBAFJEAAA"}
+01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1740414129595086,"flow_dst_last_pkt_time":1740414129594610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1740414129595086,"pkt":"vCQRCcFhvCQRHuR3CABFAAItnzFAAIAGAADAqAB7wqTFLfxxAbuxHlnICScp5FAYBAFLFQAAFgMBAgABAAH8AwMhr60HavnXxcOncI6yV\/pBqcw7Il52DQozKhe7+HIUASCXXGd+ccXFUzmmTy\/0080j2cAV\/sznpScP8lcivq6xcwAkEwITAxMBwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQD\/AQABjwAAACQAIgAAH3d3dy5yYXd3NG9uenkzdGFtN2NpcDM3MnNuZC5jb20ACwAEAwABAgAKAAYABAAXABUAIwAAABYAAAAXAAAADQAqACgEAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMDAQMCBAIFAgYCACsACQgDBAMDAwIDAQAtAAIBAQAzAEcARQAXAEEEIUP9wNr9m1Jpp7k52vLxM3Xv5BEjvkonRFiCBluAAAFy1SdAgVeAaYhakgb1Oez+NLfvEJeXqp+vZCJhBlhMzAAVALkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+01589{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1740414129565167,"flow_src_last_pkt_time":1740414129595086,"flow_dst_last_pkt_time":1740414129594610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414129595086,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"194.164.197.45","src_port":64625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Tor","proto_by_ip_id":163,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.raww4onzy3tam7cip372snd.com","domainame":"www.raww4onzy3tam7cip372snd.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d181100_6c2ba73853a4_d41ae481755e","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}}
+01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1740414129847110,"flow_dst_last_pkt_time":1740414129594610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1740414129847110,"pkt":"vCQRCcFhvCQRHuR3CABFAAItnzJAAIAGAADAqAB7wqTFLfxxAbuxHlnICScp5FAYBAFLFQAAFgMBAgABAAH8AwMhr60HavnXxcOncI6yV\/pBqcw7Il52DQozKhe7+HIUASCXXGd+ccXFUzmmTy\/0080j2cAV\/sznpScP8lcivq6xcwAkEwITAxMBwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQD\/AQABjwAAACQAIgAAH3d3dy5yYXd3NG9uenkzdGFtN2NpcDM3MnNuZC5jb20ACwAEAwABAgAKAAYABAAXABUAIwAAABYAAAAXAAAADQAqACgEAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMDAQMCBAIFAgYCACsACQgDBAMDAwIDAQAtAAIBAQAzAEcARQAXAEEEIUP9wNr9m1Jpp7k52vLxM3Xv5BEjvkonRFiCBluAAAFy1SdAgVeAaYhakgb1Oez+NLfvEJeXqp+vZCJhBlhMzAAVALkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+02456{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1740414129102228,"flow_src_last_pkt_time":1740414129983139,"flow_dst_last_pkt_time":1740414129982846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2078,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":8516,"flow_dst_tot_l4_payload_len":9231,"midstream":0,"thread_ts_usec":1740414129983139,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"178.17.170.254","src_port":64624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":56823.5,"max":101597,"stddev":28817.8,"var":830465344.0,"ent":4.7,"data": [60603,60653,317,60911,10938,72339,62041,61246,60350,505,64560,63967,61405,86225,11023,0,96100,1393,62358,39738,101597,61235,61742,86702,85915,85352,85392,61350,61555,67320,66697]},"pktlen": {"min":40,"avg":595.8,"max":2118,"stddev":546.5,"var":298628.7,"ent":4.4,"data": [52,48,40,557,46,1210,120,119,73,119,1400,40,731,2118,46,1400,244,40,1604,46,576,576,1112,1090,576,576,576,576,1112,1090,576,576]},"bins": {"c_to_s": [4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2],"s_to_c": [4,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,0,2,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.512470722,4.918294907,4.558695316,4.535849571,4.374418259,7.795698166,6.264449120,6.397656441,5.596890926,6.364043713,7.869680882,4.521928310,7.686210632,7.917141914,4.414441586,7.870300770,7.011985302,4.671928406,7.891314507,4.501397610,7.634273529,7.626364708,7.819846630,7.806840420,7.641823769,7.644203186,7.634051323,7.669391155,7.824164391,7.819406033,7.591643810,7.650773048]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Tor","proto_by_ip_id":163,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
+01326{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":1,"flow_first_seen":1740414107379492,"flow_src_last_pkt_time":1740414126706970,"flow_dst_last_pkt_time":1740414107467652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3619,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414131166428,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"86.3.18.251","src_port":64621,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Tor","proto_by_ip_id":163,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
+01262{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":26,"flow_first_seen":1740414126719988,"flow_src_last_pkt_time":1740414131166428,"flow_dst_last_pkt_time":1740414131116022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2078,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":10682,"flow_dst_tot_l4_payload_len":11389,"midstream":0,"thread_ts_usec":1740414131166428,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"86.3.18.251","src_port":64623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Tor","proto_by_ip_id":163,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.sodinn6.com"}}
+01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1740414101931034,"flow_src_last_pkt_time":1740414101931034,"flow_dst_last_pkt_time":1740414101932924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":167,"midstream":0,"thread_ts_usec":1740414131166428,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"192.168.0.16","src_port":55566,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"checkappexec.microsoft.com"}}
+00955{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1740414107584267,"flow_src_last_pkt_time":1740414107584267,"flow_dst_last_pkt_time":1740414107612678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1740414131166428,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"155.133.248.43","src_port":64282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01329{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":1,"flow_first_seen":1740414107386697,"flow_src_last_pkt_time":1740414129091696,"flow_dst_last_pkt_time":1740414107447185,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4653,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414131166428,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"178.17.170.254","src_port":64622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Tor","proto_by_ip_id":163,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
+01260{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":19,"flow_first_seen":1740414129102228,"flow_src_last_pkt_time":1740414130055069,"flow_dst_last_pkt_time":1740414130156127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2078,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":9052,"flow_dst_tot_l4_payload_len":9767,"midstream":0,"thread_ts_usec":1740414131166428,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"178.17.170.254","src_port":64624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Tor","proto_by_ip_id":163,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN","hostname":"www.2xik.com"}}
+01329{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1740414129565167,"flow_src_last_pkt_time":1740414130749676,"flow_dst_last_pkt_time":1740414129594610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2068,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414131166428,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"194.164.197.45","src_port":64625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Tor","proto_by_ip_id":163,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}}
+01057{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1740414107462120,"flow_src_last_pkt_time":1740414130749966,"flow_dst_last_pkt_time":1740414107462120,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9548,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1740414131166428,"l3_proto":"ip4","src_ip":"192.168.0.16","dst_ip":"192.168.0.123","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1740414101935457,"flow_src_last_pkt_time":1740414102081279,"flow_dst_last_pkt_time":1740414102081245,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1499,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":2231,"flow_dst_tot_l4_payload_len":6981,"midstream":0,"thread_ts_usec":1740414131166428,"l3_proto":"ip4","src_ip":"192.168.0.123","dst_ip":"172.211.159.152","src_port":64613,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00850{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/tor-browser.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":169,"packets-processed":165,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":70255,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":76,"global_ts_usec":1740414131166428}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 169/165
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 70255 bytes
+~~ total detected protocols..: 9
+~~ total active/idle flows...: 9/9
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 8701732 bytes
+~~ total memory freed........: 8701732 bytes
+~~ total allocations/frees...: 145098/145098
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json message min len.......: 533 chars
+~~ json message max len.......: 2785 chars
+~~ json message avg len.......: 1659 chars
Powered by cgit, Themed by Ted Yin.