1 files changed, 40 insertions, 40 deletions

diff --git a/test/results/default/waze.pcap.out b/test/results/default/waze.pcap.out
index 9ed47ebf4..1fbebce13 100644
--- a/test/results/default/waze.pcap.out
+++ b/test/results/default/waze.pcap.out
@@ -1,5 +1,5 @@
-00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4365-b08c787f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4365-b08c787f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1435587866603221}
+00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4537-4543385d","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4537-4543385d","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1435587866603221}
 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587866603221,"flow_src_last_pkt_time":1435587866603221,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587866603221,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1435587866603221,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1435587866603221,"pkt":"ABoRAAACABoRAAABCABFAABNMsFAAEAGQsYKECWdriXnUaUQFGaA18okWhY9doAYAVcoQwAAAQEICgAIazhBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="}
 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1435587867103902,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1435587867103902,"pkt":"ABoRAAACABoRAAABCABFAABNMsJAAEAGQsUKECWdriXnUaUQFGaA18okWhY9doAYAVcoEAAAAQEICgAIa2tBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="}
@@ -35,15 +35,15 @@
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1435587868996463,"flow_dst_last_pkt_time":1435587868998782,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587868998782,"pkt":"ABoRAAACABoRAAABCABFAAAodHhAABAGyFytwnYwCggAAQG7julUXOKAq6MdgFAS\/\/\/xMQAA"}
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1435587869002019,"flow_dst_last_pkt_time":1435587868998782,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587869002019,"pkt":"ABoRAAACABoRAAABCABFAAAocVhAAEAGm3wKCAABrcJ2MI7pAburox2AVFzigVAQ\/\/\/xMgAA"}
 00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1435587869002239,"flow_dst_last_pkt_time":1435587868635389,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587869002239,"pkt":"ABoRAAACABoRAAABCABFAADejYhAAEAGxp8KCAABLjOtto0EAbvOcuGGMY0ee1AY\/\/+QzQAAFgMBALEBAACtAwFksj7uK\/R43HfLeC3YagY+KKYMl8Gp\/0RLJxa1HLl7kwAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868634159,"flow_src_last_pkt_time":1435587869002239,"flow_dst_last_pkt_time":1435587868635389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869002239,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868634159,"flow_src_last_pkt_time":1435587869002239,"flow_dst_last_pkt_time":1435587868635389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869002239,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1435587869002239,"flow_dst_last_pkt_time":1435587869002486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587869002486,"pkt":"ABoRAAACABoRAAABCABFAAAodHlAABAGEGUuM622CggAAQG7jQQxjR57znLiPFAQ\/\/86awAA"}
 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1435587869054724,"flow_dst_last_pkt_time":1435587868998782,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"thread_ts_usec":1435587869054724,"pkt":"ABoRAAACABoRAAABCABFAADWcVlAAEAGms0KCAABrcJ2MI7pAburox2AVFzigVAY\/\/9mQwAAFgMBAKkBAAClAwGlXtzD4CYR60HmpO3Epp6iuyOtJr59nHMXn8J60vKduCBvCKEM0sorljArU6qw4dCFWjF23JNAwYV6Z6lEcvF3aQAcwAnACsATwBQAMwA5ADIAOMAHwBEALwA1AAUA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"}
-01186{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868996463,"flow_src_last_pkt_time":1435587869054724,"flow_dst_last_pkt_time":1435587868998782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869054724,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868996463,"flow_src_last_pkt_time":1435587869054724,"flow_dst_last_pkt_time":1435587868998782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869054724,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1435587869054724,"flow_dst_last_pkt_time":1435587869054928,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587869054928,"pkt":"ABoRAAACABoRAAABCABFAAAodHxAABAGyFitwnYwCggAAQG7julUXOKBq6MeLlAQ\/\/\/whAAA"}
 00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1435587869106324,"flow_dst_last_pkt_time":1435587868644726,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587869106324,"pkt":"ABoRAAACABoRAAABCABFAADeH6tAAEAGNH0KCAABLjOtto0GAbtbbHOupJOMU1AY\/\/9DnQAAFgMBALEBAACtAwGHsWGgHOt8dG+f+uI0AkWsU3L2DLrIYI7d\/JEa4+8W9QAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587869106324,"flow_dst_last_pkt_time":1435587868644726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869106324,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587869106324,"flow_dst_last_pkt_time":1435587868644726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869106324,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1435587869106324,"flow_dst_last_pkt_time":1435587869106781,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587869106781,"pkt":"ABoRAAACABoRAAABCABFAAAodH5AABAGEGAuM622CggAAQG7jQakk4xTW2x0ZFAQ\/\/86aQAA"}
-01237{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587868996463,"flow_src_last_pkt_time":1435587869054724,"flow_dst_last_pkt_time":1435587869107169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1435587869107169,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"23f1f6e2f0015c166df49fdab4280370","unsafe_cipher":2,"cipher":"TLS_ECDHE_RSA_WITH_RC4_128_SHA"}}}
+01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587868996463,"flow_src_last_pkt_time":1435587869054724,"flow_dst_last_pkt_time":1435587869107169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1435587869107169,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"23f1f6e2f0015c166df49fdab4280370","ja4":"t10d140200_37d7d24289bf_33a13ba74d1c","unsafe_cipher":2,"cipher":"TLS_ECDHE_RSA_WITH_RC4_128_SHA"}}}
 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587869162594,"flow_src_last_pkt_time":1435587869162594,"flow_dst_last_pkt_time":1435587869162594,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869162594,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1435587869162594,"flow_dst_last_pkt_time":1435587869162594,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587869162594,"pkt":"ABoRAAACABoRAAABCABFAAA8XmhAAEAGt7gKCAABNubjrLHgAFDjpDJQAAAAAKAC\/\/\/u\/QAAAgQFtAQCCAoACGw4AAAAAAEDAwg="}
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1435587869162594,"flow_dst_last_pkt_time":1435587869163745,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587869163745,"pkt":"ABoRAAACABoRAAABCABFAAAodIRAABAG0bA25uOsCggAAQBQseAcW82v46QyUVAS\/\/\/ZBQAA"}
@@ -51,9 +51,9 @@
 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1435587869165386,"flow_dst_last_pkt_time":1435587869163745,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_usec":1435587869165386,"pkt":"ABoRAAACABoRAAABCABFAAC0XmpAAEAGtz4KCAABNubjrLHgAFDjpDJRHFvNsFAY\/\/8QEAAAR0VUIC9sYW5nX2Fzci9sYW5nLnBvcnR1Z3Vlc2VfYnJfYXNyIEhUVFAvMS4wDQpIb3N0OiBjcmVzLndhemUuY29tDQpVc2VyLUFnZW50OiAvMy45LjQuMA0KSWYtTW9kaWZpZWQtU2luY2U6IFR1ZSwgMjggQXByIDIwMTUgMTQ6NTA6MjUgR01UDQo="}
 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587869162594,"flow_src_last_pkt_time":1435587869165386,"flow_dst_last_pkt_time":1435587869163745,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587869165386,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","http": {"url":"cres.waze.com\/lang_asr\/lang.portuguese_br_asr","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}}
 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1435587869165386,"flow_dst_last_pkt_time":1435587869165848,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587869165848,"pkt":"ABoRAAACABoRAAABCABFAAAodIVAABAG0a825uOsCggAAQBQseAcW82w46Qy3VAQ\/\/\/YegAA"}
-01342{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587869106324,"flow_dst_last_pkt_time":1435587869425938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587869425938,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}}
-01618{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587868634159,"flow_src_last_pkt_time":1435587869002239,"flow_dst_last_pkt_time":1435587869476878,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3147,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587869476878,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}}
-01618{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587869477117,"flow_dst_last_pkt_time":1435587869477401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2135,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587869477401,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}}
+01387{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587869106324,"flow_dst_last_pkt_time":1435587869425938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587869425938,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}}
+01663{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587868634159,"flow_src_last_pkt_time":1435587869002239,"flow_dst_last_pkt_time":1435587869476878,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3147,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587869476878,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}}
+01663{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587868635666,"flow_src_last_pkt_time":1435587869477117,"flow_dst_last_pkt_time":1435587869477401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2135,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587869477401,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}}
 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1435587870163940,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1435587870163940,"pkt":"ABoRAAACABoRAAABCABFAABNMsRAAEAGQsMKECWdriXnUaUQFGaA18okWhY9doAYAVcm3gAAAQEICgAIbJ1BJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="}
 01217{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587867755556,"flow_src_last_pkt_time":1435587867781306,"flow_dst_last_pkt_time":1435587871459664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587871459664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"xtra1.gpsonextra.net","http": {"url":"xtra1.gpsonextra.net\/xtra2.bin","code":200,"content_type":"application\/octet-stream","user_agent":"Android"}}}
 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587871656080,"flow_src_last_pkt_time":1435587871656080,"flow_dst_last_pkt_time":1435587871656080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587871656080,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -91,16 +91,16 @@
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1435587871945754,"flow_dst_last_pkt_time":1435587871941271,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587871945754,"pkt":"ABoRAAACABoRAAABCABFAAAoxDVAAEAGxaUKCAABNBFy25hiAbudWal9YqZWhFAQ\/\/9kwAAA"}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1435587871945866,"flow_dst_last_pkt_time":1435587871943372,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587871945866,"pkt":"ABoRAAACABoRAAABCABFAAAoRGhAAEAG0cwKCAABNubjrLHqAFALhykw9HjW0VAQ\/\/\/Y\/AAA"}
 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872045758,"flow_dst_last_pkt_time":1435587871929277,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587872045758,"pkt":"ABoRAAACABoRAAABCABFAADecItAAEAGp\/oKCAABsCJnacdpAbv69x3CBQjiP1AY\/\/86cAAAFgMBALEBAACtAwGmC6YG6dpggqRoocPCS6GRSW3HALPFXrzPaO9ENu8EQgAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587872045758,"flow_dst_last_pkt_time":1435587871929277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872045758,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587872045758,"flow_dst_last_pkt_time":1435587871929277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872045758,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872045758,"flow_dst_last_pkt_time":1435587872051153,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872051153,"pkt":"ABoRAAACABoRAAABCABFAAAodLFAABAG1IqwImdpCggAAQG7x2kFCOI\/+vceeFAQ\/\/\/EYwAA"}
 00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872139946,"flow_dst_last_pkt_time":1435587871932105,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587872139946,"pkt":"ABoRAAACABoRAAABCABFAADeKgJAAEAG7oMKCAABsCJnacdqAbskTkdJ27G4uFAY\/\/\/bawAAFgMBALEBAACtAwGNvLHuc12\/pFbnkT4Pum8D8uFdGv9vMlW4Y0hHfiKGhwAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587872139946,"flow_dst_last_pkt_time":1435587871932105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872139946,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587872139946,"flow_dst_last_pkt_time":1435587871932105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872139946,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872139946,"flow_dst_last_pkt_time":1435587872140238,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872140238,"pkt":"ABoRAAACABoRAAABCABFAAAodLNAABAG1IiwImdpCggAAQG7x2rbsbi4JE5H\/1AQ\/\/\/EYgAA"}
 00778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872205500,"flow_dst_last_pkt_time":1435587871938758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587872205500,"pkt":"ABoRAAACABoRAAABCABFAADe\/W5AAEAGGxcKCAABsCJnacdrAbsTBZAl7Ppv3FAY\/\/9RtAAAFgMBALEBAACtAwGE\/segDJyCTDDrsx\/XYj7jlyYez\/MCm2qOXqnc1anvDwAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587872205500,"flow_dst_last_pkt_time":1435587871938758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872205500,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587872205500,"flow_dst_last_pkt_time":1435587871938758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872205500,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872205500,"flow_dst_last_pkt_time":1435587872206080,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872206080,"pkt":"ABoRAAACABoRAAABCABFAAAodLRAABAG1IewImdpCggAAQG7x2vs+m\/cEwWQ21AQ\/\/\/EYQAA"}
 00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872289316,"flow_dst_last_pkt_time":1435587871941271,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587872289316,"pkt":"ABoRAAACABoRAAABCABFAADexDZAAEAGxO4KCAABNBFy25hiAbudWal9YqZWhFAY\/\/8vsgAAFgMBALEBAACtAwF2lB5vq2mfN7X6ktw+ENS1yvGFdgW5h3\/A\/IpZBJlZIAAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871939085,"flow_src_last_pkt_time":1435587872289316,"flow_dst_last_pkt_time":1435587871941271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872289316,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871939085,"flow_src_last_pkt_time":1435587872289316,"flow_dst_last_pkt_time":1435587871941271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872289316,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872289316,"flow_dst_last_pkt_time":1435587872289966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872289966,"pkt":"ABoRAAACABoRAAABCABFAAAodLVAABAGRSY0EXLbCggAAQG7mGJiplaEnVmqM1AQ\/\/9kCgAA"}
 00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872340645,"flow_dst_last_pkt_time":1435587871943372,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_usec":1435587872340645,"pkt":"ABoRAAACABoRAAABCABFAADFRGlAAEAG0S4KCAABNubjrLHqAFALhykw9HjW0VAY\/\/\/+LwAAR0VUIC9uZXdWY29uZmlnLzEuMC8zL3Byb21wdHNfY29uZi5idWY\/cnRzZXJ2ZXItaWQ9MTUgSFRUUC8xLjANCkhvc3Q6IGNyZXMud2F6ZS5jb20NClVzZXItQWdlbnQ6IC8zLjkuNC4wDQpJZi1Nb2RpZmllZC1TaW5jZTogVHVlLCAyMyBKdW4gMjAxNSAyMTo0MToxMyBHTVQNCg=="}
 01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587871941434,"flow_src_last_pkt_time":1435587872340645,"flow_dst_last_pkt_time":1435587871943372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872340645,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","http": {"url":"cres.waze.com\/newVconfig\/1.0\/3\/prompts_conf.buf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}}
@@ -112,9 +112,9 @@
 00733{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1435587872479232,"flow_dst_last_pkt_time":1435587872477714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1435587872479232,"pkt":"ABoRAAACABoRAAABCABFAADAWSRAAEAGvHgKCAABNubjrLHwAFDxQTSnDr7LWlAY\/\/9RbQAAR0VUIC9sYW5ncy8xLjAvbGFuZy5wb3J0dWd1ZXNlX2JyP3J0c2VydmVyLWlkPTE1IEhUVFAvMS4wDQpIb3N0OiBjcmVzLndhemUuY29tDQpVc2VyLUFnZW50OiAvMy45LjQuMA0KSWYtTW9kaWZpZWQtU2luY2U6IFdlZCwgMTcgSnVuIDIwMTUgMTQ6MDk6MzggR01UDQo="}
 01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587872476294,"flow_src_last_pkt_time":1435587872479232,"flow_dst_last_pkt_time":1435587872477714,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872479232,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cres.waze.com","http": {"url":"cres.waze.com\/langs\/1.0\/lang.portuguese_br?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872479232,"flow_dst_last_pkt_time":1435587872479402,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872479402,"pkt":"ABoRAAACABoRAAABCABFAAAodL9AABAG0XU25uOsCggAAQBQsfAOvsta8UE1P1AQ\/\/\/YXgAA"}
-01248{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587872205500,"flow_dst_last_pkt_time":1435587872515481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587872515481,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}}
-01248{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587872045758,"flow_dst_last_pkt_time":1435587872568660,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587872568660,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}}
-01523{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871939085,"flow_src_last_pkt_time":1435587872289316,"flow_dst_last_pkt_time":1435587872569585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3491,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587872569585,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}}
+01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587872205500,"flow_dst_last_pkt_time":1435587872515481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587872515481,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}}
+01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587872045758,"flow_dst_last_pkt_time":1435587872568660,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587872568660,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}}
+01568{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871939085,"flow_src_last_pkt_time":1435587872289316,"flow_dst_last_pkt_time":1435587872569585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3491,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587872569585,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587872702798,"flow_src_last_pkt_time":1435587872702798,"flow_dst_last_pkt_time":1435587872702798,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587872702798,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1435587872702798,"flow_dst_last_pkt_time":1435587872702798,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587872702798,"pkt":"ABoRAAACABoRAAABCABFAAA8Y6lAAEAGsncKCAABNubjrLHyAFAC8Q4\/AAAAAKAC\/\/\/yUgAAAgQFtAQCCAoACG2WAAAAAAEDAwg="}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1435587872702798,"flow_dst_last_pkt_time":1435587872704043,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872704043,"pkt":"ABoRAAACABoRAAABCABFAAAodMpAABAG0Wo25uOsCggAAQBQsfL9DvHAAvEOQFAS\/\/\/Y8wAA"}
@@ -124,46 +124,46 @@
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1435587872706282,"flow_dst_last_pkt_time":1435587872706630,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587872706630,"pkt":"ABoRAAACABoRAAABCABFAAAodM1AABAG0Wc25uOsCggAAQBQsfL9DvHBAvEO1lAQ\/\/\/YXgAA"}
 02345{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1435587867755556,"flow_src_last_pkt_time":1435587873023451,"flow_dst_last_pkt_time":1435587873023894,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":11779,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":60924,"midstream":0,"thread_ts_usec":1435587873023894,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2041,"avg":339878.5,"max":3680611,"stddev":884676.9,"var":782653259776.0,"ent":2.8,"data": [3747,3915,21835,22372,3677989,3680611,286073,284297,338879,393453,330278,329396,54620,2041,179324,179523,2610,51219,50746,3092,28507,76268,51141,51323,122745,73523,10248,59104,52582,58295,56477]},"pktlen": {"min":40,"avg":1952.7,"max":11819,"stddev":3090.5,"var":9551440.0,"ent":3.5,"data": [60,40,40,303,40,1408,40,2776,40,5512,40,8248,40,2673,40,1408,40,1408,40,9616,40,2776,40,5512,40,5512,40,2776,40,11819,40,40]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,10]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.427644730,4.730641365,4.680641174,5.499622345,4.630641460,7.039453506,4.630641460,6.947220325,4.630641460,5.584113598,4.680641174,6.835184574,4.680641174,6.998500347,4.580641747,3.024588346,4.630641460,6.950185776,4.730640888,6.195324898,4.680641651,6.552656651,4.680641174,1.660765886,4.730641365,1.651001215,4.730640888,1.384768248,4.611768723,1.660717368,4.680640697,4.680641174]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}}
 02430{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1435587868634159,"flow_src_last_pkt_time":1435587873119875,"flow_dst_last_pkt_time":1435587873120117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":5461,"flow_src_tot_l4_payload_len":3221,"flow_dst_tot_l4_payload_len":13199,"midstream":0,"thread_ts_usec":1435587873120117,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":169,"avg":289408.8,"max":1658841,"stddev":505049.6,"var":255075106816.0,"ent":3.3,"data": [1230,10859,357221,367097,474392,475318,8069,9038,265872,317654,51992,865,554,304,254,1430075,1483289,119461,172808,51439,51948,1420,901,467,433,340,381,1601922,1658841,169,57061]},"pktlen": {"min":40,"avg":553.8,"max":5501,"stddev":1270.8,"var":1615041.0,"ent":3.0,"data": [60,40,40,222,40,3187,40,366,40,274,189,40,576,40,101,40,5501,40,189,40,576,40,576,40,576,40,101,40,4397,40,189,40]},"bins": {"c_to_s": [5,2,0,0,3,1,0,0,0,0,1,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,0,1],"entropies": [4.346510887,4.684184074,4.665311813,5.227974892,4.665312290,7.402610779,4.615312099,7.299519062,4.665312290,7.035841465,6.858353615,4.615312099,7.612000942,4.665312290,6.077723026,4.615312099,7.960921764,4.665311813,6.823141098,4.596440315,7.582696438,4.615312099,7.667782307,4.615312099,7.607909679,4.665312290,6.192669392,4.665312290,7.950992584,4.615312099,6.755126476,4.615312099]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
-01248{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587872139946,"flow_dst_last_pkt_time":1435587873486827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587873486827,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}}
-01512{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587872566264,"flow_dst_last_pkt_time":1435587873688799,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2111,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3479,"midstream":0,"thread_ts_usec":1435587873688799,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}}}
-01512{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587873537747,"flow_dst_last_pkt_time":1435587873741385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2111,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3479,"midstream":0,"thread_ts_usec":1435587873741385,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}}}
-01512{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587873745477,"flow_dst_last_pkt_time":1435587874033211,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3479,"midstream":0,"thread_ts_usec":1435587874033211,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}}}
+01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587872139946,"flow_dst_last_pkt_time":1435587873486827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587873486827,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}}
+01557{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587871935294,"flow_src_last_pkt_time":1435587872566264,"flow_dst_last_pkt_time":1435587873688799,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2111,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3479,"midstream":0,"thread_ts_usec":1435587873688799,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}}}
+01557{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587871929480,"flow_src_last_pkt_time":1435587873537747,"flow_dst_last_pkt_time":1435587873741385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2111,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3479,"midstream":0,"thread_ts_usec":1435587873741385,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}}}
+01557{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1435587871918621,"flow_src_last_pkt_time":1435587873745477,"flow_dst_last_pkt_time":1435587874033211,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3479,"midstream":0,"thread_ts_usec":1435587874033211,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}}}
 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1435587874253893,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1435587874253893,"pkt":"ABoRAAACABoRAAABCABFAABNMsVAAEAGQsIKECWdriXnUaUQFGaA18okWhY9doAYAVclRQAAAQEICgAIbjZBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="}
 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878215938,"flow_dst_last_pkt_time":1435587878215938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587878215938,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1435587878215938,"flow_dst_last_pkt_time":1435587878215938,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587878215938,"pkt":"ABoRAAACABoRAAABCABFAAA8EZdAAEAGeDAKCAABNBFy25htAbtopH5VAAAAAKAC\/\/+mHQAAAgQFtAQCCAoACG\/CAAAAAAEDAwg="}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1435587878215938,"flow_dst_last_pkt_time":1435587878217263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587878217263,"pkt":"ABoRAAACABoRAAABCABFAAAodRhAABAGRMM0EXLbCggAAQG7mG2XW4GqaKR+VlAS\/\/9ktAAA"}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1435587878217523,"flow_dst_last_pkt_time":1435587878217263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587878217523,"pkt":"ABoRAAACABoRAAABCABFAAAoEZhAAEAGeEMKCAABNBFy25htAbtopH5Wl1uBq1AQ\/\/9ktQAA"}
 00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1435587878444441,"flow_dst_last_pkt_time":1435587878217263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587878444441,"pkt":"ABoRAAACABoRAAABCABFAADeEZlAAEAGd4wKCAABNBFy25htAbtopH5Wl1uBq1AY\/\/\/QKAAAFgMBALEBAACtAwGuYbGMU0Nfp5xq\/npkGkka24sX9VU\/rk18edcLN8FjCgAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878444441,"flow_dst_last_pkt_time":1435587878217263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587878444441,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878444441,"flow_dst_last_pkt_time":1435587878217263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587878444441,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1435587878444441,"flow_dst_last_pkt_time":1435587878444758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587878444758,"pkt":"ABoRAAACABoRAAABCABFAAAodRtAABAGRMA0EXLbCggAAQG7mG2XW4GraKR\/DFAQ\/\/9j\/wAA"}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587878606407,"flow_dst_last_pkt_time":1435587878606407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587878606407,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1435587878606407,"flow_dst_last_pkt_time":1435587878606407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587878606407,"pkt":"ABoRAAACABoRAAABCABFAAA8DkFAAEAGt5sKCAABsCK6tI3YAbvsnGGoAAAAAKAC\/\/+FVQAAAgQFtAQCCAoACG\/pAAAAAAEDAwg="}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1435587878606407,"flow_dst_last_pkt_time":1435587878608820,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587878608820,"pkt":"ABoRAAACABoRAAABCABFAAAodR5AABAGgNKwIrq0CggAAQG7jdgTY55X7JxhqVAS\/\/+rXgAA"}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1435587878609194,"flow_dst_last_pkt_time":1435587878608820,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587878609194,"pkt":"ABoRAAACABoRAAABCABFAAAoDkJAAEAGt64KCAABsCK6tI3YAbvsnGGpE2OeWFAQ\/\/+rXwAA"}
-01247{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878444441,"flow_dst_last_pkt_time":1435587878781291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587878781291,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}}
-01523{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878831646,"flow_dst_last_pkt_time":1435587878832590,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2123,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587878832590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}}
+01292{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878444441,"flow_dst_last_pkt_time":1435587878781291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1435587878781291,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}}
+01568{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587878215938,"flow_src_last_pkt_time":1435587878831646,"flow_dst_last_pkt_time":1435587878832590,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2123,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587878832590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}}
 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1435587878901005,"flow_dst_last_pkt_time":1435587878608820,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587878901005,"pkt":"ABoRAAACABoRAAABCABFAADeDkNAAEAGtvcKCAABsCK6tI3YAbvsnGGpE2OeWFAY\/\/8ZoQAAFgMBALEBAACtAwFWCBNoAIHi9OlNrmTTyx\/umOS8ZNI54fs0MYN5hNdT+wAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587878901005,"flow_dst_last_pkt_time":1435587878608820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587878901005,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587878901005,"flow_dst_last_pkt_time":1435587878608820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587878901005,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1435587878901005,"flow_dst_last_pkt_time":1435587878901314,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587878901314,"pkt":"ABoRAAACABoRAAABCABFAAAodSJAABAGgM6wIrq0CggAAQG7jdgTY55Y7JxiX1AQ\/\/+qqQAA"}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879018798,"flow_dst_last_pkt_time":1435587879018798,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587879018798,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1435587879018798,"flow_dst_last_pkt_time":1435587879018798,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587879018798,"pkt":"ABoRAAACABoRAAABCABFAAA8CjxAAEAGu6AKCAABsCK6tI3aAbtwD3ouAAAAAKAC\/\/\/pMQAAAgQFtAQCCAoACHASAAAAAAEDAwg="}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1435587879018798,"flow_dst_last_pkt_time":1435587879020661,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587879020661,"pkt":"ABoRAAACABoRAAABCABFAAAodSNAABAGgM2wIrq0CggAAQG7jdqP8IXRcA96L1AS\/\/+rXAAA"}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1435587879020846,"flow_dst_last_pkt_time":1435587879020661,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587879020846,"pkt":"ABoRAAACABoRAAABCABFAAAoCj1AAEAGu7MKCAABsCK6tI3aAbtwD3ovj\/CF0lAQ\/\/+rXQAA"}
-01248{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587878901005,"flow_dst_last_pkt_time":1435587879181153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587879181153,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}}
-01524{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587879233437,"flow_dst_last_pkt_time":1435587879233895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2479,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587879233895,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}}
+01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587878901005,"flow_dst_last_pkt_time":1435587879181153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587879181153,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}}
+01569{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587878606407,"flow_src_last_pkt_time":1435587879233437,"flow_dst_last_pkt_time":1435587879233895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2479,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587879233895,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}}
 00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1435587879574527,"flow_dst_last_pkt_time":1435587879020661,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587879574527,"pkt":"ABoRAAACABoRAAABCABFAADeCj5AAEAGuvwKCAABsCK6tI3aAbtwD3ovj\/CF0lAY\/\/\/+sgAAFgMBALEBAACtAwGSsw\/fktSmaBgooXXKSQQjKTgV1PXtiav8sr65RpY55wAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879574527,"flow_dst_last_pkt_time":1435587879020661,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587879574527,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879574527,"flow_dst_last_pkt_time":1435587879020661,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587879574527,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1435587879574527,"flow_dst_last_pkt_time":1435587879574890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587879574890,"pkt":"ABoRAAACABoRAAABCABFAAAodSlAABAGgMewIrq0CggAAQG7jdqP8IXScA965VAQ\/\/+qpwAA"}
 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587879850574,"flow_src_last_pkt_time":1435587879850574,"flow_dst_last_pkt_time":1435587879850574,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587879850574,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1435587879850574,"flow_dst_last_pkt_time":1435587879850574,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587879850574,"pkt":"ABoRAAACABoRAAABCABFAAA8Fw9AAEAGrs0KCAABsCK6tI3cAbueIGdrAAAAAKAC\/\/\/NjwAAAgQFtAQCCAoACHBkAAAAAAEDAwg="}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1435587879850574,"flow_dst_last_pkt_time":1435587879852814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587879852814,"pkt":"ABoRAAACABoRAAABCABFAAAodS5AABAGgMKwIrq0CggAAQG7jdxh35iUniBnbFAS\/\/+rWgAA"}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1435587879853039,"flow_dst_last_pkt_time":1435587879852814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587879853039,"pkt":"ABoRAAACABoRAAABCABFAAAoFxBAAEAGruAKCAABsCK6tI3cAbueIGdsYd+YlVAQ\/\/+rWwAA"}
-01248{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879574527,"flow_dst_last_pkt_time":1435587879855334,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587879855334,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}}
-01524{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879907076,"flow_dst_last_pkt_time":1435587879907785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2479,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587879907785,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}}
+01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":396,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879574527,"flow_dst_last_pkt_time":1435587879855334,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587879855334,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}}
+01569{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587879018798,"flow_src_last_pkt_time":1435587879907076,"flow_dst_last_pkt_time":1435587879907785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2479,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587879907785,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}}
 00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1435587879958583,"flow_dst_last_pkt_time":1435587879852814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587879958583,"pkt":"ABoRAAACABoRAAABCABFAADeFxFAAEAGrikKCAABsCK6tI3cAbueIGdsYd+YlVAY\/\/+8qQAAFgMBALEBAACtAwFRXWw4ffzcoR+ELSkdRag9IC5DFcRvWYz6Kh3Hk0YO0AAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587879850574,"flow_src_last_pkt_time":1435587879958583,"flow_dst_last_pkt_time":1435587879852814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587879958583,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587879850574,"flow_src_last_pkt_time":1435587879958583,"flow_dst_last_pkt_time":1435587879852814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587879958583,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1435587879958583,"flow_dst_last_pkt_time":1435587879958805,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587879958805,"pkt":"ABoRAAACABoRAAABCABFAAAodTFAABAGgL+wIrq0CggAAQG7jdxh35iVniBoIlAQ\/\/+qpQAA"}
-01524{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587879850574,"flow_src_last_pkt_time":1435587879958583,"flow_dst_last_pkt_time":1435587880568184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3491,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587880568184,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}}
+01569{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587879850574,"flow_src_last_pkt_time":1435587879958583,"flow_dst_last_pkt_time":1435587880568184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3491,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3491,"midstream":0,"thread_ts_usec":1435587880568184,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587880576575,"flow_src_last_pkt_time":1435587880576575,"flow_dst_last_pkt_time":1435587880576575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587880576575,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1435587880576575,"flow_dst_last_pkt_time":1435587880576575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1435587880576575,"pkt":"ABoRAAACABoRAAABCABFAAA0U4FAAEAG6tYKECWdyKAEH6vXAFAtnZBdDlnt+YARAVu2DAAAAQEICgAIcK6K\/GDA"}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1435587880576575,"flow_dst_last_pkt_time":1435587880577294,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587880577294,"pkt":"ABoRAAACABoRAAABCABFAAAodUFAABAG+SLIoAQfChAlnQBQq9cOWe35LZ2QXlAQ\/\/9M8gAA"}
@@ -217,9 +217,9 @@
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1435587894241434,"flow_dst_last_pkt_time":1435587894244164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587894244164,"pkt":"ABoRAAACABoRAAABCABFAAAodXFAABAGD20uM622CggAAQG7jSY8g2YVw3yZ61AS\/\/86\/gAA"}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1435587894244582,"flow_dst_last_pkt_time":1435587894244164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587894244582,"pkt":"ABoRAAACABoRAAABCABFAAAo7+9AAEAGZO4KCAABLjOtto0mAbvDfJnrPINmFlAQ\/\/86\/wAA"}
 00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_src_last_pkt_time":1435587894323314,"flow_dst_last_pkt_time":1435587894244164,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587894323314,"pkt":"ABoRAAACABoRAAABCABFAADe7\/BAAEAGZDcKCAABLjOtto0mAbvDfJnrPINmFlAY\/\/+u+wAAFgMBALEBAACtAwFHEcC8WvO2sF2kYiE8YWqxi\/TdpMl6\/BrnTeWud37DVAAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587894241434,"flow_src_last_pkt_time":1435587894323314,"flow_dst_last_pkt_time":1435587894244164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587894323314,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587894241434,"flow_src_last_pkt_time":1435587894323314,"flow_dst_last_pkt_time":1435587894244164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587894323314,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_src_last_pkt_time":1435587894323314,"flow_dst_last_pkt_time":1435587894323591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587894323591,"pkt":"ABoRAAACABoRAAABCABFAAAodXJAABAGD2wuM622CggAAQG7jSY8g2YWw3yaoVAQ\/\/86SQAA"}
-01620{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587894241434,"flow_src_last_pkt_time":1435587894323314,"flow_dst_last_pkt_time":1435587894759207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3147,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587894759207,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}}
+01665{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587894241434,"flow_src_last_pkt_time":1435587894323314,"flow_dst_last_pkt_time":1435587894759207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":3147,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587894759207,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}}
 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587898822469,"flow_src_last_pkt_time":1435587898822469,"flow_dst_last_pkt_time":1435587898822469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587898822469,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1435587898822469,"flow_dst_last_pkt_time":1435587898822469,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1435587898822469,"pkt":"ABoRAAACABoRAAABCABFAAA8qMZAAEAGamAKCAABbKiw5MaMAbuJft8IAAAAAKAC\/\/93xAAAAgQFtAQCCAoACHfOAAAAAAEDAwg="}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1435587898822469,"flow_dst_last_pkt_time":1435587898824110,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587898824110,"pkt":"ABoRAAACABoRAAABCABFAAAodXtAABAGzb9sqLDkCggAAQG7xox2gSD3iX7fCVAS\/\/+\/9AAA"}
@@ -232,10 +232,10 @@
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1435587905035020,"flow_dst_last_pkt_time":1435587905038374,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587905038374,"pkt":"ABoRAAACABoRAAABCABFAAAodYZAABAGD1guM622CggAAQG7jSkPol\/g8F2gIFAS\/\/86+wAA"}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1435587905039092,"flow_dst_last_pkt_time":1435587905038374,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587905039092,"pkt":"ABoRAAACABoRAAABCABFAAAo2iRAAEAGerkKCAABLjOtto0pAbvwXaAgD6Jf4VAQ\/\/86\/AAA"}
 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1435587905111264,"flow_dst_last_pkt_time":1435587905038374,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1435587905111264,"pkt":"ABoRAAACABoRAAABCABFAADe2iVAAEAGegIKCAABLjOtto0pAbvwXaAgD6Jf4VAY\/\/\/tNgAAFgMBALEBAACtAwGvtEh7ZPeUuZEpuZqGf1gkt94wLOoQqmQjq2yZ1wt58QAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587905035020,"flow_src_last_pkt_time":1435587905111264,"flow_dst_last_pkt_time":1435587905038374,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587905111264,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
+01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1435587905035020,"flow_src_last_pkt_time":1435587905111264,"flow_dst_last_pkt_time":1435587905038374,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435587905111264,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}}
 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1435587905111264,"flow_dst_last_pkt_time":1435587905111789,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1435587905111789,"pkt":"ABoRAAACABoRAAABCABFAAAodYdAABAGD1cuM622CggAAQG7jSkPol\/h8F2g1lAQ\/\/86RgAA"}
-01344{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587905035020,"flow_src_last_pkt_time":1435587905111264,"flow_dst_last_pkt_time":1435587905510433,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587905510433,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}}
-01620{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587905035020,"flow_src_last_pkt_time":1435587905561592,"flow_dst_last_pkt_time":1435587905565256,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2135,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587905565256,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}}
+01389{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1435587905035020,"flow_src_last_pkt_time":1435587905111264,"flow_dst_last_pkt_time":1435587905510433,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":1012,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1435587905510433,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}}
+01665{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1435587905035020,"flow_src_last_pkt_time":1435587905561592,"flow_dst_last_pkt_time":1435587905565256,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":2135,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":3147,"midstream":0,"thread_ts_usec":1435587905565256,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.Waze","proto_id":"91.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","ja4":"t10d320300_771403ec58f7_a875e5012fde","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}}
 00948{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880580707,"flow_src_last_pkt_time":1435587880589785,"flow_dst_last_pkt_time":1435587880581398,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}}
 00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880580707,"flow_src_last_pkt_time":1435587880589785,"flow_dst_last_pkt_time":1435587880581398,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00970{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1435587868632030,"flow_src_last_pkt_time":1435587869162291,"flow_dst_last_pkt_time":1435587869162022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":1624,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":2992,"midstream":0,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Waze","proto_id":"7.135","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
@@ -279,7 +279,7 @@
 00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880581548,"flow_src_last_pkt_time":1435587880589942,"flow_dst_last_pkt_time":1435587880582653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
 00864{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":2,"flow_first_seen":1435587866603221,"flow_src_last_pkt_time":1435587898628291,"flow_dst_last_pkt_time":1435587898628143,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
 00776{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":2,"flow_first_seen":1435587866603221,"flow_src_last_pkt_time":1435587898628291,"flow_dst_last_pkt_time":1435587898628143,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4365-b08c787f","packets-captured":597,"packets-processed":597,"total-skipped-flows":0,"total-l4-payload-len":326183,"total-not-detected-flows":1,"total-guessed-flows":9,"total-detected-flows":23,"total-detection-updates":22,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":282,"global_ts_usec":1435587907392933}
+00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4537-4543385d","packets-captured":597,"packets-processed":597,"total-skipped-flows":0,"total-l4-payload-len":326183,"total-not-detected-flows":1,"total-guessed-flows":9,"total-detected-flows":23,"total-detection-updates":22,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":282,"global_ts_usec":1435587907392933}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 597/597
 ~~ skipped flows.............: 0
@@ -288,9 +288,9 @@
 ~~ total active/idle flows...: 33/33
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 11853339 bytes
-~~ total memory freed........: 11853339 bytes
-~~ total allocations/frees...: 217719/217719
+~~ total memory allocated....: 5717107 bytes
+~~ total memory freed........: 5717107 bytes
+~~ total allocations/frees...: 87110/87110
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json message min len.......: 528 chars
 ~~ json message max len.......: 2461 chars