aboutsummaryrefslogtreecommitdiff
path: root/test/results/no_sni.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/no_sni.pcap.out')
-rw-r--r--test/results/no_sni.pcap.out54
1 files changed, 27 insertions, 27 deletions
diff --git a/test/results/no_sni.pcap.out b/test/results/no_sni.pcap.out
index f7c541b03..357eb5eb6 100644
--- a/test/results/no_sni.pcap.out
+++ b/test/results/no_sni.pcap.out
@@ -7,14 +7,14 @@
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1604822444486,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1604822444486,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGFo\/AqAF3aBD5+cmWAbsdU0ZpAAAAALAC\/\/\/IBQAAAgQFtAEDAwYBAQgKKlLxbAAAAAAEAgAA"}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1604822444624,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1604822444624,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADkGHZtoEPn5wKgBdwG7yZbnV+zfHVNGaoAS\/\/9HygAAAgQFeAEBBAIBAwMK"}
00441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1604822444624,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1604822444624,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGFqfAqAF3aBD5+cmWAbsdU0Zq51fs4FAQEAB4YwAA"}
-00867{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822444486,"flow_last_seen":1604822444629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":616,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":154,"midstream":0,"ts_msec":1604822444629,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f14ec85ee5580a29f6523e24e5d3d527","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00907{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1604822444486,"flow_last_seen":1604822444807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":682,"flow_tot_l4_payload_len":1474,"flow_avg_l4_payload_len":184,"midstream":0,"ts_msec":1604822444807,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f14ec85ee5580a29f6523e24e5d3d527","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822444486,"flow_last_seen":1604822444629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":616,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":154,"midstream":0,"ts_msec":1604822444629,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f14ec85ee5580a29f6523e24e5d3d527","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00933{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1604822444486,"flow_last_seen":1604822444807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":682,"flow_tot_l4_payload_len":1474,"flow_avg_l4_payload_len":184,"midstream":0,"ts_msec":1604822444807,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f14ec85ee5580a29f6523e24e5d3d527","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822444913,"flow_last_seen":1604822444913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1604822444913,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1604822444913,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1604822444913,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGlCjAqAF3aBB8YMmcAbs\/DuN6AAAAALAC\/\/+FPgAAAgQFtAEDAwYBAQgKKlLy+gAAAAAEAgAA"}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1604822445034,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1604822445034,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADkGmzRoEHxgwKgBdwG7yZyEa\/jPPw7je4AS\/\/9djQAAAgQFeAEBBAIBAwMK"}
00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1604822445034,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1604822445034,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGlEDAqAF3aBB8YMmcAbs\/DuN7hGv40FAQEACOJgAA"}
-00846{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822444913,"flow_last_seen":1604822445039,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":947,"flow_tot_l4_payload_len":947,"flow_avg_l4_payload_len":236,"midstream":0,"ts_msec":1604822445039,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"76ec527d45e3a2a9093484446d7d3264","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00886{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822444913,"flow_last_seen":1604822445135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":947,"flow_tot_l4_payload_len":1179,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1604822445135,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"76ec527d45e3a2a9093484446d7d3264","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822444913,"flow_last_seen":1604822445039,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":947,"flow_tot_l4_payload_len":947,"flow_avg_l4_payload_len":236,"midstream":0,"ts_msec":1604822445039,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"76ec527d45e3a2a9093484446d7d3264","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00912{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822444913,"flow_last_seen":1604822445135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":947,"flow_tot_l4_payload_len":1179,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1604822445135,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"76ec527d45e3a2a9093484446d7d3264","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":778,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822447227,"flow_last_seen":1604822447227,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1604822447227,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1604822447227,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1604822447227,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGSmLAqAF3aBHGJcmzAbtjbUROAAAAALAC\/\/+t4gAAAgQFtAEDAwYBAQgKKlL7RgAAAAAEAgAA"}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":789,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822447249,"flow_last_seen":1604822447249,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1604822447249,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -27,33 +27,33 @@
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1604822447287,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"ts_msec":1604822447287,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGx9jAqAF3aBZIqsm3AbsAL2HpAAAAALAC\/\/9wxQAAAgQFtAEDAwYBAQgKKlL7eQAAAAAEAgAA"}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1604822447311,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1604822447311,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADcGU25oEcYlwKgBdwG7ybNKGfaqY21ET4AS\/\/\/K9AAAAgQFeAEBBAIBAwMK"}
00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1604822447311,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1604822447311,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGSnrAqAF3aBHGJcmzAbtjbURPShn2q1AQEAD7jQAA"}
-00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447227,"flow_last_seen":1604822447321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1604822447321,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00934{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447227,"flow_last_seen":1604822447321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1604822447321,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1604822447325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1604822447325,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADcGU25oEcYlwKgBdwG7ybQgqbhsGMRIBoAS\/\/95lAAAAgQFeAEBBAIBAwMK"}
00442{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1604822447325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1604822447325,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGSnrAqAF3aBHGJcm0AbsYxEgGIKm4bVAQEACqLQAA"}
-00909{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447249,"flow_last_seen":1604822447330,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1604822447330,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00935{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447249,"flow_last_seen":1604822447330,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"ts_msec":1604822447330,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1604822447368,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1604822447368,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybVDiAdt8KRa8oAS\/\/+aXQAAAgQFeAEBBAIBAwMK"}
00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1604822447369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1604822447369,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm1AbvwpFryQ4gHblAQEADK9gAA"}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1604822447370,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1604822447370,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybbraGnySz6LGIAS\/\/8FNwAAAgQFeAEBBAIBAwMK"}
00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1604822447370,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1604822447370,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm2AbtLPosY62hp81AQEAA10AAA"}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1604822447373,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1604822447373,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybcBQwC0AC9h6oAS\/\/\/M1wAAAgQFeAEBBAIBAwMK"}
00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1604822447373,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"ts_msec":1604822447373,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm3AbsAL2HqAUMAtVAQEAD9cAAA"}
-00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":829,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447374,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1604822447374,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":840,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1604822447380,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":841,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447386,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1604822447386,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":843,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447227,"flow_last_seen":1604822447412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"ts_msec":1604822447412,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":882,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447249,"flow_last_seen":1604822447447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"ts_msec":1604822447447,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00888{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":944,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"ts_msec":1604822447500,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00888{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":948,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"ts_msec":1604822447506,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00888{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":952,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"ts_msec":1604822447515,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1604822447287,"flow_last_seen":1604822447869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7366,"flow_avg_l4_payload_len":210,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
-00657{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1604822447287,"flow_last_seen":1604822447844,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4320,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
-00657{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1604822447287,"flow_last_seen":1604822447839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4320,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
-00612{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1604822444474,"flow_last_seen":1604822444595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":9,"midstream":1,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
+00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":829,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447374,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1604822447374,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":840,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447380,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1604822447380,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":841,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447386,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"ts_msec":1604822447386,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00975{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":843,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447227,"flow_last_seen":1604822447412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"ts_msec":1604822447412,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00976{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":882,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447249,"flow_last_seen":1604822447447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"ts_msec":1604822447447,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":944,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"ts_msec":1604822447500,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":948,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"ts_msec":1604822447506,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":952,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"ts_msec":1604822447515,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"62a4a00de930bd0a5bee0309cc8362ed","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1604822447287,"flow_last_seen":1604822447869,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7366,"flow_avg_l4_payload_len":210,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
+00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1604822447287,"flow_last_seen":1604822447844,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4320,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
+00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1604822447287,"flow_last_seen":1604822447839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4320,"flow_avg_l4_payload_len":196,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
+00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1604822444474,"flow_last_seen":1604822444595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":9,"midstream":1,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1604822444474,"flow_last_seen":1604822444595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":9,"midstream":1,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
-00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":268,"flow_first_seen":1604822444486,"flow_last_seen":1604822448523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":682,"flow_tot_l4_payload_len":17062,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
-00661{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":785,"flow_first_seen":1604822444913,"flow_last_seen":1604822448604,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":480607,"flow_avg_l4_payload_len":612,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1604822447227,"flow_last_seen":1604822447785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4696,"flow_avg_l4_payload_len":204,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
-00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1604822447249,"flow_last_seen":1604822447807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4696,"flow_avg_l4_payload_len":204,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
+00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":268,"flow_first_seen":1604822444486,"flow_last_seen":1604822448523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":682,"flow_tot_l4_payload_len":17062,"flow_avg_l4_payload_len":63,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
+00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":785,"flow_first_seen":1604822444913,"flow_last_seen":1604822448604,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":480607,"flow_avg_l4_payload_len":612,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1604822447227,"flow_last_seen":1604822447785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4696,"flow_avg_l4_payload_len":204,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
+00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1604822447249,"flow_last_seen":1604822447807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4696,"flow_avg_l4_payload_len":204,"midstream":0,"ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","total-events-serialized":57}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1185/1185
@@ -63,10 +63,10 @@
~~ total active/idle flows...: 8/8
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4656514 bytes
-~~ total memory freed........: 4656514 bytes
-~~ total allocations/frees...: 100785/100785
+~~ total memory allocated....: 4739171 bytes
+~~ total memory freed........: 4739171 bytes
+~~ total allocations/frees...: 102375/102375
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 162 chars
-~~ json string max len.......: 955 chars
-~~ json string avg len.......: 628 chars
+~~ json string max len.......: 981 chars
+~~ json string avg len.......: 641 chars
Powered by cgit, Themed by Ted Yin.