aboutsummaryrefslogtreecommitdiff
path: root/test/results/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out')
-rw-r--r--test/results/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out53
1 files changed, 53 insertions, 0 deletions
diff --git a/test/results/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out b/test/results/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out
new file mode 100644
index 000000000..f8c4c3d45
--- /dev/null
+++ b/test/results/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out
@@ -0,0 +1,53 @@
+00598{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00822{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725278711295335}
+00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725278711295335,"flow_src_last_pkt_time":1725278711295335,"flow_dst_last_pkt_time":1725278711295335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711295335,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44532,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
+00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725278711295335,"flow_dst_last_pkt_time":1725278711295335,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711295335,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwSqkAAQAYqEH8AAAF\/AAABrfQEOJ96Es4AAAAAoAL\/1\/4wAAACBP\/XBAIICtChiqgAAAAAAQMDBw=="}
+00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725278711295335,"flow_dst_last_pkt_time":1725278711295427,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711295427,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDit9LL9yaKfehLPoBL\/y\/4wAAACBP\/XBAIICtChiqjQoYqoAQMDBw=="}
+00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1725278711295448,"flow_dst_last_pkt_time":1725278711295427,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725278711295448,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADQSq0AAQAYqF38AAAF\/AAABrfQEOJ96Es+y\/cmjgBACAP4oAAABAQgK0KGKqNChiqg="}
+00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1725278711295526,"flow_dst_last_pkt_time":1725278711295427,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":72,"pkt_l4_len":36,"thread_ts_usec":1725278711295526,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADgSrEAAQAYqEn8AAAF\/AAABrfQEOJ96Es+y\/cmjgBgCAP4sAAABAQgK0KGKqNChiqgFAgAB"}
+00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1725278711295526,"flow_dst_last_pkt_time":1725278711295533,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725278711295533,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADR+iUAAQAa+OH8AAAF\/AAABBDit9LL9yaOfehLTgBACAP4oAAABAQgK0KGKqNChiqg="}
+00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725278711295335,"flow_src_last_pkt_time":1725278711295526,"flow_dst_last_pkt_time":1725278711295915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1725278711295915,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44532,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725278711296937,"flow_src_last_pkt_time":1725278711296937,"flow_dst_last_pkt_time":1725278711296937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711296937,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":39646,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
+00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1725278711296937,"flow_dst_last_pkt_time":1725278711296937,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725278711296937,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEi6BEAAQBGCan8AAAF\/AAA1mt4ANQA0\/nuOygEgAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAABAAEAACkEsAAAAAAAAA=="}
+01113{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725278711296937,"flow_src_last_pkt_time":1725278711296937,"flow_dst_last_pkt_time":1725278711296937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711296937,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":39646,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
+00978{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1725278711296937,"flow_dst_last_pkt_time":1725278711297510,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":362,"pkt_l4_len":326,"thread_ts_usec":1725278711297510,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAVrOWUAAARGsA38AADV\/AAABADWa3gFG\/42OyoGAAAEACQAAAAUDd3d3B3lvdXR1YmUDY29tAAABAAHADAAFAAEAAAEGABYKeW91dHViZS11aQFsBmdvb2dsZcAYwC0AAQABAAABEQAEjvq0jsAtAAEAAQAAAREABNg60S7ALQABAAEAAAERAASO+9EuwC0AAQABAAABEQAE2DrNLsAtAAEAAQAAAREABNg6zI7ALQABAAEAAAERAATYOszuwC0AAQABAAABEQAEjvvRDsAtAAEAAQAAAREABI76tK7ALQAcAAEAAAEGABAqABRQQAIEAgAAAAAAACAOwC0AHAABAAABBgAQKgAUUEACBBYAAAAAAAAgDsAtABwAAQAAAQYAECoAFFBAAgQDAAAAAAAAIA7ALQAcAAEAAAEGABAqABRQQAIEFQAAAAAAACAOAAAp\/9YAAAAAAAA="}
+01224{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725278711296937,"flow_src_last_pkt_time":1725278711296937,"flow_dst_last_pkt_time":1725278711297510,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":318,"midstream":0,"thread_ts_usec":1725278711297510,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":39646,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["142.250.180.142,ttl=273","216.58.209.46,ttl=273","142.251.209.46,ttl=273","216.58.205.46,ttl=273"]}}}
+00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1725278711297554,"flow_dst_last_pkt_time":1725278711297510,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725278711297554,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEi6BUAAQBGCaX8AAAF\/AAA1mt4ANQA0\/nvGyQEgAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAEAACkEsAAAAAAAAA=="}
+00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1725278711297554,"flow_dst_last_pkt_time":1725278711297705,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":234,"pkt_l4_len":198,"thread_ts_usec":1725278711297705,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAANrOWkAAARGsgn8AADV\/AAABADWa3gDG\/w3GyYGAAAEABQAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAHADAAFAAEAAAEGABYKeW91dHViZS11aQFsBmdvb2dsZcAYwC0AHAABAAABBgAQKgAUUEACBAIAAAAAAAAgDsAtABwAAQAAAQYAECoAFFBAAgQDAAAAAAAAIA7ALQAcAAEAAAEGABAqABRQQAIEFgAAAAAAACAOwC0AHAABAAABBgAQKgAUUEACBBUAAAAAAAAgDgAAKf\/WAAAAAAAA"}
+00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725278711300968,"flow_src_last_pkt_time":1725278711300968,"flow_dst_last_pkt_time":1725278711300968,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711300968,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":33702,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
+00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1725278711300968,"flow_dst_last_pkt_time":1725278711300968,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711300968,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADzadUAAQAZiRH8AAAF\/AAABg6YE0tC4yngAAAAAoAL\/1\/4wAAACBP\/XBAIICtChiq0AAAAAAQMDBw=="}
+00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1725278711300968,"flow_dst_last_pkt_time":1725278711300981,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711300981,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBNKDprSj9ZbQuMp5oBL\/y\/4wAAACBP\/XBAIICtChiq3QoYqtAQMDBw=="}
+00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1725278711300988,"flow_dst_last_pkt_time":1725278711300981,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725278711300988,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADTadkAAQAZiS38AAAF\/AAABg6YE0tC4ynm0o\/WXgBACAP4oAAABAQgK0KGKrdChiq0="}
+00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1725278711301309,"flow_dst_last_pkt_time":1725278711300981,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":253,"pkt_l4_len":217,"thread_ts_usec":1725278711301309,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAO3ad0AAQAZhkX8AAAF\/AAABg6YE0tC4ynm0o\/WXgBgCAP7hAAABAQgK0KGKrtChiq1HRVQgLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xOjEyMzQNClVzZXItQWdlbnQ6IEdvLWh0dHAtY2xpZW50LzEuMQ0KQ29ubmVjdGlvbjogVXBncmFkZQ0KU2VjLVdlYlNvY2tldC1LZXk6IGtaWkl3RHJuSG1XWXhqaDdhL3ZsOHc9PQ0KU2VjLVdlYlNvY2tldC1WZXJzaW9uOiAxMw0KVXBncmFkZTogd2Vic29ja2V0DQoNCg=="}
+01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725278711300968,"flow_src_last_pkt_time":1725278711301309,"flow_dst_last_pkt_time":1725278711300981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711301309,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":33702,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1","domainame":"127.0.0.1","http": {"url":"127.0.0.1:1234\/","code":0,"content_type":"","user_agent":"Go-http-client\/1.1"}}}
+00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1725278711301309,"flow_dst_last_pkt_time":1725278711301316,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725278711301316,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADQh2kAAQAYa6H8AAAF\/AAABBNKDprSj9ZfQuMsygBAB\/\/4oAAABAQgK0KGKrtChiq4="}
+00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725278711354999,"flow_src_last_pkt_time":1725278711354999,"flow_dst_last_pkt_time":1725278711354999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711354999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":51390,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
+00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1725278711354999,"flow_dst_last_pkt_time":1725278711354999,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711354999,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAADxpTUAAQAbLhsCoAbeO+rSOyL4Bu\/iOndoAAAAAoAL68AYXAAACBAW0BAIICn93k8EAAAAAAQMDBw=="}
+00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1725278711354999,"flow_dst_last_pkt_time":1725278711357820,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711357820,"pkt":"AAAAAQAGILAB4IZiAAAIAEWAADwAAEAAegb6U476tI7AqAG3AbvIvhyjoLD4jp3boBL\/\/639AAACBAWEBAIICidEO4R\/d5PBAQMDCA=="}
+00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1725278711357866,"flow_dst_last_pkt_time":1725278711357820,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725278711357866,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAADRpTkAAQAbLjcCoAbeO+rSOyL4Bu\/iOndsco6CxgBAB9gYPAAABAQgKf3eTxCdEO4Q="}
+01279{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1725278711358145,"flow_dst_last_pkt_time":1725278711357820,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":585,"pkt_l4_len":549,"thread_ts_usec":1725278711358145,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAAjlpT0AAQAbJh8CoAbeO+rSOyL4Bu\/iOndsco6CxgBgB9ggUAAABAQgKf3eTxCdEO4QWAwECAAEAAfwDA46xyPKufA0h2C\/na1nFm9C+KMncQt0f3tSOiZ28qNdGIL9APvSF8v4p3TWMCqfXvgibYWFwkYj2wAKYq4tRTOVrAD4TAhMDEwHALMAwAJ\/MqcyozKrAK8AvAJ7AJMAoAGvAI8AnAGfACsAUADnACcATADMAnQCcAD0APAA1AC8A\/wEAAXUAAAAUABIAAA93d3cueW91dHViZS5jb20ACwAEAwABAgAKABYAFAAdABcAHgAZABgBAAEBAQIBAwEEM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAADEAAAANACoAKAQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwMBAwIEAgUCBgIAKwAFBAMEAwMALQACAQEAMwAmACQAHQAgCUnwEnwXeX81FYV10UkXFjD\/yp2qEOm4vSM6NHBI6TUAFQCuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
+01292{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725278711354999,"flow_src_last_pkt_time":1725278711358145,"flow_dst_last_pkt_time":1725278711357820,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711358145,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":51390,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
+00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1725278711358145,"flow_dst_last_pkt_time":1725278711360754,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725278711360754,"pkt":"AAAAAQAGILAB4IZiAAAIAEWAADSPwQAAegaqmo76tI7AqAG3AbvIvhyjoLH4jp\/ggBABBdmKAAABAQgKJ0Q7h393k8Q="}
+01337{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725278711354999,"flow_src_last_pkt_time":1725278711358145,"flow_dst_last_pkt_time":1725278711376987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6600,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":6600,"midstream":0,"thread_ts_usec":1725278711376987,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":51390,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3":"4ea056e63b7910cbf543f0c095064dfe","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
+02447{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":86,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1725278711300968,"flow_src_last_pkt_time":1725278711469124,"flow_dst_last_pkt_time":1725278711469141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":699,"flow_dst_max_l4_payload_len":2052,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":18274,"midstream":0,"thread_ts_usec":1725278711469141,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":33702,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":10849.3,"max":81912,"stddev":22504.7,"var":506460032.0,"ent":2.8,"data": [13,20,321,335,139,158,52949,76203,23289,91,56,38,34,108,111,5407,8441,3526,701,41202,81912,40932,58,43,54,53,30,29,27,26,23]},"pktlen": {"min":52,"avg":665.1,"max":2104,"stddev":842.7,"var":710078.0,"ent":3.9,"data": [60,60,52,237,52,181,52,751,2104,52,2104,52,2104,52,723,52,406,753,144,123,52,2084,52,2046,52,2079,52,2043,52,2075,52,531]},"bins": {"c_to_s": [13,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.311033249,4.734919071,4.624013901,5.851198196,4.644789219,5.827358723,4.644789219,7.722790718,7.902339935,4.585552216,7.913048267,4.585552216,7.905004501,4.585552216,7.688803673,4.585552216,7.428673744,7.699780941,6.310562611,6.170208454,4.624013901,7.892062187,4.571035385,7.909559727,4.624013901,7.904311180,4.585552216,7.891872406,4.585552692,7.905772209,4.624013901,7.592932701]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1"}}
+02176{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":96,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1725278711295335,"flow_src_last_pkt_time":1725278711469489,"flow_dst_last_pkt_time":1725278711469627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3932,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":18380,"midstream":0,"thread_ts_usec":1725278711469627,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44532,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":11240.2,"max":82049,"stddev":21975.3,"var":482912224.0,"ent":3.1,"data": [92,113,78,106,382,425,4533,4672,44031,9418,77646,24339,284,267,4160,279,19,13,40,4612,3350,3674,624,41294,82049,41160,126,151,203,160,146]},"pktlen": {"min":52,"avg":653.0,"max":3984,"stddev":1237.6,"var":1531706.8,"ent":3.3,"data": [60,60,52,56,52,54,52,62,62,52,569,3984,52,2720,52,132,98,101,87,115,52,700,83,83,52,3984,52,3984,52,2428,52,901]},"bins": {"c_to_s": [13,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,1,0,0,0,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.311033249,4.747500420,4.638530731,4.549884796,4.638531208,4.628801823,4.600069046,4.733144760,4.497382641,4.600069046,4.669951916,7.947538853,4.676992416,7.920604706,4.600069046,6.167953491,5.851360321,5.834712982,5.660713673,6.112284660,4.676992416,7.680773735,5.506919861,5.521921158,4.676992416,7.956730843,4.561607838,7.954389572,4.561607361,7.916389942,4.561607838,7.802294254]},"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01282{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":16,"flow_first_seen":1725278711300968,"flow_src_last_pkt_time":1725278711469193,"flow_dst_last_pkt_time":1725278711469186,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":699,"flow_dst_max_l4_payload_len":2052,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":19186,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":33702,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1"}}
+01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1725278711295335,"flow_src_last_pkt_time":1725278711469639,"flow_dst_last_pkt_time":1725278711469627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3932,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":18380,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44532,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725278711296937,"flow_src_last_pkt_time":1725278711297554,"flow_dst_last_pkt_time":1725278711297705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":508,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":39646,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
+01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":17,"flow_first_seen":1725278711354999,"flow_src_last_pkt_time":1725278711492259,"flow_dst_last_pkt_time":1725278711492259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6600,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":21168,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":51390,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
+00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725278711492259}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 100/100
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 62316 bytes
+~~ total detected protocols..: 4
+~~ total active/idle flows...: 4/4
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 6848314 bytes
+~~ total memory freed........: 6848314 bytes
+~~ total allocations/frees...: 114295/114295
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json message min len.......: 587 chars
+~~ json message max len.......: 2452 chars
+~~ json message avg len.......: 1514 chars
Powered by cgit, Themed by Ted Yin.