aboutsummaryrefslogtreecommitdiff
path: root/test/results/tls_heuristics_enabled
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/tls_heuristics_enabled')
-rw-r--r--test/results/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out20
-rw-r--r--test/results/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out32
-rw-r--r--test/results/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out32
-rw-r--r--test/results/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out20
-rw-r--r--test/results/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out18
5 files changed, 61 insertions, 61 deletions
diff --git a/test/results/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out b/test/results/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out
index 748043c2b..e603a1a4d 100644
--- a/test/results/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out
+++ b/test/results/tls_heuristics_enabled/tls_heur__shadowsocks-tcp.pcapng.out
@@ -1,5 +1,5 @@
-00647{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00868{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725100298253624}
+00647{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00868{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725100298253624}
00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725100298253624,"flow_src_last_pkt_time":1725100298253624,"flow_dst_last_pkt_time":1725100298253624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725100298253624,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44424,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725100298253624,"flow_dst_last_pkt_time":1725100298253624,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725100298253624,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADypskAAQAaTB38AAAF\/AAABrYgEOPrjCTkAAAAAoAL\/1\/4wAAACBP\/XBAIICoJ3H6YAAAAAAQMDBw=="}
00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725100298253624,"flow_dst_last_pkt_time":1725100298253646,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725100298253646,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDitiFpVj4z64wk6oBL\/y\/4wAAACBP\/XBAIICoJ3H6aCdx+mAQMDBw=="}
@@ -9,11 +9,11 @@
00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725100298253624,"flow_src_last_pkt_time":1725100298253733,"flow_dst_last_pkt_time":1725100298254043,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1725100298254043,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44424,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725100298254824,"flow_src_last_pkt_time":1725100298254824,"flow_dst_last_pkt_time":1725100298254824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725100298254824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":41182,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1725100298254824,"flow_dst_last_pkt_time":1725100298254824,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725100298254824,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEiXpkAAQBGkyH8AAAF\/AAA1oN4ANQA0\/nssJwEgAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAABAAEAACkEsAAAAAAAAA=="}
-01113{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725100298254824,"flow_src_last_pkt_time":1725100298254824,"flow_dst_last_pkt_time":1725100298254824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725100298254824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":41182,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
+01108{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725100298254824,"flow_src_last_pkt_time":1725100298254824,"flow_dst_last_pkt_time":1725100298254824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725100298254824,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":41182,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1725100298254907,"flow_dst_last_pkt_time":1725100298254824,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725100298254907,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEiXp0AAQBGkx38AAAF\/AAA1oN4ANQA0\/nsrKAEgAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAEAACkEsAAAAAAAAA=="}
-01247{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1725100298254824,"flow_src_last_pkt_time":1725100298254907,"flow_dst_last_pkt_time":1725100298254824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725100298254907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":41182,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}}
+01241{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1725100298254824,"flow_src_last_pkt_time":1725100298254907,"flow_dst_last_pkt_time":1725100298254824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725100298254907,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":41182,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00979{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1725100298254907,"flow_dst_last_pkt_time":1725100298255187,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":362,"pkt_l4_len":326,"thread_ts_usec":1725100298255187,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAVrnm0AAARGSwX8AADV\/AAABADWg3gFG\/40sJ4GAAAEACQAAAAUDd3d3B3lvdXR1YmUDY29tAAABAAHADAAFAAEAAAEgABYKeW91dHViZS11aQFsBmdvb2dsZcAYwC0AAQABAAAAVwAE2DrMjsAtAAEAAQAAAFcABI770Q7ALQABAAEAAABXAATYOszuwC0AAQABAAAAVwAEjvq0rsAtAAEAAQAAAFcABNg60S7ALQABAAEAAABXAASO+rSOwC0AAQABAAAAVwAEjvvRLsAtAAEAAQAAAFcABNg6zS7ALQAcAAEAAAEgABAqABRQQAIEAgAAAAAAACAOwC0AHAABAAABIAAQKgAUUEACBBUAAAAAAAAgDsAtABwAAQAAASAAECoAFFBAAgQDAAAAAAAAIA7ALQAcAAEAAAEgABAqABRQQAIEFgAAAAAAACAOAAAp\/9YAAAAAAAA="}
-01224{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1725100298254824,"flow_src_last_pkt_time":1725100298254907,"flow_dst_last_pkt_time":1725100298255187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":318,"midstream":0,"thread_ts_usec":1725100298255187,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":41182,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":14,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr": ["216.58.204.142,ttl=87","142.251.209.14,ttl=87","216.58.204.238,ttl=87","142.250.180.174,ttl=87"]}}}
+01218{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1725100298254824,"flow_src_last_pkt_time":1725100298254907,"flow_dst_last_pkt_time":1725100298255187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":318,"midstream":0,"thread_ts_usec":1725100298255187,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":41182,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["216.58.204.142,ttl=87","142.251.209.14,ttl=87","216.58.204.238,ttl=87","142.250.180.174,ttl=87"]}}}
00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1725100298254907,"flow_dst_last_pkt_time":1725100298255342,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":234,"pkt_l4_len":198,"thread_ts_usec":1725100298255342,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAANrnnEAAARGTQH8AADV\/AAABADWg3gDG\/w0rKIGAAAEABQAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAHADAAFAAEAAAEgABYKeW91dHViZS11aQFsBmdvb2dsZcAYwC0AHAABAAABIAAQKgAUUEACBBYAAAAAAAAgDsAtABwAAQAAASAAECoAFFBAAgQDAAAAAAAAIA7ALQAcAAEAAAEgABAqABRQQAIEAgAAAAAAACAOwC0AHAABAAABIAAQKgAUUEACBBUAAAAAAAAgDgAAKf\/WAAAAAAAA"}
00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725100298257324,"flow_src_last_pkt_time":1725100298257324,"flow_dst_last_pkt_time":1725100298257324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725100298257324,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40164,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1725100298257324,"flow_dst_last_pkt_time":1725100298257324,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725100298257324,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADxrZEAAQAbRVX8AAAF\/AAABnOQE0krrbnkAAAAAoAL\/1\/4wAAACBP\/XBAIICoJ3H6oAAAAAAQMDBw=="}
@@ -30,12 +30,12 @@
00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1725100298313913,"flow_dst_last_pkt_time":1725100298317482,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":88,"pkt_l4_len":32,"thread_ts_usec":1725100298317482,"pkt":"AAAAAQAGILAB4IZiAACG3WABZDcAIAZ6KgAUUEACBBYAAAAAAAAgDiABCwcKPcEShiiIqosAkTwBu7EW0+tTydwXJyCAEAEFNmcAAAEBCAre1F8CUwIM2w=="}
01329{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725100298310198,"flow_src_last_pkt_time":1725100298313913,"flow_dst_last_pkt_time":1725100298341941,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1725100298341941,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4002:416::200e","src_port":45334,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
02218{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":89,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1725100298310198,"flow_src_last_pkt_time":1725100298432355,"flow_dst_last_pkt_time":1725100298432652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":4876,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":22039,"midstream":0,"thread_ts_usec":1725100298432652,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4002:416::200e","src_port":45334,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7890.7,"max":49565,"stddev":13540.2,"var":183336016.0,"ent":3.3,"data": [3409,3461,254,3875,24459,28067,229,0,209,14,2973,7544,5275,6462,46393,49565,1,0,8985,52,29,430,0,0,0,285,43,26100,26117,380,0]},"pktlen": {"min":72,"avg":786.9,"max":4948,"stddev":1186.2,"var":1407143.5,"ent":3.9,"data": [80,80,72,589,72,1280,72,4904,631,72,72,345,720,103,103,72,1280,293,1280,72,72,72,1280,1280,1280,4948,72,72,1280,72,1280,1280]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,2]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,1,0,1,0,1,1,1,0,0,0,1,1,1,1,0,0,1,0,1,1],"entropies": [4.755182266,5.261822701,5.153629780,4.806141853,5.165501118,7.786862373,5.164113998,7.965732574,7.625080109,5.164113998,5.164113998,7.146784306,7.713749886,5.760443687,5.767366886,5.125851631,7.825596809,7.149698257,7.853908539,5.153629303,5.153629303,5.153629303,7.834226608,7.855994701,7.841277122,7.962058067,5.125851631,5.153629780,7.850774765,5.153629303,7.848540783,7.840482712]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
-01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725100298254824,"flow_src_last_pkt_time":1725100298254907,"flow_dst_last_pkt_time":1725100298255342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":508,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":41182,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
+01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725100298254824,"flow_src_last_pkt_time":1725100298254907,"flow_dst_last_pkt_time":1725100298255342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":508,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":41182,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
01033{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1725100298257324,"flow_src_last_pkt_time":1725100298432715,"flow_dst_last_pkt_time":1725100298432675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":636,"flow_dst_max_l4_payload_len":7428,"flow_src_tot_l4_payload_len":1076,"flow_dst_tot_l4_payload_len":20131,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40164,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully Encrypted Flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1725100298257324,"flow_src_last_pkt_time":1725100298432715,"flow_dst_last_pkt_time":1725100298432675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":636,"flow_dst_max_l4_payload_len":7428,"flow_src_tot_l4_payload_len":1076,"flow_dst_tot_l4_payload_len":20131,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40164,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":12,"flow_first_seen":1725100298253624,"flow_src_last_pkt_time":1725100298407018,"flow_dst_last_pkt_time":1725100298407002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":9887,"flow_src_tot_l4_payload_len":847,"flow_dst_tot_l4_payload_len":18427,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44424,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
01080{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":21,"flow_first_seen":1725100298310198,"flow_src_last_pkt_time":1725100298432922,"flow_dst_last_pkt_time":1725100298432653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6040,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":31703,"midstream":0,"thread_ts_usec":1725100298432922,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4002:416::200e","src_port":45334,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}}
-00881{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":73601,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725100298432922}
+00881{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__shadowsocks-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":73601,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725100298432922}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 100/100
~~ skipped flows.............: 0
@@ -44,9 +44,9 @@
~~ total active/idle flows...: 4/4
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7652065 bytes
-~~ total memory freed........: 7652065 bytes
-~~ total allocations/frees...: 126024/126024
+~~ total memory allocated....: 8589336 bytes
+~~ total memory freed........: 8589336 bytes
+~~ total allocations/frees...: 144886/144886
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 587 chars
~~ json message max len.......: 2223 chars
diff --git a/test/results/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out b/test/results/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out
index 7cd0aebc0..9fb79db60 100644
--- a/test/results/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out
+++ b/test/results/tls_heuristics_enabled/tls_heur__trojan-tcp-tls.pcapng.out
@@ -1,5 +1,5 @@
-00646{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00867{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725367999181087}
+00646{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00867{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725367999181087}
00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725367999181087,"flow_src_last_pkt_time":1725367999181087,"flow_dst_last_pkt_time":1725367999181087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999181087,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":60654,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725367999181087,"flow_dst_last_pkt_time":1725367999181087,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725367999181087,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADzyHEAAQAZKnX8AAAF\/AAAB7O4EOOE3LPkAAAAAoAL\/1\/4wAAACBP\/XBAIICrEoZggAAAAAAQMDBw=="}
00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725367999181087,"flow_dst_last_pkt_time":1725367999181104,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725367999181104,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDjs7jONTa3hNyz6oBL\/y\/4wAAACBP\/XBAIICrEoZgixKGYIAQMDBw=="}
@@ -9,21 +9,21 @@
00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725367999181087,"flow_src_last_pkt_time":1725367999181167,"flow_dst_last_pkt_time":1725367999182460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1725367999182460,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":60654,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725367999183111,"flow_src_last_pkt_time":1725367999183111,"flow_dst_last_pkt_time":1725367999183111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999183111,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":52786,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1725367999183111,"flow_dst_last_pkt_time":1725367999183111,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725367999183111,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEgCBkAAQBE6aX8AAAF\/AAA1zjIANQA0\/nu+eQEgAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAABAAEAACkEsAAAAAAAAA=="}
-01112{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725367999183111,"flow_src_last_pkt_time":1725367999183111,"flow_dst_last_pkt_time":1725367999183111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999183111,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":52786,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
+01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725367999183111,"flow_src_last_pkt_time":1725367999183111,"flow_dst_last_pkt_time":1725367999183111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999183111,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":52786,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1725367999183131,"flow_dst_last_pkt_time":1725367999183111,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725367999183131,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEgCB0AAQBE6aH8AAAF\/AAA1zjIANQA0\/nsqewEgAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAEAACkEsAAAAAAAAA=="}
-01246{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1725367999183111,"flow_src_last_pkt_time":1725367999183131,"flow_dst_last_pkt_time":1725367999183111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999183131,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":52786,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}}
+01240{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1725367999183111,"flow_src_last_pkt_time":1725367999183131,"flow_dst_last_pkt_time":1725367999183111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999183131,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":52786,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00812{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725367999183433,"flow_src_last_pkt_time":1725367999183433,"flow_dst_last_pkt_time":1725367999183433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999183433,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":46451,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1725367999183433,"flow_dst_last_pkt_time":1725367999183433,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725367999183433,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAAEimRgAAQBFPWsCoAbfAqAH9tXMANQA0hUp6qwEAAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAABAAEAACkFwAAAAAAAAA=="}
-01120{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725367999183433,"flow_src_last_pkt_time":1725367999183433,"flow_dst_last_pkt_time":1725367999183433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999183433,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":46451,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
+01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725367999183433,"flow_src_last_pkt_time":1725367999183433,"flow_dst_last_pkt_time":1725367999183433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999183433,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":46451,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00812{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725367999187954,"flow_src_last_pkt_time":1725367999187954,"flow_dst_last_pkt_time":1725367999187954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999187954,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":54260,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1725367999187954,"flow_dst_last_pkt_time":1725367999187954,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725367999187954,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAAEjgmQAAQBEVB8CoAbfAqAH90\/QANQA0hUqvmwEAAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAEAACkFwAAAAAAAAA=="}
-01121{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725367999187954,"flow_src_last_pkt_time":1725367999187954,"flow_dst_last_pkt_time":1725367999187954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999187954,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":54260,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}}
+01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725367999187954,"flow_src_last_pkt_time":1725367999187954,"flow_dst_last_pkt_time":1725367999187954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999187954,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":54260,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}}
01043{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1725367999183433,"flow_dst_last_pkt_time":1725367999215826,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":413,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":413,"pkt_l4_len":377,"thread_ts_usec":1725367999215826,"pkt":"AAAAAQAG3KYyW3JVAAAIAEUAAY1SakAAQBFh8cCoAf3AqAG3ADW1cwF5sn56q4GAAAEACAAAAAEDd3d3B3lvdXR1YmUDY29tAAABAAEDd3d3B3lvdXR1YmUDY29tAAAFAAEAAADfABkKeW91dHViZS11aQFsBmdvb2dsZQNjb20ACnlvdXR1YmUtdWkBbAZnb29nbGUDY29tAAABAAEAAADfAASO+rSOCnlvdXR1YmUtdWkBbAZnb29nbGUDY29tAAABAAEAAADfAASO+9EOCnlvdXR1YmUtdWkBbAZnb29nbGUDY29tAAABAAEAAADfAASO+rSuCnlvdXR1YmUtdWkBbAZnb29nbGUDY29tAAABAAEAAADfAASO+9EuCnlvdXR1YmUtdWkBbAZnb29nbGUDY29tAAABAAEAAADfAATYOs0uCnlvdXR1YmUtdWkBbAZnb29nbGUDY29tAAABAAEAAADfAATYOszuCnlvdXR1YmUtdWkBbAZnb29nbGUDY29tAAABAAEAAADfAATYOsyOAAApBNAAAAAAAAA="}
-01233{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999183433,"flow_src_last_pkt_time":1725367999183433,"flow_dst_last_pkt_time":1725367999215826,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":369,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":369,"midstream":0,"thread_ts_usec":1725367999215826,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":46451,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["142.250.180.142,ttl=223","142.251.209.14,ttl=223","142.250.180.174,ttl=223","142.251.209.46,ttl=223"]}}}
+01228{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999183433,"flow_src_last_pkt_time":1725367999183433,"flow_dst_last_pkt_time":1725367999215826,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":369,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":369,"midstream":0,"thread_ts_usec":1725367999215826,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":46451,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["142.250.180.142,ttl=223","142.251.209.14,ttl=223","142.250.180.174,ttl=223","142.251.209.46,ttl=223"]}}}
00951{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1725367999187954,"flow_dst_last_pkt_time":1725367999216106,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":344,"pkt_l4_len":308,"thread_ts_usec":1725367999216106,"pkt":"AAAAAQAG3KYyW3JVAAAIAEUAAUhSa0AAQBFiNcCoAf3AqAG3ADXT9AE0aXKvm4GAAAEABQAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAEDd3d3B3lvdXR1YmUDY29tAAAFAAEAAAB3ABkKeW91dHViZS11aQFsBmdvb2dsZQNjb20ACnlvdXR1YmUtdWkBbAZnb29nbGUDY29tAAAcAAEAAAB3ABAqABRQQAIEEQAAAAAAACAOCnlvdXR1YmUtdWkBbAZnb29nbGUDY29tAAAcAAEAAAB3ABAqABRQQAIEAgAAAAAAACAOCnlvdXR1YmUtdWkBbAZnb29nbGUDY29tAAAcAAEAAAB3ABAqABRQQAIEAwAAAAAAACAOCnlvdXR1YmUtdWkBbAZnb29nbGUDY29tAAAcAAEAAAB3ABAqABRQQAIEEAAAAAAAACAOAAApBNAAAAAAAAA="}
-01273{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999187954,"flow_src_last_pkt_time":1725367999187954,"flow_dst_last_pkt_time":1725367999216106,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":300,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":300,"midstream":0,"thread_ts_usec":1725367999216106,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":54260,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":6,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr": ["2a00:1450:4002:411::200e,ttl=119","2a00:1450:4002:402::200e,ttl=119","2a00:1450:4002:403::200e,ttl=119","2a00:1450:4002:410::200e,ttl=119"]}}}
+01268{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999187954,"flow_src_last_pkt_time":1725367999187954,"flow_dst_last_pkt_time":1725367999216106,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":300,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":300,"midstream":0,"thread_ts_usec":1725367999216106,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":54260,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":6,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr": ["2a00:1450:4002:411::200e,ttl=119","2a00:1450:4002:402::200e,ttl=119","2a00:1450:4002:403::200e,ttl=119","2a00:1450:4002:410::200e,ttl=119"]}}}
00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1725367999183131,"flow_dst_last_pkt_time":1725367999216307,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":234,"pkt_l4_len":198,"thread_ts_usec":1725367999216307,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAANo1i0AAARFFUn8AADV\/AAABADXOMgDG\/w2+eYGAAAEACAAAAAEDd3d3B3lvdXR1YmUDY29tAAABAAHADAAFAAEAAADfABYKeW91dHViZS11aQFsBmdvb2dsZcAYwC0AAQABAAAA3wAEjvq0jsAtAAEAAQAAAN8ABI770Q7ALQABAAEAAADfAASO+rSuwC0AAQABAAAA3wAEjvvRLsAtAAEAAQAAAN8ABNg6zS7ALQABAAEAAADfAATYOszuwC0AAQABAAAA3wAE2DrMjgAAKf\/WAAAAAAAA"}
-01227{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1725367999183111,"flow_src_last_pkt_time":1725367999183131,"flow_dst_last_pkt_time":1725367999216307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":190,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":190,"midstream":0,"thread_ts_usec":1725367999216307,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":52786,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":9,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr": ["142.250.180.142,ttl=223","142.251.209.14,ttl=223","142.250.180.174,ttl=223","142.251.209.46,ttl=223"]}}}
+01221{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1725367999183111,"flow_src_last_pkt_time":1725367999183131,"flow_dst_last_pkt_time":1725367999216307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":190,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":190,"midstream":0,"thread_ts_usec":1725367999216307,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":52786,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["142.250.180.142,ttl=223","142.251.209.14,ttl=223","142.250.180.174,ttl=223","142.251.209.46,ttl=223"]}}}
00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1725367999183131,"flow_dst_last_pkt_time":1725367999216536,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":234,"pkt_l4_len":198,"thread_ts_usec":1725367999216536,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAANo1jEAAARFFUX8AADV\/AAABADXOMgDG\/w0qe4GAAAEABQAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAHADAAFAAEAAAB3ABYKeW91dHViZS11aQFsBmdvb2dsZcAYwC0AHAABAAAAdwAQKgAUUEACBBEAAAAAAAAgDsAtABwAAQAAAHcAECoAFFBAAgQCAAAAAAAAIA7ALQAcAAEAAAB3ABAqABRQQAIEAwAAAAAAACAOwC0AHAABAAAAdwAQKgAUUEACBBAAAAAAAAAgDgAAKf\/WAAAAAAAA"}
00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725367999227781,"flow_src_last_pkt_time":1725367999227781,"flow_dst_last_pkt_time":1725367999227781,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725367999227781,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":53154,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1725367999227781,"flow_dst_last_pkt_time":1725367999227781,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_usec":1725367999227781,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEHfN0AAQBFdPn8AAAF\/AAA1z6IANQAt\/nTjvAEgAAEAAAAAAAEEdGVzdANsYW4AAAEAAQAAKQTQAAAAAAAA"}
@@ -62,17 +62,17 @@
00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1725367999289505,"flow_dst_last_pkt_time":1725367999291862,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725367999291862,"pkt":"AAAAAQAGILAB4IZiAAAIAEWAADSCqgAAega3sY76tI7AqAG3AbvlauLwuUYTRcB\/gBABBZgZAAABAQgKNL9Hm\/UADzk="}
01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725367999286453,"flow_src_last_pkt_time":1725367999289505,"flow_dst_last_pkt_time":1725367999309030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1725367999309030,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":58730,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
02179{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1725367999286453,"flow_src_last_pkt_time":1725367999398999,"flow_dst_last_pkt_time":1725367999398966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":12908,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":58730,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":22,"avg":7260.0,"max":70369,"stddev":15439.7,"var":238384560.0,"ent":3.0,"data": [2680,2720,332,2729,17168,19575,50,34,34,27,27,25,25,22,8415,468,11244,2981,2278,5685,46101,70369,31667,78,33,33,33,33,80,80,33]},"pktlen": {"min":52,"avg":481.5,"max":1452,"stddev":599.8,"var":359742.8,"ent":3.9,"data": [60,60,52,569,52,1452,52,1452,52,1452,52,1452,52,1053,52,132,245,700,83,83,52,52,1452,52,80,52,1452,52,1452,52,1452,52]},"bins": {"c_to_s": [14,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.560013294,5.154205322,4.948144436,4.755980968,4.948144436,7.827642918,4.832759857,7.843367100,4.871221066,7.869987488,4.818243027,7.874095440,4.832759380,7.816403389,4.818242550,6.232886791,6.951427460,7.683448792,5.618761063,5.537375927,4.909682751,4.909683228,7.868943691,4.909682751,5.617374897,4.909682751,7.869823933,4.909682751,7.884392262,4.909682751,7.861354828,4.830034733]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
-01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999183433,"flow_src_last_pkt_time":1725367999183433,"flow_dst_last_pkt_time":1725367999215826,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":369,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":369,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":46451,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
+01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999183433,"flow_src_last_pkt_time":1725367999183433,"flow_dst_last_pkt_time":1725367999215826,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":369,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":369,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":46451,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
01047{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1725367999286453,"flow_src_last_pkt_time":1725367999398999,"flow_dst_last_pkt_time":1725367999398966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":12908,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":58730,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}}
-01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999187954,"flow_src_last_pkt_time":1725367999187954,"flow_dst_last_pkt_time":1725367999216106,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":300,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":300,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":54260,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
+01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999187954,"flow_src_last_pkt_time":1725367999187954,"flow_dst_last_pkt_time":1725367999216106,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":300,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":300,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":54260,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":12,"flow_first_seen":1725367999229171,"flow_src_last_pkt_time":1725367999367040,"flow_dst_last_pkt_time":1725367999322792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":607,"flow_dst_max_l4_payload_len":2070,"flow_src_tot_l4_payload_len":1341,"flow_dst_tot_l4_payload_len":8560,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":41796,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725367999183111,"flow_src_last_pkt_time":1725367999183131,"flow_dst_last_pkt_time":1725367999216536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":190,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":380,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":52786,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
+01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725367999183111,"flow_src_last_pkt_time":1725367999183131,"flow_dst_last_pkt_time":1725367999216536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":190,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":380,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":52786,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
01132{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999227781,"flow_src_last_pkt_time":1725367999227781,"flow_dst_last_pkt_time":1725367999228836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":53154,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}}
01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999227781,"flow_src_last_pkt_time":1725367999227781,"flow_dst_last_pkt_time":1725367999229017,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":37,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":56496,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}}
01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999228105,"flow_src_last_pkt_time":1725367999228105,"flow_dst_last_pkt_time":1725367999228906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":37,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":38613,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}}
01139{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725367999227989,"flow_src_last_pkt_time":1725367999227989,"flow_dst_last_pkt_time":1725367999228682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":39434,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}}
01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":10,"flow_first_seen":1725367999181087,"flow_src_last_pkt_time":1725367999367164,"flow_dst_last_pkt_time":1725367999322863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":7292,"midstream":0,"thread_ts_usec":1725367999398999,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":60654,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
-00884{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1725367999398999}
+00884{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__trojan-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":33310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":75,"global_ts_usec":1725367999398999}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 100/100
~~ skipped flows.............: 0
@@ -81,9 +81,9 @@
~~ total active/idle flows...: 10/10
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7646472 bytes
-~~ total memory freed........: 7646472 bytes
-~~ total allocations/frees...: 126101/126101
+~~ total memory allocated....: 8583791 bytes
+~~ total memory freed........: 8583791 bytes
+~~ total allocations/frees...: 144963/144963
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 586 chars
~~ json message max len.......: 2184 chars
diff --git a/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out b/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out
index abf675c3a..f59364fc8 100644
--- a/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out
+++ b/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp-tls.pcapng.out
@@ -1,5 +1,5 @@
-00645{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00866{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725132050807636}
+00645{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00866{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725132050807636}
00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050807636,"flow_src_last_pkt_time":1725132050807636,"flow_dst_last_pkt_time":1725132050807636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050807636,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40136,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050807636,"flow_dst_last_pkt_time":1725132050807636,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050807636,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwowkAAQAYT+H8AAAF\/AAABnMgEOHy9vSYAAAAAoAL68P4wAAACBAW0BAIICoRbnDUAAAAAAQMDBw=="}
00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050807636,"flow_dst_last_pkt_time":1725132050807653,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050807653,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDicyAJPxIx8vb0noBL+iP4wAAACBAW0BAIICoRbnDWEW5w1AQMDBw=="}
@@ -9,21 +9,21 @@
00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725132050807636,"flow_src_last_pkt_time":1725132050807747,"flow_dst_last_pkt_time":1725132050808089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1725132050808089,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40136,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050809269,"flow_src_last_pkt_time":1725132050809269,"flow_dst_last_pkt_time":1725132050809269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050809269,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":46548,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050809269,"flow_dst_last_pkt_time":1725132050809269,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725132050809269,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEg2zUAAQBEFon8AAAF\/AAA1tdQANQA0\/nvt0QEgAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAABAAEAACkEsAAAAAAAAA=="}
-01111{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050809269,"flow_src_last_pkt_time":1725132050809269,"flow_dst_last_pkt_time":1725132050809269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050809269,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":46548,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
+01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050809269,"flow_src_last_pkt_time":1725132050809269,"flow_dst_last_pkt_time":1725132050809269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050809269,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":46548,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050809288,"flow_dst_last_pkt_time":1725132050809269,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725132050809288,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEg2zkAAQBEFoX8AAAF\/AAA1tdQANQA0\/ntG1QEgAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAEAACkEsAAAAAAAAA=="}
-01245{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1725132050809269,"flow_src_last_pkt_time":1725132050809288,"flow_dst_last_pkt_time":1725132050809269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050809288,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":46548,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}}
+01239{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1725132050809269,"flow_src_last_pkt_time":1725132050809288,"flow_dst_last_pkt_time":1725132050809269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050809288,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":46548,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00811{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050809501,"flow_src_last_pkt_time":1725132050809501,"flow_dst_last_pkt_time":1725132050809501,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050809501,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":49817,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050809501,"flow_dst_last_pkt_time":1725132050809501,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725132050809501,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAAEhwxQAAQBGE28CoAbfAqAH9wpkANQA0hUrEigEAAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAABAAEAACkFwAAAAAAAAA=="}
-01119{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050809501,"flow_src_last_pkt_time":1725132050809501,"flow_dst_last_pkt_time":1725132050809501,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050809501,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":49817,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
+01114{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050809501,"flow_src_last_pkt_time":1725132050809501,"flow_dst_last_pkt_time":1725132050809501,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050809501,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":49817,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00811{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050809672,"flow_src_last_pkt_time":1725132050809672,"flow_dst_last_pkt_time":1725132050809672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050809672,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":41933,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050809672,"flow_dst_last_pkt_time":1725132050809672,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725132050809672,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAAEhbqgAAQBGZ9sCoAbfAqAH9o80ANQA0hUqLXAEAAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAEAACkFwAAAAAAAAA=="}
-01120{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050809672,"flow_src_last_pkt_time":1725132050809672,"flow_dst_last_pkt_time":1725132050809672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050809672,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":41933,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}}
+01115{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050809672,"flow_src_last_pkt_time":1725132050809672,"flow_dst_last_pkt_time":1725132050809672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050809672,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":41933,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}}
00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050809501,"flow_dst_last_pkt_time":1725132050810429,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":253,"pkt_l4_len":217,"thread_ts_usec":1725132050810429,"pkt":"AAAAAQAG3KYyW3JVAAAIAEUAAO1doUAAQBFXWsCoAf3AqAG3ADXCmQDZ+UbEioGAAAEACQAAAAEDd3d3B3lvdXR1YmUDY29tAAABAAHADAAFAAEAAADaABkKeW91dHViZS11aQFsBmdvb2dsZQNjb20AwC0AAQABAAAAvQAE2DrMjsAtAAEAAQAAAL0ABNg6zO7ALQABAAEAAAC9AATYOs0uwC0AAQABAAAAvQAEjvq0rsAtAAEAAQAAAL0ABNg60S7ALQABAAEAAAC9AASO+9EuwC0AAQABAAAAvQAEjvvRDsAtAAEAAQAAAL0ABI76tI4AACkE0AAAAAAAAA=="}
-01231{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809501,"flow_src_last_pkt_time":1725132050809501,"flow_dst_last_pkt_time":1725132050810429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":209,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":209,"midstream":0,"thread_ts_usec":1725132050810429,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":49817,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["216.58.204.142,ttl=189","216.58.204.238,ttl=189","216.58.205.46,ttl=189","142.250.180.174,ttl=189"]}}}
+01226{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809501,"flow_src_last_pkt_time":1725132050809501,"flow_dst_last_pkt_time":1725132050810429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":209,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":209,"midstream":0,"thread_ts_usec":1725132050810429,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":49817,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["216.58.204.142,ttl=189","216.58.204.238,ttl=189","216.58.205.46,ttl=189","142.250.180.174,ttl=189"]}}}
00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050809672,"flow_dst_last_pkt_time":1725132050810814,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":237,"pkt_l4_len":201,"thread_ts_usec":1725132050810814,"pkt":"AAAAAQAG3KYyW3JVAAAIAEUAAN1dokAAQBFXacCoAf3AqAG3ADWjzQDJi4WLXIGAAAEABQAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAHADAAFAAEAAADaABkKeW91dHViZS11aQFsBmdvb2dsZQNjb20AwC0AHAABAAAA2gAQKgAUUEACBBAAAAAAAAAgDsAtABwAAQAAANoAECoAFFBAAgQRAAAAAAAAIA7ALQAcAAEAAADaABAqABRQQAIEFAAAAAAAACAOwC0AHAABAAAA2gAQKgAUUEACCAkAAAAAAAAgDgAAKQTQAAAAAAAA"}
-01272{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809672,"flow_src_last_pkt_time":1725132050809672,"flow_dst_last_pkt_time":1725132050810814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":193,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":193,"midstream":0,"thread_ts_usec":1725132050810814,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":41933,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":6,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr": ["2a00:1450:4002:410::200e,ttl=218","2a00:1450:4002:411::200e,ttl=218","2a00:1450:4002:414::200e,ttl=218","2a00:1450:4002:809::200e,ttl=218"]}}}
+01267{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809672,"flow_src_last_pkt_time":1725132050809672,"flow_dst_last_pkt_time":1725132050810814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":193,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":193,"midstream":0,"thread_ts_usec":1725132050810814,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":41933,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":6,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr": ["2a00:1450:4002:410::200e,ttl=218","2a00:1450:4002:411::200e,ttl=218","2a00:1450:4002:414::200e,ttl=218","2a00:1450:4002:809::200e,ttl=218"]}}}
00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1725132050809288,"flow_dst_last_pkt_time":1725132050810818,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":250,"pkt_l4_len":214,"thread_ts_usec":1725132050810818,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAOr\/ZEAAARF7aH8AADV\/AAABADW11ADW\/x3t0YGAAAEACQAAAAEDd3d3B3lvdXR1YmUDY29tAAABAAHADAAFAAEAAADaABYKeW91dHViZS11aQFsBmdvb2dsZcAYwC0AAQABAAAAvQAE2DrMjsAtAAEAAQAAAL0ABNg6zO7ALQABAAEAAAC9AATYOs0uwC0AAQABAAAAvQAEjvq0rsAtAAEAAQAAAL0ABNg60S7ALQABAAEAAAC9AASO+9EuwC0AAQABAAAAvQAEjvvRDsAtAAEAAQAAAL0ABI76tI4AACn\/1gAAAAAAAA=="}
-01225{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809269,"flow_src_last_pkt_time":1725132050809288,"flow_dst_last_pkt_time":1725132050810818,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1725132050810818,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":46548,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr": ["216.58.204.142,ttl=189","216.58.204.238,ttl=189","216.58.205.46,ttl=189","142.250.180.174,ttl=189"]}}}
+01219{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809269,"flow_src_last_pkt_time":1725132050809288,"flow_dst_last_pkt_time":1725132050810818,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1725132050810818,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":46548,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["216.58.204.142,ttl=189","216.58.204.238,ttl=189","216.58.205.46,ttl=189","142.250.180.174,ttl=189"]}}}
00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1725132050809288,"flow_dst_last_pkt_time":1725132050810967,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":234,"pkt_l4_len":198,"thread_ts_usec":1725132050810967,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAANr\/ZUAAARF7d38AADV\/AAABADW11ADG\/w1G1YGAAAEABQAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAHADAAFAAEAAADaABYKeW91dHViZS11aQFsBmdvb2dsZcAYwC0AHAABAAAA2gAQKgAUUEACBBAAAAAAAAAgDsAtABwAAQAAANoAECoAFFBAAgQRAAAAAAAAIA7ALQAcAAEAAADaABAqABRQQAIEFAAAAAAAACAOwC0AHAABAAAA2gAQKgAUUEACCAkAAAAAAAAgDgAAKf\/WAAAAAAAA"}
00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050813050,"flow_src_last_pkt_time":1725132050813050,"flow_dst_last_pkt_time":1725132050813050,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050813050,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":50125,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050813050,"flow_dst_last_pkt_time":1725132050813050,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_usec":1725132050813050,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEF6yEAAQBHBrX8AAAF\/AAA1w80ANQAt\/nTqbwEgAAEAAAAAAAEEdGVzdANsYW4AABwAAQAAKQTQAAAAAAAA"}
@@ -61,17 +61,17 @@
01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725132050873451,"flow_src_last_pkt_time":1725132050876814,"flow_dst_last_pkt_time":1725132050876326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050876814,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"216.58.204.142","src_port":58612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1725132050876814,"flow_dst_last_pkt_time":1725132050879524,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725132050879524,"pkt":"AAAAAQAGILAB4IZiAAAIAEWAADRY\/wAAegaAHNg6zI7AqAG3Abvk9JZ2W3+2QpIngBABBaL9AAABAQgKNi2PgTq0Sh8="}
01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725132050873451,"flow_src_last_pkt_time":1725132050876814,"flow_dst_last_pkt_time":1725132050895591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6600,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":6600,"midstream":0,"thread_ts_usec":1725132050895591,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"216.58.204.142","src_port":58612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
-01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809501,"flow_src_last_pkt_time":1725132050809501,"flow_dst_last_pkt_time":1725132050810429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":209,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":209,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":49817,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
+01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809501,"flow_src_last_pkt_time":1725132050809501,"flow_dst_last_pkt_time":1725132050810429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":209,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":209,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":49817,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":11,"flow_first_seen":1725132050807636,"flow_src_last_pkt_time":1725132050944716,"flow_dst_last_pkt_time":1725132050904186,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2544,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":7291,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40136,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
01131{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050813192,"flow_src_last_pkt_time":1725132050813192,"flow_dst_last_pkt_time":1725132050816780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":45262,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}}
01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050813406,"flow_src_last_pkt_time":1725132050813406,"flow_dst_last_pkt_time":1725132050813923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":37,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":58009,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}}
-01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725132050809269,"flow_src_last_pkt_time":1725132050809288,"flow_dst_last_pkt_time":1725132050810967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":396,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":46548,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
+01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725132050809269,"flow_src_last_pkt_time":1725132050809288,"flow_dst_last_pkt_time":1725132050810967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":396,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":46548,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050813050,"flow_src_last_pkt_time":1725132050813050,"flow_dst_last_pkt_time":1725132050816698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":37,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":50125,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}}
01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":15,"flow_first_seen":1725132050873451,"flow_src_last_pkt_time":1725132050978296,"flow_dst_last_pkt_time":1725132050978347,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6600,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":18386,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"216.58.204.142","src_port":58612,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1725132050816926,"flow_src_last_pkt_time":1725132050978467,"flow_dst_last_pkt_time":1725132050978462,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":2070,"flow_src_tot_l4_payload_len":1405,"flow_dst_tot_l4_payload_len":10691,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57874,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809672,"flow_src_last_pkt_time":1725132050809672,"flow_dst_last_pkt_time":1725132050810814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":193,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":193,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":41933,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
+01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809672,"flow_src_last_pkt_time":1725132050809672,"flow_dst_last_pkt_time":1725132050810814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":193,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":193,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":41933,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
01138{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050813503,"flow_src_last_pkt_time":1725132050813503,"flow_dst_last_pkt_time":1725132050814218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":42485,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}}
-00883{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1725132050978467}
+00883{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1725132050978467}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 100/100
~~ skipped flows.............: 0
@@ -80,9 +80,9 @@
~~ total active/idle flows...: 10/10
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7718618 bytes
-~~ total memory freed........: 7718618 bytes
-~~ total allocations/frees...: 126104/126104
+~~ total memory allocated....: 8655937 bytes
+~~ total memory freed........: 8655937 bytes
+~~ total allocations/frees...: 144966/144966
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 586 chars
~~ json message max len.......: 1394 chars
diff --git a/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out b/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out
index 6cdd01df3..f88873245 100644
--- a/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out
+++ b/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out
@@ -1,5 +1,5 @@
-00641{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725108604542518}
+00641{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725108604542518}
00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725108604542518,"flow_src_last_pkt_time":1725108604542518,"flow_dst_last_pkt_time":1725108604542518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108604542518,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37218,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725108604542518,"flow_dst_last_pkt_time":1725108604542518,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725108604542518,"pkt":"AAADBAAGAAAAAAAAClUIAEUAADwueUAAQAYOQX8AAAF\/AAABkWIEOC0ia0MAAAAAoAL\/1\/4wAAACBP\/XBAIICoL13hcAAAAAAQMDBw=="}
00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725108604542518,"flow_dst_last_pkt_time":1725108604542542,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725108604542542,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDiRYncsq\/stImtEoBL\/y\/4wAAACBP\/XBAIICoL13heC9d4XAQMDBw=="}
@@ -9,11 +9,11 @@
00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725108604542518,"flow_src_last_pkt_time":1725108604542632,"flow_dst_last_pkt_time":1725108604543203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1725108604543203,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37218,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725108604543910,"flow_src_last_pkt_time":1725108604543910,"flow_dst_last_pkt_time":1725108604543910,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108604543910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":35957,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1725108604543910,"flow_dst_last_pkt_time":1725108604543910,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725108604543910,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEgVJkAAQBEnSX8AAAF\/AAA1jHUANQA0\/nvdIwEgAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAABAAEAACkEsAAAAAAAAA=="}
-01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725108604543910,"flow_src_last_pkt_time":1725108604543910,"flow_dst_last_pkt_time":1725108604543910,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108604543910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":35957,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
+01102{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725108604543910,"flow_src_last_pkt_time":1725108604543910,"flow_dst_last_pkt_time":1725108604543910,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108604543910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":35957,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1725108604543926,"flow_dst_last_pkt_time":1725108604543910,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725108604543926,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEgVJ0AAQBEnSH8AAAF\/AAA1jHUANQA0\/nvRJgEgAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAEAACkEsAAAAAAAAA=="}
-01241{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1725108604543910,"flow_src_last_pkt_time":1725108604543926,"flow_dst_last_pkt_time":1725108604543910,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108604543926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":35957,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}}
+01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1725108604543910,"flow_src_last_pkt_time":1725108604543926,"flow_dst_last_pkt_time":1725108604543910,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108604543926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":35957,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1725108604543926,"flow_dst_last_pkt_time":1725108604544468,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":490,"pkt_l4_len":454,"thread_ts_usec":1725108604544468,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAdo9I0AAARE8un8AADV\/AAABADWMdQHGAA7dI4GAAAEAEQAAAAUDd3d3B3lvdXR1YmUDY29tAAABAAHADAAFAAEAAAAOABYKeW91dHViZS11aQFsBmdvb2dsZcAYwC0AAQABAAAADgAErNkSLsAtAAEAAQAAAA4ABI77Jc7ALQABAAEAAAAOAASO+yUuwC0AAQABAAAADgAE2DrUbsAtAAEAAQAAAA4ABKzZEy7ALQABAAEAAAAOAASO+sjOwC0AAQABAAAADgAErNkVDsAtAAEAAQAAAA4ABKzZEu7ALQABAAEAAAAOAASs2avuwC0AAQABAAAADgAEjvrI7sAtAAEAAQAAAA4ABI76yQ7ALQABAAEAAAAOAASO+yXuwC0AAQABAAAADgAEjvrJLsAtAAEAAQAAAA4ABKzZE47ALQABAAEAAAAOAASO+svuwC0AAQABAAAADgAEjvslrsAtABwAAQAAAA4AECoAFFBABggNAAAAAAAAIA7ALQAcAAEAAAAOABAqABRQQAYIDgAAAAAAACAOwC0AHAABAAAADgAQKgAUUEAGCAYAAAAAAAAgDsAtABwAAQAAAA4AECoAFFBABggMAAAAAAAAIA4AACn\/1gAAAAAAAA=="}
-01215{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1725108604543910,"flow_src_last_pkt_time":1725108604543926,"flow_dst_last_pkt_time":1725108604544468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":446,"midstream":0,"thread_ts_usec":1725108604544468,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":35957,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":22,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr": ["172.217.18.46,ttl=14","142.251.37.206,ttl=14","142.251.37.46,ttl=14","216.58.212.110,ttl=14"]}}}
+01209{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1725108604543910,"flow_src_last_pkt_time":1725108604543926,"flow_dst_last_pkt_time":1725108604544468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":446,"midstream":0,"thread_ts_usec":1725108604544468,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":35957,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":22,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["172.217.18.46,ttl=14","142.251.37.206,ttl=14","142.251.37.46,ttl=14","216.58.212.110,ttl=14"]}}}
00801{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1725108604543926,"flow_dst_last_pkt_time":1725108604544652,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":234,"pkt_l4_len":198,"thread_ts_usec":1725108604544652,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAANo9JEAAARE9uX8AADV\/AAABADWMdQDG\/w3RJoGAAAEABQAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAHADAAFAAEAAAAOABYKeW91dHViZS11aQFsBmdvb2dsZcAYwC0AHAABAAAADgAQKgAUUEAGCA0AAAAAAAAgDsAtABwAAQAAAA4AECoAFFBABggOAAAAAAAAIA7ALQAcAAEAAAAOABAqABRQQAYIDAAAAAAAACAOwC0AHAABAAAADgAQKgAUUEAGCAYAAAAAAAAgDgAAKf\/WAAAAAAAA"}
00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725108604546168,"flow_src_last_pkt_time":1725108604546168,"flow_dst_last_pkt_time":1725108604546168,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108604546168,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40818,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1725108604546168,"flow_dst_last_pkt_time":1725108604546168,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725108604546168,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADzAV0AAQAZ8Yn8AAAF\/AAABn3IE0qMX\/XsAAAAAoAL\/1\/4wAAACBP\/XBAIICoL13hsAAAAAAQMDBw=="}
@@ -30,12 +30,12 @@
01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606682993,"flow_dst_last_pkt_time":1725108606682534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108606682993,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606682993,"flow_dst_last_pkt_time":1725108606707789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1725108606707789,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
02231{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":87,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606811390,"flow_dst_last_pkt_time":1725108606811354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":17178,"midstream":0,"thread_ts_usec":1725108606811390,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":140796.1,"max":2053502,"stddev":429032.8,"var":184069177344.0,"ent":1.9,"data": [1019825,1024027,2053502,9703,406,10463,14792,0,24842,18,170,0,116,29,3354,490,13422,1,9609,1757,11412,77711,1,0,87369,366,324,304,298,178,191]},"pktlen": {"min":72,"avg":635.5,"max":2488,"stddev":846.4,"var":716345.8,"ent":3.9,"data": [80,80,80,80,72,589,72,2488,1280,72,72,1280,1840,72,72,152,202,720,103,135,103,72,1280,307,1280,72,2488,72,2488,72,2488,72]},"bins": {"c_to_s": [13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,5]},"directions": [0,0,0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,1,1,0,0,1,1,1,1,0,1,0,1,0,1,0],"entropies": [4.850302696,4.800302982,4.850302696,5.367949963,5.219669819,4.818557739,5.209185123,7.915221691,7.834231853,5.219669819,5.247447491,7.848894119,7.900642872,5.219669819,5.219669819,6.392518997,6.617354393,7.706577778,5.915785313,6.435108185,5.884278774,5.236962795,7.850246906,7.152086258,7.852072716,5.247447491,7.906479836,5.247447491,7.917565346,5.247447491,7.928373814,5.247447491]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
-01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725108604543910,"flow_src_last_pkt_time":1725108604543926,"flow_dst_last_pkt_time":1725108604544652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":636,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":35957,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
+01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725108604543910,"flow_src_last_pkt_time":1725108604543926,"flow_dst_last_pkt_time":1725108604544652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":636,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":35957,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1725108604542518,"flow_src_last_pkt_time":1725108606812524,"flow_dst_last_pkt_time":1725108606812503,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":7115,"flow_src_tot_l4_payload_len":847,"flow_dst_tot_l4_payload_len":18442,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37218,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
01027{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":16,"flow_first_seen":1725108604546168,"flow_src_last_pkt_time":1725108606812347,"flow_dst_last_pkt_time":1725108606812408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":681,"flow_dst_max_l4_payload_len":4726,"flow_src_tot_l4_payload_len":1234,"flow_dst_tot_l4_payload_len":19321,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40818,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully Encrypted Flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":16,"flow_first_seen":1725108604546168,"flow_src_last_pkt_time":1725108606812347,"flow_dst_last_pkt_time":1725108606812408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":681,"flow_dst_max_l4_payload_len":4726,"flow_src_tot_l4_payload_len":1234,"flow_dst_tot_l4_payload_len":19321,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40818,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
01074{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":18,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606831814,"flow_dst_last_pkt_time":1725108606831771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":20846,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}}
-00875{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62235,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725108606831814}
+00875{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62235,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725108606831814}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 100/100
~~ skipped flows.............: 0
@@ -44,9 +44,9 @@
~~ total active/idle flows...: 4/4
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7605608 bytes
-~~ total memory freed........: 7605608 bytes
-~~ total allocations/frees...: 126023/126023
+~~ total memory allocated....: 8542879 bytes
+~~ total memory freed........: 8542879 bytes
+~~ total allocations/frees...: 144885/144885
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 581 chars
~~ json message max len.......: 2236 chars
diff --git a/test/results/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out b/test/results/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out
index 49a75e193..81fb77879 100644
--- a/test/results/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out
+++ b/test/results/tls_heuristics_enabled/tls_heur__vmess-websocket.pcapng.out
@@ -1,5 +1,5 @@
-00647{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00868{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725278711295335}
+00647{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00868{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725278711295335}
00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725278711295335,"flow_src_last_pkt_time":1725278711295335,"flow_dst_last_pkt_time":1725278711295335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711295335,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44532,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725278711295335,"flow_dst_last_pkt_time":1725278711295335,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711295335,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwSqkAAQAYqEH8AAAF\/AAABrfQEOJ96Es4AAAAAoAL\/1\/4wAAACBP\/XBAIICtChiqgAAAAAAQMDBw=="}
00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725278711295335,"flow_dst_last_pkt_time":1725278711295427,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725278711295427,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDit9LL9yaKfehLPoBL\/y\/4wAAACBP\/XBAIICtChiqjQoYqoAQMDBw=="}
@@ -9,9 +9,9 @@
00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725278711295335,"flow_src_last_pkt_time":1725278711295526,"flow_dst_last_pkt_time":1725278711295915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1725278711295915,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44532,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725278711296937,"flow_src_last_pkt_time":1725278711296937,"flow_dst_last_pkt_time":1725278711296937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711296937,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":39646,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1725278711296937,"flow_dst_last_pkt_time":1725278711296937,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725278711296937,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEi6BEAAQBGCan8AAAF\/AAA1mt4ANQA0\/nuOygEgAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAABAAEAACkEsAAAAAAAAA=="}
-01113{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725278711296937,"flow_src_last_pkt_time":1725278711296937,"flow_dst_last_pkt_time":1725278711296937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711296937,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":39646,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
+01108{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725278711296937,"flow_src_last_pkt_time":1725278711296937,"flow_dst_last_pkt_time":1725278711296937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711296937,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":39646,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00978{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1725278711296937,"flow_dst_last_pkt_time":1725278711297510,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":362,"pkt_l4_len":326,"thread_ts_usec":1725278711297510,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAVrOWUAAARGsA38AADV\/AAABADWa3gFG\/42OyoGAAAEACQAAAAUDd3d3B3lvdXR1YmUDY29tAAABAAHADAAFAAEAAAEGABYKeW91dHViZS11aQFsBmdvb2dsZcAYwC0AAQABAAABEQAEjvq0jsAtAAEAAQAAAREABNg60S7ALQABAAEAAAERAASO+9EuwC0AAQABAAABEQAE2DrNLsAtAAEAAQAAAREABNg6zI7ALQABAAEAAAERAATYOszuwC0AAQABAAABEQAEjvvRDsAtAAEAAQAAAREABI76tK7ALQAcAAEAAAEGABAqABRQQAIEAgAAAAAAACAOwC0AHAABAAABBgAQKgAUUEACBBYAAAAAAAAgDsAtABwAAQAAAQYAECoAFFBAAgQDAAAAAAAAIA7ALQAcAAEAAAEGABAqABRQQAIEFQAAAAAAACAOAAAp\/9YAAAAAAAA="}
-01224{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725278711296937,"flow_src_last_pkt_time":1725278711296937,"flow_dst_last_pkt_time":1725278711297510,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":318,"midstream":0,"thread_ts_usec":1725278711297510,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":39646,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["142.250.180.142,ttl=273","216.58.209.46,ttl=273","142.251.209.46,ttl=273","216.58.205.46,ttl=273"]}}}
+01219{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725278711296937,"flow_src_last_pkt_time":1725278711296937,"flow_dst_last_pkt_time":1725278711297510,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":318,"midstream":0,"thread_ts_usec":1725278711297510,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":39646,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["142.250.180.142,ttl=273","216.58.209.46,ttl=273","142.251.209.46,ttl=273","216.58.205.46,ttl=273"]}}}
00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1725278711297554,"flow_dst_last_pkt_time":1725278711297510,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725278711297554,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEi6BUAAQBGCaX8AAAF\/AAA1mt4ANQA0\/nvGyQEgAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAEAACkEsAAAAAAAAA=="}
00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1725278711297554,"flow_dst_last_pkt_time":1725278711297705,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":234,"pkt_l4_len":198,"thread_ts_usec":1725278711297705,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAANrOWkAAARGsgn8AADV\/AAABADWa3gDG\/w3GyYGAAAEABQAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAHADAAFAAEAAAEGABYKeW91dHViZS11aQFsBmdvb2dsZcAYwC0AHAABAAABBgAQKgAUUEACBAIAAAAAAAAgDsAtABwAAQAAAQYAECoAFFBAAgQDAAAAAAAAIA7ALQAcAAEAAAEGABAqABRQQAIEFgAAAAAAACAOwC0AHAABAAABBgAQKgAUUEACBBUAAAAAAAAgDgAAKf\/WAAAAAAAA"}
00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725278711300968,"flow_src_last_pkt_time":1725278711300968,"flow_dst_last_pkt_time":1725278711300968,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725278711300968,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":33702,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
@@ -32,10 +32,10 @@
02461{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":86,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1725278711300968,"flow_src_last_pkt_time":1725278711469124,"flow_dst_last_pkt_time":1725278711469141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":699,"flow_dst_max_l4_payload_len":2052,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":18274,"midstream":0,"thread_ts_usec":1725278711469141,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":33702,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":10849.3,"max":81912,"stddev":22504.7,"var":506460032.0,"ent":2.8,"data": [13,20,321,335,139,158,52949,76203,23289,91,56,38,34,108,111,5407,8441,3526,701,41202,81912,40932,58,43,54,53,30,29,27,26,23]},"pktlen": {"min":52,"avg":665.1,"max":2104,"stddev":842.7,"var":710078.0,"ent":3.9,"data": [60,60,52,237,52,181,52,751,2104,52,2104,52,2104,52,723,52,406,753,144,123,52,2084,52,2046,52,2079,52,2043,52,2075,52,531]},"bins": {"c_to_s": [13,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.311033249,4.734919071,4.624013901,5.851198196,4.644789219,5.827358723,4.644789219,7.722790718,7.902339935,4.585552216,7.913048267,4.585552216,7.905004501,4.585552216,7.688803673,4.585552216,7.428673744,7.699780941,6.310562611,6.170208454,4.624013901,7.892062187,4.571035385,7.909559727,4.624013901,7.904311180,4.585552216,7.891872406,4.585552692,7.905772209,4.624013901,7.592932701]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebSocket","proto_id":"7.251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1"}}
02176{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":96,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1725278711295335,"flow_src_last_pkt_time":1725278711469489,"flow_dst_last_pkt_time":1725278711469627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3932,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":18380,"midstream":0,"thread_ts_usec":1725278711469627,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44532,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":11240.2,"max":82049,"stddev":21975.3,"var":482912224.0,"ent":3.1,"data": [92,113,78,106,382,425,4533,4672,44031,9418,77646,24339,284,267,4160,279,19,13,40,4612,3350,3674,624,41294,82049,41160,126,151,203,160,146]},"pktlen": {"min":52,"avg":653.0,"max":3984,"stddev":1237.6,"var":1531706.8,"ent":3.3,"data": [60,60,52,56,52,54,52,62,62,52,569,3984,52,2720,52,132,98,101,87,115,52,700,83,83,52,3984,52,3984,52,2428,52,901]},"bins": {"c_to_s": [13,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,1,0,0,0,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.311033249,4.747500420,4.638530731,4.549884796,4.638531208,4.628801823,4.600069046,4.733144760,4.497382641,4.600069046,4.669951916,7.947538853,4.676992416,7.920604706,4.600069046,6.167953491,5.851360321,5.834712982,5.660713673,6.112284660,4.676992416,7.680773735,5.506919861,5.521921158,4.676992416,7.956730843,4.561607838,7.954389572,4.561607361,7.916389942,4.561607838,7.802294254]},"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
01296{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":16,"flow_first_seen":1725278711300968,"flow_src_last_pkt_time":1725278711469193,"flow_dst_last_pkt_time":1725278711469186,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":699,"flow_dst_max_l4_payload_len":2052,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":19186,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":33702,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.WebSocket","proto_id":"7.251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1"}}
-01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725278711296937,"flow_src_last_pkt_time":1725278711297554,"flow_dst_last_pkt_time":1725278711297705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":508,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":39646,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
+01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725278711296937,"flow_src_last_pkt_time":1725278711297554,"flow_dst_last_pkt_time":1725278711297705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":508,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":39646,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1725278711295335,"flow_src_last_pkt_time":1725278711469639,"flow_dst_last_pkt_time":1725278711469627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3932,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":18380,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44532,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":17,"flow_first_seen":1725278711354999,"flow_src_last_pkt_time":1725278711492259,"flow_dst_last_pkt_time":1725278711492259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6600,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":21168,"midstream":0,"thread_ts_usec":1725278711492259,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"142.250.180.142","src_port":51390,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
-00881{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725278711492259}
+00881{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-websocket.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725278711492259}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 100/100
~~ skipped flows.............: 0
@@ -44,9 +44,9 @@
~~ total active/idle flows...: 4/4
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 7679385 bytes
-~~ total memory freed........: 7679385 bytes
-~~ total allocations/frees...: 126028/126028
+~~ total memory allocated....: 8616656 bytes
+~~ total memory freed........: 8616656 bytes
+~~ total allocations/frees...: 144890/144890
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 587 chars
~~ json message max len.......: 2466 chars
Powered by cgit, Themed by Ted Yin.