summaryrefslogtreecommitdiff
path: root/test/results/ultrasurf.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/ultrasurf.pcap.out')
-rw-r--r--test/results/ultrasurf.pcap.out22
1 files changed, 11 insertions, 11 deletions
diff --git a/test/results/ultrasurf.pcap.out b/test/results/ultrasurf.pcap.out
index 7192a3123..11fd92956 100644
--- a/test/results/ultrasurf.pcap.out
+++ b/test/results/ultrasurf.pcap.out
@@ -2,24 +2,24 @@
00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ultrasurf.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1656652731609}
00700{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652731609,"flow_last_seen":1656652731609,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":2576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656652731609,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
03968{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1656652731609,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2646,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":2646,"pkt_l4_len":2608,"thread_ts_msec":1656652731609,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAKRM7tQAA3BtrhQTFEGQqEABfDhZQKC2KlCkpUkTKAEAFmmhsAAAEBCAom3sf8A1a0+8wcMEFbpDhmmW\/ro\/\/D3SORouvGcLJVns8eaTu23\/042aUVj61nN6Xm0ijnaUg+Npmao+ahS5YFWlU5gxCt1Bv2Dd8X34iKweQUI1pV18JFIZQX4tZ8BgqPMHrM3xcO0sUVX\/OJ2pP8yGrJvNpjXCDZ3sKsZ8ObIJNR5C9HtP8VqqX5BjlcTX8CqWIvl0ZBgk5WvH2JDhc248aWcjJLqPpHeFkT7LlN9WbJOIcs7fIr7w\/l\/4QosbfyzysqE5\/jPdpXVbudJyd5Co9YEs4l8Q\/6o70Ffd9ZnAxSFwa0dpQq9l84dMMc++LU4g\/5uQo7ByYovlcOyQGaJMbvwFaomPtCm2gWgqlbGVYuy1fssTPKvOwtvuxi+uQSp0x90L4yICcjWy7QquRyX6vF4Kj7bnDBXk4Yuwhy\/eBFma8pYGq3nFybEXkBIoJM5PIx+daLngl8AMAATYZytmx8fvkxAn9nAl1vSL8DDtuJzW4bIpWNuUkrrQEo1qDNWTbFKTev+4WI2s2Dq0ECsJXkOzrv7ys8hbU9zt92MomzoOYqefTDPaVuUCZTdCEQ9uujt8du7o\/jXx78zGYtv58gGSActDbLr2l16bg\/8Uk3qmgnE4b9MmARdZqn4TXakOrfI7oMcpdzvXVxR02+JkOD2SzX0V6zyWGabGkpaHNUvZKhT9p9qT+xCygM23AxUgBVWRhbJOtoeCCmB9GtvrbByAuiFwMDCxpSuPxAzaqU1CDJRf0ARgMOGGitml366m2q80qwL6szhusBMTOpH\/+lZ+4L1ssuGJ7LmGwmTwj7CD7eU0QlRuuYEYdh\/W6inXP9pJwRRn5uXzjK2UGyXSKJQgFhgjKV\/gTtslaG1kJ9wEH3bRwjXGp+ck2NQY4p+Bw8hIGicivItS9FcKEUt6XedxsZehCTx0hYNbo5lDpgelreL+du2TIrCAGAHDGERkejYlaJXbPaNGkoCdPiWIM\/wKUpngDY6o\/X+oS4sqzbyHIJrWfx\/DNsKnakfj\/2CY9hTzppyXRIIMYoyhCThF4ViWWG951XQxJX59hIiJ0P800Ff7a\/5G5VD7ycCukCJw8TO+sLeaHNh0quy2GVip7vE7h6qblNGu0Gk9cK51FTnAHXCv6Q3d4ELba6G4KCOUY3W0JffhWzAOEmTJXAEn\/AlMO2rWx\/k5N9xej0nT\/nkreUz1f1WDVQX6TVNBY\/eRFDtb+TFH+sKdpkHf7qxhfQFxyqkO3FqpeLRYLb2aGXgnvyumtFIbL1yK2alLZq7VfOIertUcgFGWCflf2oGAQMP494aoiJeNdkUmDGGagS7Z55kvWOGnhHAq7vsPk2kKAjsA1WiALpxOUCeufBXfydppP5eHVnoy28uj69BNxwot9pZUkBBYCeXDj3oFR7Gc9bpRrdMTyafPDB90bcnb3nOWmeh6KPFWxajHcXo0ahl0atfQ0xcfDpv70YkPiVHvN5anji\/jwqd+wJMI02C2CHQYt0A0sb9htNsGJTYmz+qMEhhQgck9uTTyfTQQdK6\/Wo8Rw4c2ys8Ejy8JuJwmtCvHILWdrH8t+XzmYUjHgSjqsA2HLkDPFRZ\/NnGE1jWIEHA1mz46FdQt2Rz4VpbzOBlhqXfDAGkgWEXCyxg9Xt27URhieFz2k6YtWj1FBxrzsegVYDqhgLu95Xv61CBvesoUlZ9xj6Kl4Yl3DHrSrHkP69714VHd12KjEfy7I6PDUSEKGOgsDz2k3gWEz1Vc+5H98dopHMlCP13Yfv0lgLia4AI9tg03z8EoOpAEtDjYmJC8jyZR7z8MFAqjVJ+KlRi7Va6lXMgiTy48noI4EJnp+d3YCu\/TvYdatO\/n8f0FwyP3cI7Bw1wJQYGLb8BE+1FxjfVZo1\/FCFmY5z5t2vZ1fLUc8VgQCCrdPI9Reqj0rAEBhJQzYhyyrI5sO+d0uUiZm1ZjMrsAuR1R+D8ViDPDKJgNTF+lFzmzRvVhWOwiVB62wQx0H1nuzBWVrJnVTyu3Td+HivoL56Fmw46FaLO5cqZKJ4kdrfcT7dOr5SBNdiyjnF7hS41D6qjd1GwoYClOmY65UzGvO\/LpJXnZXNNzcmlebgMFy797BQ5WUmd7VC5FdTGCC8DMqElgFA+rp3WoHjwFyoua2tPfKAEOcMjf\/DXXePwU3Ik4UHmQADTzoJAa9I3MJkafNrUiyVVonoJubGqfmrjkZSA4gDie37sGxEUI86ocE60tLrdZB+SyKA8DHTfOJ4ywPWXCzMMHVfSQPr7V\/TcVQus\/74nuldXt48tcQWezCEyjrk4wEup0Xxil5tfRt81R5SKnXiLTQKHEZIf0HqSXIESqul3tuehmW4c9Q1wxJPZqqhjadeeubZ0gIjhZ9hs9B\/6aDfWtslbETpt0Jbd\/Ri0xqEdLzsqFyIafwtncy88mYnLcalIh0rBtSJuU\/LhKGCkVIE+gUPPF1DbTYZY4YKEaeb+2qo\/\/JDj6zwXltjrJPllzgJKQNGUCykc5KZO1hlo311el8xzVEOheb4BzRB9rrUaDmjaCVi8CyuEyMO5b2YxxWHzBzuZCfmdbLRqSQLyu+LSzVRqFA+T79T7kHNu3xGMSCuKVSsG2pREebnblNVGkCfubEdGKnPL686GbKWglEv7v2CfHncHfVZct\/s0hHAbjxQUdnfLXoTISdI7+bsxXb+ra8Q\/1RtrRBVzu+48UJKnUfoIM1auofVab2EM52OgI1cJXu8rWam94puZzFKEWGHN5jrPhx\/1njYeBqUbgiSNKRjjW+fz8xMBFQ5gSSCk0oalrdEbE7BnRoIdN\/vRg9D\/N51B7MdkbJ2Gmv55poGFAMgIExvo2B\/JlYaCIHgXg41f0\/LPeqrMcFhe2j5UYCpb3n2IzOKezh\/TS0GI0iMwrY1GP7aVptjhYXhhys7MA9TMX9mjk30oA5Li3Yeg25blNJqeDxKu+vxwlNbxqOKs86fBSxzrYDDpnNu5QdAQ7sboEki75xxiMB7G2qxumkThEE3WMNP1TP2cyPa+KzTwAEUydo7dmB7r1BYVlH445Zqui\/gQ9B7FCwh5ykQiRlEVepOqNbbaYU6jrc3JQmu9yNVQ516c7KEY3PmTJGfIomYYQCg0xQ64qJbX+Ng2D40mseTOcV\/nfh\/lZ1gI1tQQr6VxcSHohyQ0owuuvE7GS\/s9KhqIZNKrqD7fH3CftARHmTYUxtD5t+c+oO0QyPgfXcmsUaQ277fzvTac55sC8LTxTlb6qQ6lTQ9Jxj5AhKLanf25vF3ivpTZoHcf\/UbFC7yAm1PT5k8IxbUybglXXWOr+hDrIncmBDz99Gq0DNEyl2Sk\/khhOFsvG2taZ4rfI\/Iq+r72y5uXdniCSx0ABH9OlSRvpo\/6aASUseGq305nqAhb9HZEY9zmIB4WBYmNdv2m2FQvjwfqskoI3NcL8wSS92+WJiP"}
-00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652731609,"flow_last_seen":1656652731609,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":2576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656652731609,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"UltraSurf","breed":"Acceptable","category":"VPN"}}
+00807{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652731609,"flow_last_seen":1656652731609,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":2576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_msec":1656652731609,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"UltraSurf","proto_id":"304","encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
03963{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1656652731609,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":2646,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":2646,"pkt_l4_len":2608,"thread_ts_msec":1656652731609,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAKRM7vQAA3BtrfQTFEGQqEABfDhZQKC2ONCUpUkTKAEAFmmhsAAAEBCAom3sgHA1a0\/YkZzIRfJcoGEDhjun+5RWZFRHORheFaka9qWEEqwSnKRQ8+fGAhhFa7EN5cpLsXBaX2yHZz8DtP4L0FIaDBHwFd5rA4GP5cmI7bfwLgg4FVeGP7SjUTC6qb+HQHzgd9GKJejKikQgtNuMoyW+WltSykS7MMuwC9XmFm880JdkonHY1odOp0bZesqC0Ef58K3CfEAwAV1rHerMtEb3ZHcVOr9dSu4VHvVdRPp+8WfCOtT114DN9xODhN5xizXNsKGb1Vqn77M3rN9osNOzf3tytH8Pevd1aIgf3Sm6YXA7VR5D7dvmhs0FN4QC+LDtkE\/6thA0uo\/lnZqMEIHcwUsGe918WbIwSGOk2MJbaAbJZUODyOfxe+T03WsJGCGLuDQ0m7AsMClrqgh8OHbm5U9HMCsMr4h4pvEhR0z2I+R7A\/GAWfQ1Lv84asTQ\/KcjVoTGNO\/qR9qnBDPz02vpUg0t1qIn5OZjHUJc1XlP7bcvV\/wKw3OfG2mX63GGvc7i7QZES09OVvvvQOx27EiD1xANcAMElPBG4AZ\/1ImDDO55WnYWPfINUR0Htt3CDZHS99b7xjoML0TE0baQJ3Jm38p3DdfsEGrsmIokmWO1TpdGRxB4MJLY3wn7Tw4tqDNqBMVruqsIN3XOP1je5K4jtfip7MN5mhXqQwq26JbXu4RN0QZgBwifB\/DFQoswvG8No+jWGMXSh9v0kJl9fw8bhx9lZpA3tQmLgRL3sOqJAHaqHBZRkJhuHh+Rjm\/6hTfFQ00ehtauLThf9ezdb2uY49gvz2DGebsNmTjFsOx+X4R9hsdpnezkh4aEpX5uL1bXi1H6uS64VjoFNEDHQpZ+3uZrYCmJilgBV0bv0nVghQl4kU33Pf7GIoPZuXhIQfS9VrHsdHbZpH1PU8M\/9PRmRmYlmeapu7XEZp4CzDGYPDSedJ8vQLqPyHzVwGcjHckBVdpjNiPAG5UPQoZ3wCl\/PxEywufemrmfmR\/5AqOpW8\/Wur6zMxw5YPRRe\/bygJ0G9Yqw0LVPvEBxGwFY9uVVI6IGaHAasiMKQLbkze7bdXM6QNfYFDnbbaxoOEV8QDh7YIhuz4gfbAW6eyQbJT2jQKjEHkd0tMaupNho4gKsMUwsj4nZlzTYJVJpDMcLimISegAqBKQ4i8foUUKiadz6eosf+e\/Jex37VfE+krt3zlcpISr8HTnFM1USFF0+9ct3a5KjyNHIWXBbdEjluidEueiRiWyxf4cTH4FbCD2xO9GNRkq9QZppurtJaFbRjXCrw9UUutzbcN9EQ4Cq+gKBSyYXwmUbkSGOLO9rE323nvwyvDcYVdrUsP+BGDklMzvNUHuJnRFouZ1R0WCXxlJrCNrMkgI+iuTt0BJzGXzfEkqc7fmNoiossOF4BZK08wWnsMWJPMsI5Aw3iU49xeiNCj74DW2jR92gY79iEsFrre1ny3NbSwl8EGB091wIYQyL7Ho3Xf3P3gT7nJkJZVIupHy1AL3OnXFLu0aQ9jZogZz0sFxzcPAzim0\/TD+aEJKEn3h1ZCM0dvkLQLeFEGKVhxypzfJLDO0hydYwloEETx3qJaVHzqs8Wq+SgnnsMzDPiMy\/H9mXbpWFOmZUY8c+RgPNNwEPY9sWGgREkghLZgVI4BmbR+1He8AIC\/Jqb6\/fZGK9Su8InqtBz4VDwmCvVjB5VmwRYgEff9Co9KEAKioF+rxsp7jx4CUT\/dUpBgwtPw1AAqwXhQ\/uIBWqnOLtB+sJapVDGqCd6YbeW67lUJtDoMU8VaKm8fednX12fDvla7u1M+CXOyIf\/4rq46zKsHemwKXMSG27KxCoqvfpu2RFyDoNiwIkywHe+mu0KXU6r0uKXXuXHjcqE1XT+Ol42P4hE1aTwsVJT\/aLRIVQDwKL6IhfLinh4zf9x0O\/I\/C1GeMvABe16jJTVzGkcz49endJCMetsRgtWR7oSOwEn5bVIocg8jZsCjdrwEvd6kjZWMsRgHhtbLq+aU27mgxUfacXWiiGTsT33DZFYnj2Gbfgh1MUmZNuxbwGQK74YsSlD8+37pnUDCdBxPu+Gf64VQKHxJ9RtZ7tBvjcOGhEiQQM2Bqm9+kC5dGL6whXOTdBD0aHE3e3jNhysBJXeznMxXLuH5BpQBNhY+pGCD36HH\/gl2POk5EvjD5emciTPfEvMoX\/pO1twUedLTeXtt4V8bNumuTzdRWus9vZCGnaJKWYY+IluLtxDKaBHhULnRKPZr7a3fqY4eZZWnvSv+6SyQfi\/guF4IkYLhqf3LM1QbKUpuoYVTCXDg\/iejAGelMIOMZk\/34eSGVjsk9H4ZDrbf+Wviyu10e\/3LGX4vZqXdNId0qCEAQQsb5bj67rIpqEUfO1gjj68uRkOWA5pTXz1Cw5OGMJDODQJgEJUgUxpgbiqUn1yGaEKOOaiaN2Vv5\/u+w6mqQni+gBiA0+4K0zEMbn8XRxSib6SxlyLQVFPK3+8NFm9X2am1AtSH1\/PoCM1+A0L4I8UddMiaV4KJVbD4gIsbkZTEL2rNpB7+3TEPLkz\/oWqgDlYpiSJoug71nGWFcD+HEERUlO5Z93B7c4XWme9gT2XSraJ9EGS47MTy8E5gSuzHgT06aAD1VDe0EzdVIhzO6QfLKRVyqK\/DkDAcF1dU\/CysJQuLXO26HE1qiZstmUL\/PmaIF1CAre3aq1TiBtKi47RcAusmfTZViQ5pBnP52RilqIkeFHO7qJ+Xe7UbBid1eckGMDShESIKSMkg323ewkUsCQrdbbCQCNxMP\/vovWIiozrHVfadoXMR1+s3vDeGvdijxN0cQlXKhRXEHz1q9AFZPP6OvHtyaigQOx7Av7+CCavPWtRnhVyR2jLsjvU\/P8W5IFa8Qs0a8CJRQpkCWniRyCA3gsdHuiU5LPzN9N6ilFVKYWl8zCdx1E0DuWVnebVHPp\/mSPBcwJb6Kn0mZE5F6Slv4ios+F0zFBa\/+ONDhj8YI3D0pzybuWoGGURZpxxZvXyeMYFUqAzWQpmxOYCpDyYaRzpVXybXDJxWUfNGwmd6Ve5t6JHTxK332fJRagMHTraU5uEpzRuAnBCqVX\/orlzGUbI38lDmfktCRZhIZ0TA4WOuMezAS\/U5UeZ\/Ky36Btzeqc\/GtSNTwfx5pintfeIcHnEiV69AT2a7sR3PISNs\/w0efL492At330L6CabtPqbX+3L9tP+74e7pNSOxbl7oi\/mRnKkb9k8n2BH6yIJJt5VxxH74+2OAUxERThSHVZlYSiPBPktL4R30L859p0z2Uz6qmrKoN1is1fQXX8xGHOr7PkuLtDJqwFDVFJJ9YkA7Dx2pq++TaR\/9pl4AeqnylRZtWT3EJRF\/MYY3nnisHit78gzVET6d1BuDKtwoAyw4mKyfoqWDMp6JOacbgYmXKL3bRC0doX8dbGOchwnFREadeVLCi\/Q5"}
02216{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1656652731631,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":1358,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1358,"pkt_l4_len":1320,"thread_ts_msec":1656652731631,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAFPM7xQAA3Bt\/lQTFEGQqEABfDhZQKC2OXGUpUkTKAEAFmw0YAAAEBCAom3sgTA1a0\/SxS3iaqHGBX0a8rgr8EFwZv7fbGR3LsZjVMCYTlteWImHMg7dpDQx6QAkVSKrBDRWsAgkFKUO9XRHQzEdcVJv+Jk6+iQYy27OR2Ruv0q0NyJCK8q8neLYQxD7xGx95YziHhCPmx+v2VJKWqXvo5pekBzrhigp\/0TmX3aYQplVTgwksBVP1wSVYSvnxpw4x3MGHY6EK1PhkChr6I2QaCOOskNMVQXjje52Gr0TD6cnIJniT0zvgTXSdGXH4d1pNmH6VI38eKJmR97TCaHW4VbObiULCNV965z+H0nCojIGmrzSNlYRkWatbld8Zbak+Ve9Ye2qFSUfesBybrU8MPKChWDS4szas\/0\/+O+hp7fTEBfmCOnTwpeZ+9ckDlu30IjD3klrlcZcGx59JJ23VaL3mRHXN2m7OYXYqgEUyKkpkk87MSdGKaT3iv+xeB8fdAD0S5iESPxvCatNGVxlnPWQC6LE2Mwk\/UPzo8wmxmWU\/4g2SzkG6fIhc2KfKoBTSS\/18XObBYhTCKn8tmchtQQnCFEhJwUqNPVQHAM7VWv97\/MrpK1Gg3ow57h3u6bsT3zD+7JqhTzfzSb+JLf+gPPuPmKrDBND362h9HtUe4u54hmK0emiAYbKHemgqk5ObUECg98wBR8GbmhEjkgqd5l9MpJjXEnZd7YjYb9HqCPVuTVofELhtwiquLU41YKvkqj9qHY3i83C4I5rsGWBIQz9jCnG\/LAO0gc+K5MhM0jD8w9afyXqZxxIWbvFCzYdvaAxFsd+dbs6QyAzMjBlRwZZJGoKCRudoGu78iGcHZ9v4JjFh8PqFI5RKE50MXupgqZhn5s+mncV4ED4BR62InyQMO+2lSV8XApXho3jZD2BZYaHL8BxzViM2AnSYU40nV5P\/9Zcawh1bVQjVPNsaeHWxMJc5P+uhgQ7yN5cDddbbbFops91CwGboz\/Y\/iUMqNL+Au752094lP9CLdBHTtF0nwGndsTr7PXV2am5lVFY+07I13Rnwh96VlnzAEErq6QUJMFpXVjoILKF75mfhkzufc5ww1btEyyIToFedBu8inrM2nSfVR4GSH1acVyxGJN\/xPMqMoz7qX11hSlDnDNA70XCXcPknSvGQJeC42YvRZuyBXR4bSZJpW3uxAIMisVpx8HuvqUlRDvWeTkl\/KlLkLPqVG6A7V9IJ4CzPp2LGxX0mxIii\/hq8qrdBvVjXBSMG2kFGd1Gk2CYKUDdUedzWwHbeA+x19\/Z8W9DscgX5Ingwo9qBoCIrSYVEyo5A+Bu6P2A6MYai8bIL3N1ixp0uHekzl1S5Y5ONHOtGVOFVnwRx49hvB6HPO9wc0rIJSIsq9YnBJNWgIZNFkCjlBnZHso+vfBKU6hgL+4B1v8gJk8\/+OinGcG00MXqyjoV0hIPvX8fcu6dH9TclFMmJS42m7WMCCPvMCk17qoAwiC5hrfwamrAiYI\/PEcMUUmJwNoLE7aKVZ7926CN5wXkVGlgQDYNSoxPqXoHqtbU6arZQtfgfxuD27lKKUbZm7keaLAlr7T5d0Wedi07GEwl0yp+Np4OWX5kU2Sgn3juSmnKnaCzCcLk2W4PsHrD6xcXA4Ni176mRo2kV4lUcSZ9ReNwImdlBbdKoXwKkzjV8Aa0hRPMOK2kTBCfB1GhE91TGa9BbzjtvK4JbGfzJcCXKDHd6qGUGMR+lTKBl2gIfVx9fr7SRFiR3Ky\/s="}
00694{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2962,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652778161,"flow_last_seen":1656652778161,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656652778161,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2962,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1656652778161,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1656652778161,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAAPJe\/QAA\/BhQYCoQAF0ExRBmU6MOFszN1DQAAAACgAv\/\/UcYAAAIEBVAEAggKA1bisgAAAAABAwMI"}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2970,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1656652778372,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1656652778372,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAAPAAAQAA3BrPXQTFEGQqEABfDhZTovxOnA7MzdQ6gEnEg1IYAAAIEBYwEAggKJt9+2gNW4rIBAwMJ"}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2974,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1656652778421,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1656652778421,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAANJfAQAA\/BhQfCoQAF0ExRBmU6MOFszN1Dr8TpwSAEAFXcrgAAAEBCAoDVuLwJt9+2g=="}
-01243{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2975,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656652778161,"flow_last_seen":1656652778421,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656652778421,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01288{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2977,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656652778161,"flow_last_seen":1656652778641,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1288,"midstream":0,"thread_ts_msec":1656652778641,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01269{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2975,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656652778161,"flow_last_seen":1656652778421,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656652778421,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01314{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2977,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656652778161,"flow_last_seen":1656652778641,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1288,"midstream":0,"thread_ts_msec":1656652778641,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
00694{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7468,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652831434,"flow_last_seen":1656652831434,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656652831434,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7468,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1656652831434,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1656652831434,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAAPDStQAA\/BncqCoQAF0ExRBmVCMOFn9EiagAAAACgAv\/\/g5YAAAIEBVAEAggKA1cWxwAAAAABAwMI"}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7491,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1656652831643,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1656652831643,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAAPAAAQAA3BrPXQTFEGQqEABfDhZUIPEwzlZ\/RImugEnEgLEwAAAIEBYwEAggKJuBPGgNXFscBAwMJ"}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7496,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1656652831673,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1656652831673,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAANDSuQAA\/BncxCoQAF0ExRBmVCMOFn9EiazxMM5aAEAFXyn8AAAEBCAoDVxcDJuBPGg=="}
-01243{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7499,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656652831434,"flow_last_seen":1656652831673,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656652831673,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-01288{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7502,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656652831434,"flow_last_seen":1656652831894,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1288,"midstream":0,"thread_ts_msec":1656652831894,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8142,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1802,"flow_dst_packets_processed":1169,"flow_first_seen":1656652731609,"flow_last_seen":1656652778381,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":1802,"flow_src_tot_l4_payload_len":2740999,"flow_dst_tot_l4_payload_len":23869,"midstream":1,"thread_ts_msec":1656652839654,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"UltraSurf","breed":"Acceptable","category":"VPN"}}
-01046{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8142,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1826,"flow_dst_packets_processed":2699,"flow_first_seen":1656652778161,"flow_last_seen":1656652831683,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1505,"flow_dst_max_l4_payload_len":2576,"flow_src_tot_l4_payload_len":76106,"flow_dst_tot_l4_payload_len":4310303,"midstream":0,"thread_ts_msec":1656652839654,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
-01043{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8142,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":304,"flow_dst_packets_processed":342,"flow_first_seen":1656652831434,"flow_last_seen":1656652839654,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1391,"flow_dst_max_l4_payload_len":2576,"flow_src_tot_l4_payload_len":56893,"flow_dst_tot_l4_payload_len":279549,"midstream":0,"thread_ts_msec":1656652839654,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
+01269{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7499,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656652831434,"flow_last_seen":1656652831673,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1656652831673,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+01314{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7502,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656652831434,"flow_last_seen":1656652831894,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1288,"midstream":0,"thread_ts_msec":1656652831894,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
+00861{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8142,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1802,"flow_dst_packets_processed":1169,"flow_first_seen":1656652731609,"flow_last_seen":1656652778381,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":1802,"flow_src_tot_l4_payload_len":2740999,"flow_dst_tot_l4_payload_len":23869,"midstream":1,"thread_ts_msec":1656652839654,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"UltraSurf","proto_id":"304","encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
+01092{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8142,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1826,"flow_dst_packets_processed":2699,"flow_first_seen":1656652778161,"flow_last_seen":1656652831683,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1505,"flow_dst_max_l4_payload_len":2576,"flow_src_tot_l4_payload_len":76106,"flow_dst_tot_l4_payload_len":4310303,"midstream":0,"thread_ts_msec":1656652839654,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01089{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8142,"source":"ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":304,"flow_dst_packets_processed":342,"flow_first_seen":1656652831434,"flow_last_seen":1656652839654,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1391,"flow_dst_max_l4_payload_len":2576,"flow_src_tot_l4_payload_len":56893,"flow_dst_tot_l4_payload_len":279549,"midstream":0,"thread_ts_msec":1656652839654,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8142,"source":"ultrasurf.pcap","alias":"nDPId-test","packets-captured":8142,"packets-processed":8142,"total-skipped-flows":0,"total-l4-payload-len":7487719,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1656652839654}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 8142/8142
@@ -29,9 +29,9 @@
~~ total active/idle flows...: 3/3
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6250182 bytes
-~~ total memory freed........: 6250182 bytes
-~~ total allocations/frees...: 129034/129034
+~~ total memory allocated....: 6294289 bytes
+~~ total memory freed........: 6294289 bytes
+~~ total allocations/frees...: 129592/129592
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 465 chars
~~ json string max len.......: 3973 chars
Powered by cgit, Themed by Ted Yin.