diff options
Diffstat (limited to 'test/results/waze.pcap.out')
| -rw-r--r-- | test/results/waze.pcap.out | 110 |
1 files changed, 55 insertions, 55 deletions
diff --git a/test/results/waze.pcap.out b/test/results/waze.pcap.out index 557cde20c..048681120 100644 --- a/test/results/waze.pcap.out +++ b/test/results/waze.pcap.out @@ -31,20 +31,20 @@ 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1435587868996,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587868996,"pkt":"ABoRAAACABoRAAABCABFAAA8cVdAAEAGm2kKCAABrcJ2MI7pAburox1\/AAAAAKAC\/\/9UDAAAAgQFtAQCCAoACGwoAAAAAAEDAwg="} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1435587868998,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587868998,"pkt":"ABoRAAACABoRAAABCABFAAAodHhAABAGyFytwnYwCggAAQG7julUXOKAq6MdgFAS\/\/\/xMQAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1435587869002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587869002,"pkt":"ABoRAAACABoRAAABCABFAAAocVhAAEAGm3wKCAABrcJ2MI7pAburox2AVFzigVAQ\/\/\/xMgAA"} -00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868634,"flow_last_seen":1435587869002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587869002,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868996,"flow_last_seen":1435587869054,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1435587869054,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00943{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868635,"flow_last_seen":1435587869106,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587869106,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00986{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868996,"flow_last_seen":1435587869107,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1435587869107,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"23f1f6e2f0015c166df49fdab4280370","unsafe_cipher":2,"cipher":"TLS_ECDHE_RSA_WITH_RC4_128_SHA"}} +00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868634,"flow_last_seen":1435587869002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587869002,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868996,"flow_last_seen":1435587869054,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1435587869054,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00936{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587868635,"flow_last_seen":1435587869106,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587869106,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00979{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868996,"flow_last_seen":1435587869107,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1435587869107,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"23f1f6e2f0015c166df49fdab4280370","unsafe_cipher":2,"cipher":"TLS_ECDHE_RSA_WITH_RC4_128_SHA"}} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587869162,"flow_last_seen":1435587869162,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587869162,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1435587869162,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587869162,"pkt":"ABoRAAACABoRAAABCABFAAA8XmhAAEAGt7gKCAABNubjrLHgAFDjpDJQAAAAAKAC\/\/\/u\/QAAAgQFtAQCCAoACGw4AAAAAAEDAwg="} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1435587869163,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587869163,"pkt":"ABoRAAACABoRAAABCABFAAAodIRAABAG0bA25uOsCggAAQBQseAcW82v46QyUVAS\/\/\/ZBQAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1435587869163,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587869163,"pkt":"ABoRAAACABoRAAABCABFAAAoXmlAAEAGt8sKCAABNubjrLHgAFDjpDJRHFvNsFAQ\/\/\/ZBgAA"} 00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587869162,"flow_last_seen":1435587869165,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1435587869165,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_asr\/lang.portuguese_br_asr","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} 00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587869162,"flow_last_seen":1435587869166,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1435587869166,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_asr\/lang.portuguese_br_asr","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -01094{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868635,"flow_last_seen":1435587869425,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587869425,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} -01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868634,"flow_last_seen":1435587869476,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":554,"midstream":0,"thread_ts_msec":1435587869476,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} -01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587868635,"flow_last_seen":1435587869477,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":1435587869477,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} -00937{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587867755,"flow_last_seen":1435587871459,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1631,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1435587871459,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"xtra1.gpsonextra.net","url":"xtra1.gpsonextra.net\/xtra2.bin","code":200,"content_type":"application\/octet-stream","user_agent":"Android"}} +01087{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868635,"flow_last_seen":1435587869425,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587869425,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} +01341{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587868634,"flow_last_seen":1435587869476,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":554,"midstream":0,"thread_ts_msec":1435587869476,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +01341{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587868635,"flow_last_seen":1435587869477,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":1435587869477,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00929{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587867755,"flow_last_seen":1435587871459,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1631,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1435587871459,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"xtra1.gpsonextra.net","url":"xtra1.gpsonextra.net\/xtra2.bin","code":200,"content_type":"application\/octet-stream","user_agent":"Android"}} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587871656,"flow_last_seen":1435587871656,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587871656,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1435587871656,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587871656,"pkt":"ABoRAAACABoRAAABCABFAAA8\/jRAAEAGF+wKCAABNubjrLHiAFBcJZMGAAAAAKAC\/\/8UywAAAgQFtAQCCAoACG0yAAAAAAEDAwg="} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1435587871657,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871657,"pkt":"ABoRAAACABoRAAABCABFAAAodJ1AABAG0Zc25uOsCggAAQBQseKj2mz5XCWTB1AS\/\/\/ZAwAA"} @@ -77,10 +77,10 @@ 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1435587871945,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871945,"pkt":"ABoRAAACABoRAAABCABFAAAo\/W1AAEAGG84KCAABsCJnacdrAbsTBZAl7Ppv3FAQ\/\/\/FFwAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1435587871945,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871945,"pkt":"ABoRAAACABoRAAABCABFAAAoxDVAAEAGxaUKCAABNBFy25hiAbudWal9YqZWhFAQ\/\/9kwAAA"} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1435587871945,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587871945,"pkt":"ABoRAAACABoRAAABCABFAAAoRGhAAEAG0cwKCAABNubjrLHqAFALhykw9HjW0VAQ\/\/\/Y\/AAA"} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871918,"flow_last_seen":1435587872045,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872045,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871929,"flow_last_seen":1435587872139,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872139,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871935,"flow_last_seen":1435587872205,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872205,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871939,"flow_last_seen":1435587872289,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872289,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871918,"flow_last_seen":1435587872045,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872045,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871929,"flow_last_seen":1435587872139,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872139,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871935,"flow_last_seen":1435587872205,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872205,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871939,"flow_last_seen":1435587872289,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587872289,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00800{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587871941,"flow_last_seen":1435587872340,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1435587872340,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/prompts_conf.buf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} 00808{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871941,"flow_last_seen":1435587872341,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1435587872341,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/prompts_conf.buf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587872476,"flow_last_seen":1435587872476,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587872476,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -89,46 +89,46 @@ 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1435587872478,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587872478,"pkt":"ABoRAAACABoRAAABCABFAAAoWSNAAEAGvREKCAABNubjrLHwAFDxQTSnDr7LWlAQ\/\/\/Y9gAA"} 00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587872476,"flow_last_seen":1435587872479,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1435587872479,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/langs\/1.0\/lang.portuguese_br?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} 00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":175,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587872476,"flow_last_seen":1435587872479,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1435587872479,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/langs\/1.0\/lang.portuguese_br?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871935,"flow_last_seen":1435587872515,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587872515,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} -01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871918,"flow_last_seen":1435587872568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587872568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} -01253{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871939,"flow_last_seen":1435587872569,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3491,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1435587872569,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871935,"flow_last_seen":1435587872515,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587872515,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871918,"flow_last_seen":1435587872568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587872568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} +01246{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871939,"flow_last_seen":1435587872569,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3491,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1435587872569,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587872702,"flow_last_seen":1435587872702,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587872702,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1435587872702,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587872702,"pkt":"ABoRAAACABoRAAABCABFAAA8Y6lAAEAGsncKCAABNubjrLHyAFAC8Q4\/AAAAAKAC\/\/\/yUgAAAgQFtAQCCAoACG2WAAAAAAEDAwg="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1435587872704,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587872704,"pkt":"ABoRAAACABoRAAABCABFAAAodMpAABAG0Wo25uOsCggAAQBQsfL9DvHAAvEOQFAS\/\/\/Y8wAA"} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1435587872705,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587872705,"pkt":"ABoRAAACABoRAAABCABFAAAoY6pAAEAGsooKCAABNubjrLHyAFAC8Q5A\/Q7xwVAQ\/\/\/Y9AAA"} 00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587872702,"flow_last_seen":1435587872706,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1435587872706,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/lang.conf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} 00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587872702,"flow_last_seen":1435587872706,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1435587872706,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/lang.conf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}} -01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871929,"flow_last_seen":1435587873486,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587873486,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} -01242{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587871935,"flow_last_seen":1435587873688,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1435587873688,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}} -01242{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587871929,"flow_last_seen":1435587873741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1435587873741,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}} -01243{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1435587871918,"flow_last_seen":1435587874033,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1435587874033,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587871929,"flow_last_seen":1435587873486,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587873486,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} +01235{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587871935,"flow_last_seen":1435587873688,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1435587873688,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}} +01235{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587871929,"flow_last_seen":1435587873741,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"thread_ts_msec":1435587873741,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}} +01236{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1435587871918,"flow_last_seen":1435587874033,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"thread_ts_msec":1435587874033,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587878215,"flow_last_seen":1435587878215,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587878215,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1435587878215,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587878215,"pkt":"ABoRAAACABoRAAABCABFAAA8EZdAAEAGeDAKCAABNBFy25htAbtopH5VAAAAAKAC\/\/+mHQAAAgQFtAQCCAoACG\/CAAAAAAEDAwg="} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1435587878217,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587878217,"pkt":"ABoRAAACABoRAAABCABFAAAodRhAABAGRMM0EXLbCggAAQG7mG2XW4GqaKR+VlAS\/\/9ktAAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1435587878217,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587878217,"pkt":"ABoRAAACABoRAAABCABFAAAoEZhAAEAGeEMKCAABNBFy25htAbtopH5Wl1uBq1AQ\/\/9ktQAA"} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587878215,"flow_last_seen":1435587878444,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587878444,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587878215,"flow_last_seen":1435587878444,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587878444,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587878606,"flow_last_seen":1435587878606,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587878606,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1435587878606,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587878606,"pkt":"ABoRAAACABoRAAABCABFAAA8DkFAAEAGt5sKCAABsCK6tI3YAbvsnGGoAAAAAKAC\/\/+FVQAAAgQFtAQCCAoACG\/pAAAAAAEDAwg="} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1435587878608,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587878608,"pkt":"ABoRAAACABoRAAABCABFAAAodR5AABAGgNKwIrq0CggAAQG7jdgTY55X7JxhqVAS\/\/+rXgAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1435587878609,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587878609,"pkt":"ABoRAAACABoRAAABCABFAAAoDkJAAEAGt64KCAABsCK6tI3YAbvsnGGpE2OeWFAQ\/\/+rXwAA"} -00999{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587878215,"flow_last_seen":1435587878781,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587878781,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} -01253{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587878215,"flow_last_seen":1435587878832,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2123,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"thread_ts_msec":1435587878832,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587878606,"flow_last_seen":1435587878901,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587878901,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00992{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587878215,"flow_last_seen":1435587878781,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1435587878781,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} +01246{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587878215,"flow_last_seen":1435587878832,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2123,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"thread_ts_msec":1435587878832,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587878606,"flow_last_seen":1435587878901,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587878901,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587879018,"flow_last_seen":1435587879018,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587879018,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1435587879018,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587879018,"pkt":"ABoRAAACABoRAAABCABFAAA8CjxAAEAGu6AKCAABsCK6tI3aAbtwD3ouAAAAAKAC\/\/\/pMQAAAgQFtAQCCAoACHASAAAAAAEDAwg="} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1435587879020,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587879020,"pkt":"ABoRAAACABoRAAABCABFAAAodSNAABAGgM2wIrq0CggAAQG7jdqP8IXRcA96L1AS\/\/+rXAAA"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1435587879020,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587879020,"pkt":"ABoRAAACABoRAAABCABFAAAoCj1AAEAGu7MKCAABsCK6tI3aAbtwD3ovj\/CF0lAQ\/\/+rXQAA"} -01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587878606,"flow_last_seen":1435587879181,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587879181,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} -01254{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587878606,"flow_last_seen":1435587879233,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"thread_ts_msec":1435587879233,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587879018,"flow_last_seen":1435587879574,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587879574,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587878606,"flow_last_seen":1435587879181,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587879181,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} +01247{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587878606,"flow_last_seen":1435587879233,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"thread_ts_msec":1435587879233,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587879018,"flow_last_seen":1435587879574,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587879574,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587879850,"flow_last_seen":1435587879850,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587879850,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1435587879850,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587879850,"pkt":"ABoRAAACABoRAAABCABFAAA8Fw9AAEAGrs0KCAABsCK6tI3cAbueIGdrAAAAAKAC\/\/\/NjwAAAgQFtAQCCAoACHBkAAAAAAEDAwg="} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1435587879852,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587879852,"pkt":"ABoRAAACABoRAAABCABFAAAodS5AABAGgMKwIrq0CggAAQG7jdxh35iUniBnbFAS\/\/+rWgAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1435587879853,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587879853,"pkt":"ABoRAAACABoRAAABCABFAAAoFxBAAEAGruAKCAABsCK6tI3cAbueIGdsYd+YlVAQ\/\/+rWwAA"} -01000{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":396,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587879018,"flow_last_seen":1435587879855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587879855,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} -01254{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587879018,"flow_last_seen":1435587879907,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"thread_ts_msec":1435587879907,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} -00946{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587879850,"flow_last_seen":1435587879958,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587879958,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01254{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587879850,"flow_last_seen":1435587880568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3491,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1435587880568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00993{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":396,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587879018,"flow_last_seen":1435587879855,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587879855,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}} +01247{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587879018,"flow_last_seen":1435587879907,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"thread_ts_msec":1435587879907,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00939{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587879850,"flow_last_seen":1435587879958,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587879958,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01247{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587879850,"flow_last_seen":1435587880568,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3491,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1435587880568,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587880576,"flow_last_seen":1435587880576,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587880576,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1435587880576,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1435587880576,"pkt":"ABoRAAACABoRAAABCABFAAA0U4FAAEAG6tYKECWdyKAEH6vXAFAtnZBdDlnt+YARAVu2DAAAAQEICgAIcK6K\/GDA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1435587880577,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587880577,"pkt":"ABoRAAACABoRAAABCABFAAAodUFAABAG+SLIoAQfChAlnQBQq9cOWe35LZ2QXlAQ\/\/9M8gAA"} @@ -169,20 +169,20 @@ 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1435587894241,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587894241,"pkt":"ABoRAAACABoRAAABCABFAAA87+5AAEAGZNsKCAABLjOtto0mAbvDfJnqAAAAAKAC\/\/\/\/twAAAgQFtAQCCAoACHYEAAAAAAEDAwg="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1435587894244,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587894244,"pkt":"ABoRAAACABoRAAABCABFAAAodXFAABAGD20uM622CggAAQG7jSY8g2YVw3yZ61AS\/\/86\/gAA"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1435587894244,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587894244,"pkt":"ABoRAAACABoRAAABCABFAAAo7+9AAEAGZO4KCAABLjOtto0mAbvDfJnrPINmFlAQ\/\/86\/wAA"} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587894241,"flow_last_seen":1435587894323,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587894323,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":537,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587894241,"flow_last_seen":1435587894759,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":554,"midstream":0,"thread_ts_msec":1435587894759,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587894241,"flow_last_seen":1435587894323,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587894323,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01343{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":537,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587894241,"flow_last_seen":1435587894759,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":554,"midstream":0,"thread_ts_msec":1435587894759,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587898822,"flow_last_seen":1435587898822,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587898822,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1435587898822,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587898822,"pkt":"ABoRAAACABoRAAABCABFAAA8qMZAAEAGamAKCAABbKiw5MaMAbuJft8IAAAAAKAC\/\/93xAAAAgQFtAQCCAoACHfOAAAAAAEDAwg="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1435587898824,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587898824,"pkt":"ABoRAAACABoRAAABCABFAAAodXtAABAGzb9sqLDkCggAAQG7xox2gSD3iX7fCVAS\/\/+\/9AAA"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1435587898824,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587898824,"pkt":"ABoRAAACABoRAAABCABFAAAoqMdAAEAGanMKCAABbKiw5MaMAbuJft8JdoEg+FAQ\/\/+\/9QAA"} -00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587898822,"flow_last_seen":1435587898874,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1435587898874,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587898822,"flow_last_seen":1435587898874,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1435587898874,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587905035,"flow_last_seen":1435587905035,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1435587905035,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1435587905035,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1435587905035,"pkt":"ABoRAAACABoRAAABCABFAAA82iNAAEAGeqYKCAABLjOtto0pAbvwXaAfAAAAAKAC\/\/\/IZgAAAgQFtAQCCAoACHo8AAAAAAEDAwg="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1435587905038,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587905038,"pkt":"ABoRAAACABoRAAABCABFAAAodYZAABAGD1guM622CggAAQG7jSkPol\/g8F2gIFAS\/\/86+wAA"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1435587905039,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1435587905039,"pkt":"ABoRAAACABoRAAABCABFAAAo2iRAAEAGerkKCAABLjOtto0pAbvwXaAgD6Jf4VAQ\/\/86\/AAA"} -00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587905035,"flow_last_seen":1435587905111,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587905111,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} -01096{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":580,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587905035,"flow_last_seen":1435587905510,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587905510,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} -01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587905035,"flow_last_seen":1435587905565,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":1435587905565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} +00938{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587905035,"flow_last_seen":1435587905111,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1435587905111,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} +01089{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":580,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1435587905035,"flow_last_seen":1435587905510,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"thread_ts_msec":1435587905510,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} +01343{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1435587905035,"flow_last_seen":1435587905565,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":416,"midstream":0,"thread_ts_msec":1435587905565,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}} 00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880580,"flow_last_seen":1435587880589,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880580,"flow_last_seen":1435587880589,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1435587868632,"flow_last_seen":1435587869162,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1624,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":181,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} @@ -192,31 +192,31 @@ 00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587871941,"flow_last_seen":1435587872478,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":552,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} 00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587872476,"flow_last_seen":1435587872705,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} 00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1435587872702,"flow_last_seen":1435587872838,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":391,"flow_tot_l4_payload_len":543,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"}} -00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1435587898822,"flow_last_seen":1435587899372,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":511,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} +00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1435587898822,"flow_last_seen":1435587899372,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":511,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880579,"flow_last_seen":1435587880583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880579,"flow_last_seen":1435587880583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00920{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1435587868634,"flow_last_seen":1435587888318,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17204,"flow_tot_l4_payload_len":79914,"flow_avg_l4_payload_len":746,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00917{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1435587868635,"flow_last_seen":1435587884546,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3606,"flow_tot_l4_payload_len":9966,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00918{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1435587894241,"flow_last_seen":1435587901093,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":5269,"flow_avg_l4_payload_len":219,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00918{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1435587905035,"flow_last_seen":1435587907392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":4480,"flow_avg_l4_payload_len":194,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1435587878606,"flow_last_seen":1435587882306,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11132,"flow_tot_l4_payload_len":42871,"flow_avg_l4_payload_len":1339,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1435587879018,"flow_last_seen":1435587882336,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":228,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00817{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1435587879850,"flow_last_seen":1435587883075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8096,"flow_tot_l4_payload_len":26354,"flow_avg_l4_payload_len":941,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00913{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":107,"flow_first_seen":1435587868634,"flow_last_seen":1435587888318,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17204,"flow_tot_l4_payload_len":79914,"flow_avg_l4_payload_len":746,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00910{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1435587868635,"flow_last_seen":1435587884546,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3606,"flow_tot_l4_payload_len":9966,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00911{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1435587894241,"flow_last_seen":1435587901093,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":5269,"flow_avg_l4_payload_len":219,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00911{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1435587905035,"flow_last_seen":1435587907392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":4480,"flow_avg_l4_payload_len":194,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1435587878606,"flow_last_seen":1435587882306,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11132,"flow_tot_l4_payload_len":42871,"flow_avg_l4_payload_len":1339,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1435587879018,"flow_last_seen":1435587882336,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":228,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1435587879850,"flow_last_seen":1435587883075,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8096,"flow_tot_l4_payload_len":26354,"flow_avg_l4_payload_len":941,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} 00628{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880587,"flow_last_seen":1435587880590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00571{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880587,"flow_last_seen":1435587880590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00815{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1435587871939,"flow_last_seen":1435587873226,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3994,"flow_tot_l4_payload_len":8301,"flow_avg_l4_payload_len":518,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1435587871939,"flow_last_seen":1435587873226,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3994,"flow_tot_l4_payload_len":8301,"flow_avg_l4_payload_len":518,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1435587868996,"flow_last_seen":1435587869400,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":1420,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1435587878215,"flow_last_seen":1435587880857,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21888,"flow_tot_l4_payload_len":57094,"flow_avg_l4_payload_len":1730,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1435587871918,"flow_last_seen":1435587874945,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":285,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1435587871929,"flow_last_seen":1435587874378,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":4561,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} -00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1435587871935,"flow_last_seen":1435587874495,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1435587878215,"flow_last_seen":1435587880857,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21888,"flow_tot_l4_payload_len":57094,"flow_avg_l4_payload_len":1730,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1435587871918,"flow_last_seen":1435587874945,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":285,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1435587871929,"flow_last_seen":1435587874378,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":4561,"flow_avg_l4_payload_len":253,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1435587871935,"flow_last_seen":1435587874495,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"}} 00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880578,"flow_last_seen":1435587880583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880578,"flow_last_seen":1435587880583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880576,"flow_last_seen":1435587880583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880576,"flow_last_seen":1435587880583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880583,"flow_last_seen":1435587880590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00569{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880583,"flow_last_seen":1435587880590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00811{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1435587867755,"flow_last_seen":1435587873026,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11779,"flow_tot_l4_payload_len":61187,"flow_avg_l4_payload_len":1653,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} +00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1435587867755,"flow_last_seen":1435587873026,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11779,"flow_tot_l4_payload_len":61187,"flow_avg_l4_payload_len":1653,"midstream":0,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} 00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880577,"flow_last_seen":1435587880583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880577,"flow_last_seen":1435587880583,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00627{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880589,"flow_last_seen":1435587880590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} @@ -235,10 +235,10 @@ ~~ total active/idle flows...: 33/33 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5221308 bytes -~~ total memory freed........: 5221308 bytes -~~ total allocations/frees...: 114088/114088 +~~ total memory allocated....: 5991989 bytes +~~ total memory freed........: 5991989 bytes +~~ total allocations/frees...: 118878/118878 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 452 chars -~~ json string max len.......: 1355 chars -~~ json string avg len.......: 903 chars +~~ json string max len.......: 1348 chars +~~ json string avg len.......: 900 chars |