00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1626168074745}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168074745,"flow_last_seen":1626168074745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1626168074745,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1626168074745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168074745,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoYkwAAEAGDJLAqAF5NJUVPM4KAbsrlJN\/t5VLK1AQEAACSAAA"}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168074926,"flow_last_seen":1626168074926,"flow_idle_time":7440000,"flow_min_l4_payload_len":394,"flow_max_l4_payload_len":394,"flow_tot_l4_payload_len":394,"flow_avg_l4_payload_len":394,"midstream":1,"thread_ts_msec":1626168074926,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01020{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1626168074926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_msec":1626168074926,"pkt":"6qnehSPO8BiYFWV8CABFAAG+AABAAEAGtOXAqAF5wKgBi83x2EdC5Xfzale+TIAYCAB\/6QAAAQEICj3R7oXM25T9CAABhld\/rqUKPhy+Qdwsnn\/388U2j8HvqfZt7NKn2y6gWIcL98SaPzBZIwnSs72oLTvvlguqUQlKWlLufOGjngWKIhcWUeQoSkpLjQvNSSv7gYi1QDJcZ1YgY8f+7jRqbAl+a\/BPH77qdzC4CNO+ZTGhDrsBC1e4j+Om2CDF7lIs20rukyDxPakgZrQyR46qumvSZQK+8Ppus7xBRLVTFZ\/FLMsl9PGCAEbWgCbmE+w3QXxCCveq9PGBZhO0SuogOJTbCwQu9OkRw87OZldYZJp97qFOjNzQCbVznEIqCLtpav3x8Ag0jVTZabHaayJ+x1z+e8rrZGIX7\/xkSnTBSKyCqMjx2NYF\/5qZhXz4yht89P+8mINNVQ551w864eTaFTcnaSMT0rXqSgtRPoy81ZDM+FmYMt0yLvMJCWWLMV4kGp8LOoIV+I4ULnhXqgmK8DvlRJvF4FU+NKoY88FXQH9DXPUqmsZnrKy4vytUEpb2L3gzXD\/pZCo9RlP7UlcWSVAiGiSkdeXqHQ=="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1626168074928,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168074928,"pkt":"8BiYFWV8WNVuaKQACABFAAAohXJAAGYGg2s0lRU8wKgBeQG7zgq3lUsrK5STgFAQCAUKQgAA"}
01019{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1626168075218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_msec":1626168075218,"pkt":"6qnehSPO8BiYFWV8CABFAAG+AABAAEAGtOXAqAF5wKgBi83x2EdC5Xfzale+TIAYCAB+xwAAAQEICj3R76fM25T9CAABhld\/rqUKPhy+Qdwsnn\/388U2j8HvqfZt7NKn2y6gWIcL98SaPzBZIwnSs72oLTvvlguqUQlKWlLufOGjngWKIhcWUeQoSkpLjQvNSSv7gYi1QDJcZ1YgY8f+7jRqbAl+a\/BPH77qdzC4CNO+ZTGhDrsBC1e4j+Om2CDF7lIs20rukyDxPakgZrQyR46qumvSZQK+8Ppus7xBRLVTFZ\/FLMsl9PGCAEbWgCbmE+w3QXxCCveq9PGBZhO0SuogOJTbCwQu9OkRw87OZldYZJp97qFOjNzQCbVznEIqCLtpav3x8Ag0jVTZabHaayJ+x1z+e8rrZGIX7\/xkSnTBSKyCqMjx2NYF\/5qZhXz4yht89P+8mINNVQ551w864eTaFTcnaSMT0rXqSgtRPoy81ZDM+FmYMt0yLvMJCWWLMV4kGp8LOoIV+I4ULnhXqgmK8DvlRJvF4FU+NKoY88FXQH9DXPUqmsZnrKy4vytUEpb2L3gzXD\/pZCo9RlP7UlcWSVAiGiSkdeXqHQ=="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1626168075586,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168075586,"pkt":"8BiYFWV86qnehSPOCABFAAA0AABAAEAGtm\/AqAGLwKgBedhHzfFqV75MQuV5fYAQD\/PHGQAAAQEICszblug90e6F"}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075664,"flow_last_seen":1626168075664,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1626168075664,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1626168075664,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1626168075664,"pkt":"WNVuaKQA8BiYFWV8CABFAABI5dsAAEARwpjAqAF5CAgICMwbADUANLpX5f8BAAABAAAAAAAAAzEyMQExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="}
00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075664,"flow_last_seen":1626168075664,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1626168075664,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"121.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1626168075665,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1626168075665,"pkt":"WNVuaKQA8BiYFWV8CABFAABHYLwAAEARR7nAqAF5CAgICMwbADUAM5mdqksBAAABAAAAAAAAAjYwAjIxAzE0OQI1Mgdpbi1hZGRyBGFycGEAAAwAAQ=="}
00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168075664,"flow_last_seen":1626168075665,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1626168075665,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"60.21.149.52.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1626168075665,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1626168075665,"pkt":"WNVuaKQA8BiYFWV8CABFAABIJLIAAEARg8LAqAF5CAgICMwbADUANFbmSGkBAAABAAAAAAAAAzEzOQExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="}
00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1626168075664,"flow_last_seen":1626168075665,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1626168075665,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"139.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168075664,"flow_last_seen":1626168075675,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1626168075675,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"139.1.168.192.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00803{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1626168075664,"flow_last_seen":1626168075681,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1626168075681,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"60.21.149.52.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075993,"flow_last_seen":1626168075993,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1626168075993,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1626168075993,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1626168075993,"pkt":"AQBeAAD76qnehSPOCABFAAB0G+EAAP8R\/GjAqAGL4AAA+xTpFOkAYH4FAAAAAAACAAAAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEAACkFoAAAEZQAEgAEAA4Aumq\/a01YO+qp3oUjzg=="}
00702{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075993,"flow_last_seen":1626168075993,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1626168075993,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075993,"flow_last_seen":1626168075993,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1626168075993,"l3_proto":"ip6","src_ip":"fe80::1059:a858:f9e7:cf94","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1626168075993,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":150,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":150,"pkt_l4_len":96,"thread_ts_msec":1626168075993,"pkt":"MzMAAAD76qnehSPOht1gCggAAGAR\/\/6AAAAAAAAAEFmoWPnnz5T\/AgAAAAAAAAAAAAAAAAD7FOkU6QBgoIcAAAAAAAIAAAAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQAAKQWgAAARlAASAAQADgC6ar9rTVg76qnehSPO"}
00711{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168075993,"flow_last_seen":1626168075993,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1626168075993,"l3_proto":"ip6","src_ip":"fe80::1059:a858:f9e7:cf94","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076015,"flow_last_seen":1626168076015,"flow_idle_time":180000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1626168076015,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00910{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1626168076015,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_msec":1626168076015,"pkt":"6qnehSPO8BiYFWV8CABFAAFxqZwAAP8RjIrAqAF5wKgBixTpFOkBXfEmAACEAAAAAAEAAAAFD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUAAgFTUJQcm\/ADMAyACGAAQAAAHgADgAAAADN8QVNQlByb8AhwDIAEIABAAARlAB3EXJwSE49ZWYzZjBmMDE0OThlDHJwRmw9MHgyMDAwMApycFZyPTIxMC40EXJwSEE9NjM4Y2VmMTVmYTJiEXJwQUQ9YzJlYTRjNWFjZmVlEXJwSEk9MmRiM2M5NTVjZDgyFnJwQkE9NTM6REQ6Qjk6MDY6QjU6MDAFTUJQcm8MX2RldmljZS1pbmZvwBwAEAABAAARlAAzFG1vZGVsPU1hY0Jvb2tQcm8xNCwxCm9zeHZlcnM9MjASZWNvbG9yPTIyNSwyMjUsMjIzwEwAHIABAAAAeAAQ\/oAAAAAAAAAIKbjnNzdtvsBMAAGAAQAAAHgABMCoAXk="}
00708{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076015,"flow_last_seen":1626168076015,"flow_idle_time":180000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1626168076015,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1626168076607,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1626168076607,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1626168076607,"pkt":"AQBeAAAC6qnehSPOCABGAAAgeZkAAAECCQnAqAGL4AAAApQEAAAXAAgE4AAA+w=="}
00612{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1626168076607,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1626168076607,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1626168076607,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1626168076607,"pkt":"AQBeAAD76qnehSPOCABGAAAgaRwAAAECGI3AqAGL4AAA+5QEAAAWAAkE4AAA+w=="}
00614{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1626168076607,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1626168077017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_msec":1626168077017,"pkt":"AQBeAAD76qnehSPOCABFAACI8IoAAP8RJ6vAqAGL4AAA+xTpFOkAdC8RAAAAAAACAAEAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEIX2hvbWVraXTAHAAMAAHADAAMAAEAABGUAAgFTUJQcm\/ADAAAKQWgAAARlAASAAQADgC6ar9rTVg76qnehSPO"}
00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1626168077017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":170,"pkt_l4_len":116,"thread_ts_msec":1626168077017,"pkt":"MzMAAAD76qnehSPOht1gCggAAHQR\/\/6AAAAAAAAAEFmoWPnnz5T\/AgAAAAAAAAAAAAAAAAD7FOkU6QB0UZMAAAAAAAIAAQAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAwAAQhfaG9tZWtpdMAcAAwAAcAMAAwAAQAAEZQACAVNQlByb8AMAAApBaAAABGUABIABAAOALpqv2tNWDvqqd6FI84="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077413,"flow_last_seen":1626168077413,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1626168077413,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1626168077413,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168077413,"pkt":"WNVuaKQA8BiYFWV8CABFAABAe7EAAEARLMvAqAF5CAgICNkPADUALCfrXeUBAAABAAAAAAAABHdkY3AJbWljcm9zb2Z0A2NvbQAAQQAB"}
00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077413,"flow_last_seen":1626168077413,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1626168077413,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077415,"flow_last_seen":1626168077415,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1626168077415,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1626168077415,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168077415,"pkt":"WNVuaKQA8BiYFWV8CABFAABA7DEAAEARvErAqAF5CAgICNJ8ADUALMmVww0BAAABAAAAAAAABHdkY3AJbWljcm9zb2Z0A2NvbQAAAQAB"}
00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077415,"flow_last_seen":1626168077415,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1626168077415,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1626168077439,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1626168077439,"pkt":"8BiYFWV8WNVuaKQACABFAAC9hRIAAHgR6uwICAgIwKgBeQA10nwAqSezww2BgAABAAMAAAAABHdkY3AJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAANmgAfCndkLXByb2QtY3AOdHJhZmZpY21hbmFnZXIDbmV0AMAwAAUAAQAAARUANhh3ZC1wcm9kLWNwLWV1LW5vcnRoLTItZmULbm9ydGhldXJvcGUIY2xvdWRhcHAFYXp1cmXAG8BbAAEAAQAAAAQABChxCi8="}
00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077415,"flow_last_seen":1626168077439,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1626168077439,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.113.10.47"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077441,"flow_last_seen":1626168077441,"flow_idle_time":180000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1626168077441,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1626168077441,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_msec":1626168077441,"pkt":"WNVuaKQA8BiYFWV8CABFAABlf9gAAEARKH\/AqAF5CAgICP\/UADUAUcNfVk0BAAABAAAAAAAAGHdkLXByb2QtY3AtZXUtbm9ydGgtMi1mZQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AAEEAAQ=="}
00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077441,"flow_last_seen":1626168077441,"flow_idle_time":180000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1626168077441,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077469,"flow_last_seen":1626168077469,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168077469,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1626168077469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168077469,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KWAbtjvPcwAAAAALAC\/\/\/cwgAAAgQFtAEDAwYBAQgKPdH4ZwAAAAAEAgAA"}
00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1626168077486,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":1626168077486,"pkt":"8BiYFWV8WNVuaKQACABFAADs3EYAAHkRkokICAgIwKgBeQA12Q8A2KuGXeWBgAABAAIAAQAABHdkY3AJbWljcm9zb2Z0A2NvbQAAQQABwAwABQABAAAN4AAfCndkLXByb2QtY3AOdHJhZmZpY21hbmFnZXIDbmV0AMAwAAUAAQAAAG0ANhh3ZC1wcm9kLWNwLWV1LW5vcnRoLTEtZmULbm9ydGhldXJvcGUIY2xvdWRhcHAFYXp1cmXAG8B0AAYAAQAAADsAMwRwcmQxDmF6dXJlZG5zLWNsb3VkwEoGbXNuaHN0wBEAACcRAAADhAAAASwACTqAAAAAPA=="}
00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077413,"flow_last_seen":1626168077486,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1626168077486,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"wdcp.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":65,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077506,"flow_last_seen":1626168077506,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168077506,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1626168077506,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168077506,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KXAbtENsV0AAAAALAC\/\/8t3wAAAgQFtAEDAwYBAQgKPdH4jAAAAAAEAgAA"}
00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1626168077507,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1626168077507,"pkt":"8BiYFWV8WNVuaKQACABFAACx7P0AAHkRgg0ICAgIwKgBeQA1\/9QAnZiFVk2BgAABAAAAAQAAGHdkLXByb2QtY3AtZXUtbm9ydGgtMi1mZQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AAEEAAcAlAAYAAQAAADsAQARwcmQxDmF6dXJlZG5zLWNsb3VkA25ldAAGbXNuaHN0CW1pY3Jvc29mdMBAAAAnEQAAA4QAAAEsAAk6gAAAADw="}
00836{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077441,"flow_last_seen":1626168077507,"flow_idle_time":180000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1626168077507,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"},"dns": {"query":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1626168077517,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077517,"pkt":"8BiYFWV8WNVuaKQACABFAAA0QHFAAG0G2JEocQovwKgBeQG70pbavX69Y7z3MYAS\/\/\/xlwAAAgQFoAEDAwgBAQQC"}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1626168077517,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168077517,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KWAbtjvPcx2r1+vlAQEAAiVwAA"}
00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077469,"flow_last_seen":1626168077517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168077517,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1626168077557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077557,"pkt":"8BiYFWV8WNVuaKQACABFAAA0ihJAAG0GjvAocQovwKgBeQG70pd9bt1TRDbFdYAS\/\/9BkgAAAgQFoAEDAwgBAQQC"}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1626168077557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168077557,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KXAbtENsV1fW7dVFAQEAByUQAA"}
00931{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077506,"flow_last_seen":1626168077557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168077557,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01413{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168077469,"flow_last_seen":1626168077565,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168077565,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077590,"flow_last_seen":1626168077590,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1626168077590,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1626168077590,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1626168077590,"pkt":"WNVuaKQA8BiYFWV8CABFAAA\/efAAAEARLo3AqAF5CAgICMikADUAK6rjycUBAAABAAAAAAAAA3d3dwltaWNyb3NvZnQDY29tAABBAAE="}
00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077590,"flow_last_seen":1626168077590,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1626168077590,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077590,"flow_last_seen":1626168077590,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1626168077590,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1626168077590,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1626168077590,"pkt":"WNVuaKQA8BiYFWV8CABFAAA\/el4AAEARLh\/AqAF5CAgICOMxADUAK47tCy8BAAABAAAAAAAAA3d3dwltaWNyb3NvZnQDY29tAAABAAE="}
00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077590,"flow_last_seen":1626168077590,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1626168077590,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1626168077604,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1626168077604,"pkt":"8BiYFWV8WNVuaKQACABFAAETO6UAAHgRNAQICAgIwKgBeQA1yKQA\/zFnycWBgAABAAMAAQAAA3d3dwltaWNyb3NvZnQDY29tAABBAAHADAAFAAEAAAelACMDd3d3CW1pY3Jvc29mdAdjb20tYy0zB2VkZ2VrZXkDbmV0AMAvAAUAAQAAAHAANwN3d3cJbWljcm9zb2Z0B2NvbS1jLTMHZWRnZWtleQNuZXQLZ2xvYmFscmVkaXIGYWthZG5zwE3AXgAFAAEAAAAZABkGZTEzNjc4BGRzY2IKYWthbWFpZWRnZcBNwKgABgABAAAAMgAxBm4wZHNjYsCtCmhvc3RtYXN0ZXIGYWthbWFpwBpg7VdYAAAD6AAAA+gAAAPoAAAHCA=="}
00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077604,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":65,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077604,"flow_last_seen":1626168077604,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1626168077604,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1626168077604,"pkt":"WNVuaKQA8BiYFWV8CABFAABIwDAAAEAR6EPAqAF5CAgICNkaADUANI8rXZMBAAABAAAAAAAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AABBAAE="}
00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077604,"flow_last_seen":1626168077604,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077604,"flow_last_seen":1626168077604,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1626168077604,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1626168077604,"pkt":"WNVuaKQA8BiYFWV8CABFAABIJH8AAEARg\/XAqAF5CAgICNUhADUANLCIQG8BAAABAAAAAAAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AAABAAE="}
00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077604,"flow_last_seen":1626168077604,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1626168077604,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01413{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168077506,"flow_last_seen":1626168077607,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168077607,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1626168077619,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_msec":1626168077619,"pkt":"8BiYFWV8WNVuaKQACABFAACITIkAAHkRIqsICAgIwKgBeQA12RoAdB3yXZOBgAABAAAAAQAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AABBAAHAEwAGAAEAAAKpADQGbjBkc2NiwBgKaG9zdG1hc3RlcgZha2FtYWkDY29tAGDtWc8AAAPoAAAD6AAAA+gAAAcI"}
00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077619,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1626168077619,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077620,"flow_last_seen":1626168077620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168077620,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1626168077620,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168077620,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGVJbAqAF5AhYh69KYAFDHEa2yAAAAALAC\/\/\/SXgAAAgQFtAEDAwYBAQgKPdH4\/AAAAAAEAgAA"}
00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1626168077622,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_msec":1626168077622,"pkt":"8BiYFWV8WNVuaKQACABFAADmBoMAAHgRaVMICAgIwKgBeQA14zEA0sNDCy+BgAABAAQAAAAAA3d3dwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAosACMDd3d3CW1pY3Jvc29mdAdjb20tYy0zB2VkZ2VrZXkDbmV0AMAvAAUAAQAAAyUANwN3d3cJbWljcm9zb2Z0B2NvbS1jLTMHZWRnZWtleQNuZXQLZ2xvYmFscmVkaXIGYWthZG5zwE3AXgAFAAEAAAMDABkGZTEzNjc4BGRzY2IKYWthbWFpZWRnZcBNwKEAAQABAAAAEwAEAhYh6w=="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077622,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1626168077622,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"www.microsoft.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.22.33.235"}}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1626168077632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1626168077632,"pkt":"8BiYFWV8WNVuaKQACABFAAA8AABAADkGW5oCFiHrwKgBeQBQ0pgVbXIGxxGts6AS\/oilegAAAgQFtAQCCAqgBBfWPdH4\/AEDAwc="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1626168077632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077632,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGVKLAqAF5AhYh69KYAFDHEa2zFW1yB4AQCArKugAAAQEICj3R+QegBBfW"}
00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077620,"flow_last_seen":1626168077632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1626168077632,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Cloud"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1626168077633,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1626168077633,"pkt":"8BiYFWV8WNVuaKQACABFAABYGXsAAHgRVukICAgIwKgBeQA11SEAREvAQG+BgAABAAEAAAAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AAABAAHADAABAAEAAAATAAQCFiHr"}
00807{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077633,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1626168077633,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"e13678.dscb.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.22.33.235"}}
01007{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1626168077620,"flow_last_seen":1626168077654,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1647,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1626168077654,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077660,"flow_last_seen":1626168077660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168077660,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1626168077660,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168077660,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGVJbAqAF5AhYh69KZAFBWi1SkAAAAALAC\/\/+bzgAAAgQFtAEDAwYBAQgKPdH5IAAAAAAEAgAA"}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1626168077670,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1626168077670,"pkt":"8BiYFWV8WNVuaKQACABFAAA8AABAADkGW5oCFiHrwKgBeQBQ0pnFRlw1VotUpaAS\/ohpIwAAAgQFtAQCCAqAXqM6PdH5IAEDAwc="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1626168077670,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077670,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGVKLAqAF5AhYh69KZAFBWi1SlxUZcNoAQCAqOZAAAAQEICj3R+SqAXqM6"}
00836{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077660,"flow_last_seen":1626168077671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1626168077671,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Cloud"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}}
01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1626168077660,"flow_last_seen":1626168077691,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1649,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1626168077691,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"},"http": {"hostname":"www.microsoft.com","url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077734,"flow_last_seen":1626168077734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1626168077734,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1626168077734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077734,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGezbAqAF5jFJxGtKRAbvAP+ze5D7DE4ARCAAudQAAAQEICj3R+WZAyN\/6"}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077735,"flow_last_seen":1626168077735,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1626168077735,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1626168077735,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1626168077735,"pkt":"WNVuaKQA8BiYFWV8CABFAABCGz0AAEARjT3AqAF5CAgICP69ADUALrrFTnABAAABAAAAAAAACnRpbWUtbWFjb3MFYXBwbGUDY29tAAABAAE="}
00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077735,"flow_last_seen":1626168077735,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1626168077735,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"time-macos.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1626168077749,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":193,"pkt_l4_len":159,"thread_ts_msec":1626168077749,"pkt":"8BiYFWV8WNVuaKQACABFAACzStAAAHkRJDkICAgIwKgBeQA1\/r0An7qJTnCBgAABAAYAAAAACnRpbWUtbWFjb3MFYXBwbGUDY29tAAABAAHADAAFAAEAAAR8ABUIdGltZS1vc3gBZwdhYXBsaW1nwB3AMgABAAEAAANFAAQR\/Tb7wDIAAQABAAADRQAEEf1s\/cAyAAEAAQAAA0UABBH9bH3AMgABAAEAAANFAAQR\/TZ7wDIAAQABAAADRQAEEf02fQ=="}
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168077735,"flow_last_seen":1626168077749,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":94,"midstream":0,"thread_ts_msec":1626168077749,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"time-macos.apple.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.54.251"}}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077750,"flow_last_seen":1626168077750,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168077750,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1626168077750,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168077750,"pkt":"WNVuaKQA8BiYFWV8CABFAABMdJwAAEAR+uvAqAF5Ef02+8BAAHsAOBCpIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00693{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168077750,"flow_last_seen":1626168077750,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168077750,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1626168077780,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168077780,"pkt":"8BiYFWV8WNVuaKQACABFAABMU7FAADcR5NYR\/Tb7wKgBeQB7wEAAOB9pJAED6wAAAAAAAAALU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mN1Ssd5+SX2Y3VLRfJ"}
00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1626168077848,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1626168077848,"pkt":"8BiYFWV8WNVuaKQACABFAABTEkpAADAGeM2MUnEawKgBeQG70pHkPsMTwD\/s34AYAEWx6wAAAQEICkDJEb890flmFQMDABpqQiSe8lZWsEgoTupah5UnGMUqJn8V431Q+A=="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1626168077848,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168077848,"pkt":"8BiYFWV8WNVuaKQACABFAAA0EktAADAGeOuMUnEawKgBeQG70pHkPsMywD\/s34ARAEUESgAAAQEICkDJEcA90flm"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168078653,"flow_last_seen":1626168078653,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1626168078653,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1626168078653,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1626168078653,"pkt":"WNVuaKQA8BiYFWV8CABFAABGLVcAAEARex\/AqAF5CAgICMseADUAMgvmotEBAAABAAAAAAAAAzIzNQIzMwIyMgEyB2luLWFkZHIEYXJwYQAADAAB"}
00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168078653,"flow_last_seen":1626168078653,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1626168078653,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"235.33.22.2.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1626168078654,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1626168078654,"pkt":"WNVuaKQA8BiYFWV8CABFAABITn4AAEARWfbAqAF5CAgICMseADUANKzYlN8BAAABAAAAAAAAAjI2AzExMwI4MgMxNDAHaW4tYWRkcgRhcnBhAAAMAAE="}
00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168078653,"flow_last_seen":1626168078654,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1626168078654,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"26.113.82.140.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168078673,"flow_last_seen":1626168078673,"flow_idle_time":7440000,"flow_min_l4_payload_len":1448,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1448,"flow_avg_l4_payload_len":1448,"midstream":1,"thread_ts_msec":1626168078673,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1626168078673,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_msec":1626168078673,"pkt":"WNVuaKQA8BiYFWV8CABFAgXQAABAAEAGm5DAqAF5NGKjEtC1Absg2aa\/F4bv+FAQEACuIgAAFwMDCRUAAAAAAAAAWfKHBs70qmO4BAxw\/KH76VJthsd+JmhEdw9LbrjkTjI9b3XfM0DMNLKHxmQFc1wZ9+v47IezDEajRVIeCS0iuwLsGsA3YBgKp65J4M20GnYw3QEoWxPt99213+KI1CclXQzaueofFw\/qIILvmneWSh5sBJstqbtZLD2cDfq2tFoUseLZtuSKYL5M6qSNwvarEAmysHZgT7Udi\/a0Qp07Np4WgFkq\/a9MQH22ift7VaKutQa0mJmP19SdWXTILAVbvhO3J6cdL9EqjePIeIkXKca0uVG2cDnC+ogcIBgWiBVq1pQlzG6pgHKD3PRA0vNoda3MJ0atx621R\/WKvfMZJYbQztqn6MP4oCdEaJloUS59wJjijiLCZEHV1oirlnS2nC0LRIMkV0xOr2eStcvbZVXw4nOKDQS6H4Zgv11KltQC1JnlZF3H2hfUzks7VZJ1piCl7JLEyNiXPboWZlWGmZoEaDAEUa\/zJI4IEULQtYV9J4jBVG0LIyT8dLpi5cgu5HSsaKdQTef+rQO01UnLW77pUjM2FuWnb+vOmbNg9vroOAp08oUd4WURirzl+3HYtCcfBI3wOCJwEWivMjawTzc9kqNg6MLXXDVodJ+9u6ySbjGo8wdF8Ujzicfc0DHPbSwSWwzi48Lx1Xv3zlCdNcfYFQi2USvaYTxC82pbJFTcLcjA75y5d4uDzJFLRDQQPcLYiW1zyuRecgn4v\/HoR\/nQn8q3KO2aunXtZjN2Sgwqa9bCj+P70uuLOr7LdCSf95Yuvv83BVkjI8LO\/K2GelZusfiw+ph2AM5v3nVCVFtVClMHt5LBbn90AGigLyLssV8usgvMte9WY2YO5RbaLrRuaQaZXq7xKP6I9rbLNl04xmGTkSwgMCnsYgpwvWgoxVEJKIK81LOzdRyjEIzviQKsdu5zYpaTUYn0gMWLbk8gisL6HsaNyyzZRZny4WG9c8rHaQ0AVF7OZHAfugm1G0Ya+4uTEO06lH0Y0luTPeZbk6BzWyTQN4kkdYJgzbQ\/H4fL96wAxDKYsoN4xb\/dNiL+rBxozbwW3E3YDpgsLBHEYXx\/9T+ZZByNcVhoanUoyeZR4La0nznczRNl0BSSAwop3ffF\/3weBpuyebCHd3nQY06YIOyKfw5o\/8+DIvbWrrftOtndpCOAfM8xK0ncs0qGgNDeHWSGhfqOCu4xsd1D6TNFpi+SoFxZbO162qCP1uQZqSIk3sB4T700Vag3Fmr5zAc2+Cy2sdC\/A9S2zr73WQ2tNqbvUTsm7mAOCy6fHXiJfrCMOm070Q3x\/hDA1F\/ri24teJTcz681Tpyzz98or8aBXhC1tirmfRKLeb1za5S0A5FpvCOErLaYZ7JnA2Hcnep7W9VvnkzVZD\/eh5PJxQTtMHNN3t73y3SocpYzsv4jecsMhINyJMQzKIZyFN7BeOFn3Icd72v79IVYW+OEMLTFGr\/z0a3l6KHAUNHg5OrTZy63kxeuj2oqpuTuGGW5OGR1vga0lB9LeT5DNs1fw4ET+3+xHSDQYEpIQCm73rmKpEzHnGvP6PaZFc3upw\/YvkfAML3GBWjg6BeNxYGhLgBq1U7bw1AAqe3KjEtHWznkCRp0j2b1yA1x473SNIk\/Tl0OU2uF4V2zDlzbygL3UGekyceZ9TOivgWvNEFgm3JDyB1JsgPkE1UA9Mb3RcUv6IS4oUKckZLMvYCqsp6JNk+hSM2SSYrjCpjVhAAYR\/Tw9J3qPbVuQ\/+0boJNNW9SXU3FXb1mu6\/UjowIaOU5yd1Ruw2HgKAG+TcnMQdTBDCV1Fn1s2Gos7GgJFmic+wrwQmUwvry3qcM4QfQn+KkqL+DVzAfZpY3UE5kKkQw09tvvvCnUub+fKLuuHs2xshp8SgWsVHUpe\/eGalaURu9E5+S5ef5NZPTZU4="}
01667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1626168078673,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":936,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":936,"pkt_l4_len":902,"thread_ts_msec":1626168078673,"pkt":"WNVuaKQA8BiYFWV8CABFAgOaAABAAEAGncbAqAF5NGKjEtC1Absg2axnF4bv+FAYEAByKgAA8hiRnjTuMaDQEL+CLYj0enfAkHVnXO7nV5IzKiak6sLS6qxgDE4htK9g2bjk3R484+O\/m3LR4RiopAnWolcjfbrpfWVb1lMjRimj35IfoR0InDQcTV+lqM1hnbaRsbPul7kk7yp40mdnMbGeSdokyNlVd+Gc2o9y\/kRGCp\/RqZF8PhlnvFvIilO8yiVaTaBmaNQ2c5Ph9+sPKU5aFL1uQpdr\/lZqIfEq2kVgCrdBeDo4qNeeQzKtJNsLVSSXJNaa5EbU9xA4Gcwa59FEb+z5l5k6kMngz8ZNuAlqyaHzifpWW3O+gJvTHlQKGmobQMi8ii1K+B8azR0rME7gHuYp8j9KIa090V1eZVPAqukxBBhYGnGZkUnr+FDlf1ZK\/6jjt\/FM8rQ\/lbeUUBqVgsa+O\/WxUto3U7xUvYDA5nlmX+JiSIl7TX4qI+Ru0aN0Akmto\/YQCR\/ts7jv1DeYAK5L5Yy2Vh6PLRQ4c+Pa\/92Jj4DNdt3iyKVflpKtt14Zke3huw2c2HHz1srDVPgqGpJqA\/eD7864eDOp49Ft0Yeo1yo62XnCO2MSq34SmUewekOqz3llMeY3SFHNG\/SCIEenKOH+ZLswKCtHaL23XWktzPIAvtiPaUe8OQwJHr\/lbrWuPFkD\/U0II2V8NaPz4AVb17oDlmuZOeHOf8JZ5gjU14hPhQ0t944FAWUouPhqgHpug4J7fVHUyJ1W0HeNumJ7723SardKLRg5P7i3J2r6\/9HqflhjXWWoqO31j\/pyOLWOUftD3uTRP8P11Cr3jlNVHTXBld4hude0v33CDpTR\/mf09FhR1Yz1vcA7zHJhk+Hem4vzglb2dTx3BT6MRYPvgUON2zk99ErenQrEGfd6PyJWO5iWwsY0xU8meKY2Jp0LdAk9BxGhy3LU4uTxR4t614VXg7Le3F2XXuKmjbJsQgbVMUYhVkJ6JBcddg15aCLR+YYoWrYgjp+WThS8gLNpJaxaihLqA77pNdcaI187nN+luEpN2fsVBRr1v588oPOg6ugZIMvvQGM\/932ci9FWgh+Egtrp9jWvgwN6C+x\/6Ul9gPKwr35MQ2L88mYUnXuuDGVnTkJ6VTWgAawJ1AxcwiThWo3unPbjvr6pM+jswTV6XOO7V8+41tsMKM1s8WPQI+YtWq8fuv3wgnLtmndqFCNp"}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168078673,"flow_last_seen":1626168078673,"flow_idle_time":7440000,"flow_min_l4_payload_len":1448,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1448,"flow_avg_l4_payload_len":1448,"midstream":1,"thread_ts_msec":1626168078673,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1626168078673,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_msec":1626168078673,"pkt":"WNVuaKQA8BiYFWV8CABFAgXQAABAAEAGm5DAqAF5NGKjEtC0AbvnBlzSyo5yyVAQEADxegAAFwMDCRUAAAAAAAAA26eDpJKN0BUxQmpzIi5g3ucuMMDrMgecHX\/CXiINnB6nf8RfrEh6QYh8SapIE51Wk64JXAUrOVrpUS79nUGqzqypD0Bb3GpnKslW+hVNJEAhzXjXlIms0Mdvn6rZf1ZDryhGsMaJdsIsDeqTE7cSjb\/AwDHg30Dyx\/033m2orYnQp+ZJ5N9NWzfNjr1H+vEJ2aGglmYbAeu\/eTtxNNfcP8qqdaUykL6lGIGhgLgYGMo5CMVqPKpBBKbvbUNBzJadRi9LHo18AgSCwBMZ6bHVYJDpuFL7e4MT+bXzL18TYFQOTCQfRi5j7DT1as0nLD6cQ0jKomb4NNz1M1ClcV55CitfGm0nMZU3GHOq9xlAFFOdfaUNUR+\/9UjqZ44ylRWAqJ6YHxWCQdtqMTvizXKZS4+o82xV4TJVbLkhSRuiz2uTEwwVxekQB2DDmh3GiR9Ye6GPUgczN\/oCVDwpIkKENeQcP\/6Pokh8HMAvZ2RSwo+VUg00wRguVh\/w3achjv22jf5I9GRZwEow5WUpfCf8lVnHG9wLFCzsLG1I8WMaT0TDTKmn7QoYLtSk2V04tAybQOMHVVI0hNhlfUXhSh+SCshPM17AY0UkKtRYcOa2eStGarsU2t5cfO840a2F+oCsIGDj3tvdR13INFmb7pHkKy+Q2V+4uyAMl+Ox8g+B18vuMUBFtZgxt4DO0uuOzFmplvXLtxD3fbrKuxl\/6k\/eCJsGdMUgzkQC\/tUwe4V3D4jZHwwQSFFI+17aKc3J7x1BEo6ekzNTJS1+B4LNLTfv+T0lK8gzRlr5u7\/zaM8tfLPPN37K2o1mRMRjA5iIukpvT8U5wOf5x\/TVVVdMA8FAaqdY6hLNRSvAFVtu5XaBHOcfP3sb1XSB1z4GRcUCgiJxv+lQFekTDU9BS5oGQCQcC+WphKRrfjCRy8ZZhWK9J\/fFGeUgxNdNGEWCyhtCDvzCtVbUxSi2WZ66rDdU3aSKcEOMnDfpPuQ3aNkoqkdkwbdMewaWAPifWpjrrxg90ieLTE7FgbcxFjvhr5lFLSoRBF\/iPJs6lHTLDkWB5y15f1r\/8ZLDb4IhW9FIX\/CLiZ6rpS0mHTHUE9vn\/9hAsmx46xOm3J34VvMgqFYNluvzn3dUGnNnv4rW9ETLU5nx9MjAInMLEQZjDDkNtlaMy4FrKcYLZYQdYzERpfoBvKuaTJfKsWfO7jgAn1v6gbrSWphH3cXzQjxw802J0V4QeazmBVGA0E6lG79pCNEO0uh2dgwktSmtwiCBclBc5tjf6nl4O1l4nqizShQRxCCIPprqlc5ewvpot0KzGllydHXYVwvl3NqOGVnDVbcYW6rsr9cNQcgn1WFKVBGaaHM+XgnvZNhqKSKSS\/JwnHZ96JaxzHCfl4G5C2cceJe1cA34Dat1FKEtweJ9xvHyrHpcm5q9Vkp7cv2o7Ygb+hipT+4C1cSkXBVesDC0+tvSXpCsG73FkouarVtpL+0PQKkzAR1yJgDVrUYv9JCem0QTLOVmTHZ+lN3HGmtyIJYoBu1J4ll241iHn4yj6vQ701Nb8mVXZ6EpF\/5V+Ojw4OShpQ9K4JNfmRah1H4u1+tm5sdLnJXJCnxd1z1bP35y0tiPSMOaFD7D36ftgNesfeblmbdO3QvYo5sZjH2g\/rkgDvWctEdVPFefeneKNa6YJtDm2B1tmPiPBA9Oq0w39UHoupp7PhIxW8KMg8k6pOGMjzQ6Lk23qZ2phXBaaIaaOL394fc7c7DxLl8DqdGBlLveqkkwCREFnxvKjAePN1cC1XOtq0lnaYt1kQ27UguJ0fER9DAfYowgtFCNAKFVeNA3gSi1AQ+OtFaANU7+ThFzU9jKVufQm+9414vvr6INHdHhMJCKTXzk4z8zZd0u+NZ05MVhtrOOr5TlUY0TGx+kJE8="}
01656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1626168078673,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":936,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":936,"pkt_l4_len":902,"thread_ts_msec":1626168078673,"pkt":"WNVuaKQA8BiYFWV8CABFAgOaAABAAEAGncbAqAF5NGKjEtC0AbvnBmJ6yo5yyVAYEADQ3AAA8smVcb3q7jInDMp6iu2tmr5Z01S6ktfb24g2DVivJvFFx18svOuqK0sgnY23ZGcWDPabxfRHCA4+gQkog41eD9Q+jY8o9PdPxSEJPwKKiq97+swgykYZPYYGmASILHqMJuZfByhEv3xViLnOQSEMlZhcFWZRFTusxMYced9WKWA0fc6Tz6HTt2Slu4vTvwt52pLlywDQ+moDsDqD4uzlqRKVGfUL\/ch1qgzh1ik3fV6dkbtg2JStfj9+0gWhw\/1tpp41Yq3ViTYYlVWsBAlK9383UtTU6832bkiivRikzvg6xlr6cUoD8pfbv255mX4wGzTGlmpvD4zQbPqZWm+dyGHA4KTjyuOM3iUOXvN2EIc4hSFWRtZSWhTg95jPk2WAmsedaTcdmQKZ2viJIrwprKiA8pqElIbad4UayJEEQ2rLEHe+6Rkn7weFiJ9Cf4UMQ6av+K70+Y96itdD4PDv0OKsC6tZfU\/tfc4I3DNLWON4dS6I+6zur216gRLFptPxg8nJaKRiptY9M7sohpWI5akHqMg98N8hf2hc0wH9zfT\/L5fz7Z9CQdyywynd2mPmUEW9OWFeYn4wEC\/gdxA80M9Zzf7uv0KAn+8LelSJkvdI3pBiv4FC333GGWS6fic1Zy4pYfk+L8GFZinANnaiXdJr7xAtMQ1GYOBWAHKoH+GJ8tU2xACRvM36EvIAH0I2RrIzXjHRnEOXkSC+CLSu8xyz6ePYQHWJqTeOV24udwyFiAkzDPh7H2SHxmU7LHZwkam8rX9zgmZLxdYHlhAD2yJRjuwO6msg2yZjsqwSwxdSZJhRunBsHb4p7DEvQLMPjpsbatjtgVN9T+qsCyHCJEkFmMU3QsxkCGtossZlWOQrLODqkaHoKbAV0ZeWnv1dwukSAWvNXFgALrC\/LDs9Yk\/0HHogbwj5gGNEDtJS+nkfi7bA8yoN5eCDO2Vffn4zk+ciDVKaCLhgHHzVMIfIKVrI1fMzRQLNYRDWjxKcqdipYwYp0PAI+b3Yx\/DzTVijfHkaedZRCvCw9VPw+QLgF0VkIyTaHhWJgvUO1Zj1YHqbkkNGKFdwVWPQGrGrq1LqA0g1BITMzZ35AcyWNuoGr66LZrtpjF+wDWVoz964kvXYU00tfXiJSAYozGe62YqD95apGcA76\/XZl5+SMB+fuqPf"}
02440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1626168078674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_msec":1626168078674,"pkt":"WNVuaKQA8BiYFWV8CABFAgXQAABAAEAGm5DAqAF5NGKjEtC1Absg2a\/ZF4bv+FAQEAAXNQAAFwMDDxEAAAAAAAAAWp5GeZKPSB7w816DdrEEqHX9aC+YviuGDPWPZX1hWzeJO56tAdFAhHB2CxgaqBUmTp67G7NpRBSOlgFCk7Rz2PSU2RjHkzQN9DEZnqJDnpBJTPsDp7SajTr4PwFG5UIWqi9zReh9EtkjrIng35h3QjPy5pgRGIggIUa\/zHocLpnIHnx2NID0uKUJhEdZqWE4pcslJgdX4YfRKdEPTj3+9rZ3sLr++gXqMzrFGQr9EQgG6\/tRgaivaU0aW0ztmvO3\/qkvcrzeXMhBZCC0bJVz2bEiKKLd+7L5\/eHqmfs1xGLoIVjqoCMrClOzLnCDeSqZPqsY8tiTWubYavu9O8jG+ez+5Hkdw5Zqb5fD9oP0Ibcl2RZkNVM95HmLc4YD76gl\/z1R4Pv\/X+\/YqfzUCuKlbPSA2rgZ1AV5JLooIc7Be\/pYYpsCuIChG0LSB3wA5uDyqmIr57tSP8OI\/758hiFPERZ62qSkcVdehrui9bd5qubE0mTze86LYcawTdiQmMEKmQRBM4+o\/tLRLdTTAHx+8vIwh6AzvixYQvN8Ez8hb+phV92bD5q6hI7M8\/JGEZPjzNU+xKD+ISfZsgEkV2kgA1pedlTeMVuH\/BZclBXFLL5qRfhqeOdjAoZ73FOd8rYWzIde9ssd7E5A+tydX+O9p3kJTnLjhtup7pO1JKqLG8qs7kj4hnoO0t81p9EOSvl36UbBJ\/\/ta9Ym0CAwPBXdG+wAoJE7kndX2G2xUen+Ixk8fIsE2mGGvoV1Us4DqJZlvb5kJ5nWps2iI9sPEuDCreKTajgn6cDATXaCOavuKfFgCBU7JO2xOSJglSq7B7a6Rdhau\/3b0GgchjkVWsL6KTcuabDbsB3hgBi88ZjqfwCY2Nb9XY\/bt2EvOKRb8ymRF+9JboUUDmnm0q\/gX\/KH1nOauqAmFBE3aLfeWKAmW\/ItfqIuivKY+YDdWjc0HTcG1YGSfVrjr6aDU6y2TemMpnTIWRCWpvy7K5WBLe5V6MFlmxWmTIqOmq2cAefJgEppNDtGK3uWqgpEtHWR7rX\/TY7ljVAdLTNKRs1CNLO9YQxubR3nk57cLpnXbrfj+v+Lj4KuWOQnGZWe\/F\/8TM6cKx8vWkZgNLvg7fWbclvvuNbfQRKs6H63c6ZScHSu30WlwdJca10PuaOw6kUS8+8NgGoTM6EEL\/iGpUGKZDRPOSrSaO1EzIgUat4tPz1jNP77yXzl++\/KXlg43EyAlQZOnRr\/NFgfM4gzLfr7lDMDA3E0lRT+v95g78gwDuwXQ7BBPnvAls+NQwZbP7V0m0BvQjEB6p0fzqeSFPDpYbzQ0ZX6GjzMOnlKuf61RRwzVqCy8gfKQUs3skC1gvLgCV41uMUPTEfGnxmlKSMMVedbAmX+sTsKmnVgrA25Xxx44Rnz4aF\/zFkDRBzvExZFLH6OXGMRXTSfsHLF31OKw0QjcHdXKZOHlLQlo\/rph7r52bcX5wKB3t7XosUhaCCO8kIb3nCkluBB+sXwJFoKumEHcqAVe9Z4M3C6DXD1eVQo5daa5wFvH9M6HZwbTveh7JVbvVN9W+ACJJ82iXxyheKmXUZCNDVrtQaESdZ59LGHrlE2HGCg9gGl6VFzZLygZFAEjriuVbNilai2NxLiYx9gUajnBWGV8FEvryyeJFk\/CE6DTkT5\/Kza\/2Cu73O0Rb9icER0MPyduoWRXyUIUkVQogDMSeWnU3q93wChqd9rGdeB4XXoIzzAE+R\/SRKrrCLHUwPWEq20rYRcseqENqusBQFpiEpsgV0CsZ5TY3+f7Z7A3Y\/FdWIGrpWpaXY666wWyBIvkxWFWygO7Vx3zPMA3tnlzCspk3L3LaW0mn2EnnX30PeY5vR3upafUEAXSo6G6QdKCFC0FARyFx\/T+JPasg5u4ToWCOaORH2gHwo="}
02146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1626168078674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_msec":1626168078674,"pkt":"WNVuaKQA8BiYFWV8CABFAgT+AABAAEAGnGLAqAF5NGKjEtC0AbvnBmXsyo5yyVAYEACH9AAAFwMDBNEAAAAAAAAA3P9mE\/WxzRlzhJVvrME7arSt4cc4b80\/fLZ45lg2jTLN+h8OznVOp0v0YJHlvGb6zo1R0y0127nCMLhWICtDPy2FtY028GLgaBdr\/YLaP88jpPC2wcimHwfty2x4WKI+LPeYoEPRAYicmmTAxPlFzZuaf1iKs+Yu1pMdI4311+rTrqclcjjttiygU+MPtoh4rbcQQi4hllQZ9bpYWoVqJ+iSt2BigYH05vsyHmu879GAhVkohrBF89b4NLKyNAMo0\/QxqgG1rqZTGisx7FjNs8y8uxtw5iKWrSpnhwqsK8HdkzdODGF90yeLdn3CCNJgdm3aNHt1MWZ4JOUy5GzAb47y2cy051il96yYxnPjPoqHZ+sb8GqydD+Wdtw8hwTtkDW7xa7mACJTwuWOIU79l2oDnl63ylL8+JOFMkvCyqpvRSJQTp84k5efBKX3KzQjur4Xu79lO0LFF2NRDD6HkdNIzdZ6GrjQ6cfeKSx84X\/NzyeoBGfExOO\/4zYWpKYV5emN2qK2WwFz9V6yUT4FYCEpMENn4zKRUt2gX3+QJ3UggRDfQ8Atlul6XoqofW\/JfCf+PszhgtXLpc9QxVs3UVfeC+BCBsI\/evJsy+X2zvUBACJp1Cao7EAa\/un53A8cu1w+QQ\/3\/qpgFcwuebDk+bTd2XwEmQcRY5ntXb11cm+t6EgiuWMc8LtkZLW4g6Qk7C3exETENqr8qaKtA57iz69EbEaWfUTp590Cm1yhdVWnzQVccpyZRGULka\/D5PTiR6o3UCqpNAg8I43q9sRPGdaOzmk6LqC8kGMMj1N8P2DVYvcwJb3HB14BO5Blfb4kQNaSZCX81P5eekubMcrCkaYeLnnSigA4c2KBCJI0\/apWCuj0F93qKZChgzKT77EQe9PNeEwH9qa2yEnfxe42M9M\/dR+ZqezhwWXFtPpr0H\/z1rdkNoyBVAssfrasWrQx8flrDgnBIYD1460XCzVYLXxrhZgLoJb3EnAJ7vXCxsY0pXppBEZDDdim91oHmoHdPCYl0He7JYRSbPjtQSoUoTzcJp7PxKyOdGVLYBgNJz7zY+ZgHgZgGwjl0V0nqegEjC35a9y8SnKE63ljmDCyN8pWus5ViXGLvQ2Q\/1YgRAjjfufkIFVVjlXa01yHVzB76HDZ1tJk9CCm9ap34gzfAiHToNIXmogCeGqn2CdKyBeaiMSGkpYWcPn2x5217jPoRlFNQrlxxA+bM2VQvFdzsWSjAthvEYT8M0NKxSkvF5fH3eNJZYaUGLIiBrgIGbm4pAM\/x0xPOGKmtUmoLltnDzmkCbUcHYiWy3Y7nJHL865N2SK80a9Zp+7VINzLRf\/Ervx7NR7ytI7hPsERS2gR+t5ngZO4VMBVWlnWrW+Q0k4Q1KqCHh7RRwRxv5sH62zb+RmG6I1XbjkIiH\/fDv5F+LoUplAhBWHtQdc4gcY6R330O9wWahGV3oVm2bRxt8RZJJruLD1DYhwwT99J89GgAfYqHkYbcpYCi6LHqYqrQ6UmOTNERlSpwcXx4Ujj\/ftQuU3MAdSrHpDwvlJG8V3434OyaQQ78dblNHDOqOcIm3UL5vFVeeu11Ar10lwqpNk+NFgn+2DriZe1BIfTkQZAL4Pitnn2QjlLKFQ="}
00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1626168078676,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1626168078676,"pkt":"8BiYFWV8WNVuaKQACABFAACFmUUAAHgR1vEICAgIwKgBeQA1yx4AcZEiotGBgAABAAEAAAAAAzIzNQIzMwIyMgEyB2luLWFkZHIEYXJwYQAADAABwAwADAABAABT5QAzDGEyLTIyLTMzLTIzNQZkZXBsb3kGc3RhdGljEmFrYW1haXRlY2hub2xvZ2llcwNjb20A"}
00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1626168078653,"flow_last_seen":1626168078676,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1626168078676,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"235.33.22.2.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00676{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":155,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11827,"flow_avg_l4_payload_len":369,"midstream":1,"thread_ts_msec":1626168078741,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}}
00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11827,"flow_avg_l4_payload_len":369,"midstream":1,"thread_ts_msec":1626168078741,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}}
00676{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":182,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12751,"flow_avg_l4_payload_len":398,"midstream":1,"thread_ts_msec":1626168078815,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}}
00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1626168078673,"flow_last_seen":1626168078815,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12751,"flow_avg_l4_payload_len":398,"midstream":1,"thread_ts_msec":1626168078815,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079158,"flow_last_seen":1626168079158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168079158,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1626168079158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168079158,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KaAbvsuitsAAAAALAC\/\/8ZDgAAAgQFtAEDAwYBAQgKPdH+3gAAAAAEAgAA"}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079191,"flow_last_seen":1626168079191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168079191,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1626168079191,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168079191,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KbAbvR3yLxAAAAALAC\/\/88QgAAAgQFtAEDAwYBAQgKPdH+\/wAAAAAEAgAA"}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1626168079206,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168079206,"pkt":"8BiYFWV8WNVuaKQACABFAAA0JA1AAG0G9PUocQovwKgBeQG70ppkHrV27LorbYAS\/\/90QAAAAgQFoAEDAwgBAQQC"}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1626168079207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168079207,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KaAbvsuittZB61d1AQEACk\/wAA"}
00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079158,"flow_last_seen":1626168079207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168079207,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1626168079243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168079243,"pkt":"8BiYFWV8WNVuaKQACABFAAA0S\/NAAG0GzQ8ocQovwKgBeQG70pvEiS5w0d8i8oAS\/\/++MAAAAgQFoAEDAwgBAQQC"}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1626168079243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168079243,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KbAbvR3yLyxIkucVAQEADu7wAA"}
00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079191,"flow_last_seen":1626168079243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168079243,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":246,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168079158,"flow_last_seen":1626168079255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168079255,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1626168079191,"flow_last_seen":1626168079297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":547,"midstream":0,"thread_ts_msec":1626168079297,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079361,"flow_last_seen":1626168079361,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168079361,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1626168079361,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168079361,"pkt":"WNVuaKQA8BiYFWV8CABFAABM2zIAAEARlFXAqAF5Ef02+8RwAHsAOAx5IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079361,"flow_last_seen":1626168079361,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168079361,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1626168079391,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168079391,"pkt":"8BiYFWV8WNVuaKQACABFAABMVlxAADcR4isR\/Tb7wKgBeQB7xHAAOKCnJAED6wAAAAAAAAAMU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mPcazl\/+SX2Y9xr5E6"}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079905,"flow_last_seen":1626168079905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168079905,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1626168079905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168079905,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KcAbuMyd8CAAAAALAC\/\/\/ChQAAAgQFtAEDAwYBAQgKPdIBvwAAAAAEAgAA"}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168079937,"flow_last_seen":1626168079937,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168079937,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1626168079937,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168079937,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KdAbvq1sJRAAAAALAC\/\/+BCAAAAgQFtAEDAwYBAQgKPdIB3wAAAAAEAgAA"}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1626168079957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168079957,"pkt":"8BiYFWV8WNVuaKQACABFAAA0g1dAAG0GlasocQovwKgBeQG70pxuzvrNjMnfA4AS\/\/\/QkQAAAgQFoAEDAwgBAQQC"}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1626168079957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168079957,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KcAbuMyd8Dbs76zlAQEAABUQAA"}
00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079905,"flow_last_seen":1626168079957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168079957,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1626168079986,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168079986,"pkt":"8BiYFWV8WNVuaKQACABFAAA0TOVAAG0GzB0ocQovwKgBeQG70p13uqY86tbCUoAS\/\/\/a2QAAAgQFoAEDAwgBAQQC"}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1626168079986,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168079986,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KdAbvq1sJSd7qmPVAQEAALmQAA"}
00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168079937,"flow_last_seen":1626168079986,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168079986,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":275,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1626168079905,"flow_last_seen":1626168080007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1626168080007,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168079937,"flow_last_seen":1626168080036,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168080036,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080092,"flow_last_seen":1626168080092,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168080092,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1626168080092,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168080092,"pkt":"WNVuaKQA8BiYFWV8CABFAABMx3MAAEARqBTAqAF5Ef02+\/5LAHsAONKdIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080092,"flow_last_seen":1626168080092,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168080092,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1626168080122,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168080122,"pkt":"8BiYFWV8WNVuaKQACABFAABMV31AADcR4QoR\/Tb7wKgBeQB7\/ksAOLQqJAED6wAAAAAAAAANU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mQLKsA6OSX2ZAsrLL1"}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080539,"flow_last_seen":1626168080539,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168080539,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1626168080539,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168080539,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KeAbvRcN5sAAAAALAC\/\/97\/QAAAgQFtAEDAwYBAQgKPdIENAAAAAAEAgAA"}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080569,"flow_last_seen":1626168080569,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1626168080569,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1626168080569,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1626168080569,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KfAbtYRRqJAAAAALAC\/\/+47QAAAgQFtAEDAwYBAQgKPdIEUgAAAAAEAgAA"}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1626168080587,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168080587,"pkt":"8BiYFWV8WNVuaKQACABFAAA0frdAAG0GmksocQovwKgBeQG70p4gI5AJ0XDebYAS\/\/9F7gAAAgQFoAEDAwgBAQQC"}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1626168080587,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168080587,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KeAbvRcN5tICOQClAQEAB2rQAA"}
00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168080539,"flow_last_seen":1626168080587,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168080587,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1626168080617,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168080617,"pkt":"8BiYFWV8WNVuaKQACABFAAA0hXNAAG0Gk48ocQovwKgBeQG70p8W6XtBWEUaioAS\/\/+g\/gAAAgQFoAEDAwgBAQQC"}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1626168080617,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168080617,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KfAbtYRRqKFul7QlAQEADRvQAA"}
00932{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168080569,"flow_last_seen":1626168080617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1626168080617,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168080539,"flow_last_seen":1626168080639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168080639,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
01414{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1626168080569,"flow_last_seen":1626168080666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":625,"midstream":0,"thread_ts_msec":1626168080666,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wdcp.microsoft.com","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3":"656b9a2f4de6ed4909e157482860ab3d","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22"}}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080732,"flow_last_seen":1626168080732,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168080732,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1626168080732,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168080732,"pkt":"WNVuaKQA8BiYFWV8CABFAABMaD0AAEARB0vAqAF5Ef02+94hAHsAOPLHIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168080732,"flow_last_seen":1626168080732,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168080732,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}}
00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1626168080762,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1626168080762,"pkt":"8BiYFWV8WNVuaKQACABFAABMWKVAADcR3+IR\/Tb7wKgBeQB73iEAOEmOJAED6wAAAAAAAAAOU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mQ0KMdvOSX2ZDQo9j2"}
00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168081935,"flow_last_seen":1626168081935,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1626168081935,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1626168081935,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1626168081935,"pkt":"8BiYFWV8WNVuaKQACABFAgBT\/jUAADoGG+iC0yGRwKgBeQG70LhXNR5OnF8A9oAYAQrx0QAAAQEICrTFhOw90eMiFwMDABoAAAAAAAAALjbyzjKtkrWGo0S+7wFfhufrwQ=="}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1626168081936,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1626168081936,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAG1D7AqAF5gtMhkdC4AbucXwD2VzUebYAQCAChqQAAAQEICj3SCZ60xYTs"}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1626168081936,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1626168081936,"pkt":"WNVuaKQA8BiYFWV8CABFAgBXAABAAEAG1BnAqAF5gtMhkdC4AbucXwD2VzUebYAYCABxCwAAAQEICj3SCZ60xYTsFwMDAB6jdVHReZkUes0n0uJUluEta6fWXjhtBJq5oBbOx1I="}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077441,"flow_last_seen":1626168077507,"flow_idle_time":180000,"flow_min_l4_payload_len":73,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Azure","breed":"Acceptable","category":"Cloud"}}
00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626168076607,"flow_last_seen":1626168076607,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00836{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077620,"flow_last_seen":1626168077673,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":2155,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"}}
00836{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077660,"flow_last_seen":1626168077704,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":2392,"flow_avg_l4_payload_len":217,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.Microsoft","breed":"Safe","category":"Download"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077604,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077413,"flow_last_seen":1626168077486,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077619,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168079361,"flow_last_seen":1626168079391,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626168076015,"flow_last_seen":1626168076015,"flow_idle_time":180000,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168075993,"flow_last_seen":1626168077017,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077415,"flow_last_seen":1626168077439,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1626168078653,"flow_last_seen":1626168079674,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077590,"flow_last_seen":1626168077622,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"}}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168080732,"flow_last_seen":1626168080762,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168080092,"flow_last_seen":1626168080122,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1626168075664,"flow_last_seen":1626168076674,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":1180,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1626168078673,"flow_last_seen":1626168079052,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":29308,"flow_avg_l4_payload_len":407,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}}
00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1626168078673,"flow_last_seen":1626168078826,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":17628,"flow_avg_l4_payload_len":326,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"}}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168074745,"flow_last_seen":1626168074928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}}
00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168074745,"flow_last_seen":1626168074928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077604,"flow_last_seen":1626168077633,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168077469,"flow_last_seen":1626168077750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168077506,"flow_last_seen":1626168077753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168079158,"flow_last_seen":1626168079311,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168079191,"flow_last_seen":1626168079355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1626168079905,"flow_last_seen":1626168080098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":364,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168079937,"flow_last_seen":1626168080098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168080539,"flow_last_seen":1626168080694,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
00702{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1626168080569,"flow_last_seen":1626168080730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4378,"flow_avg_l4_payload_len":398,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077750,"flow_last_seen":1626168077780,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
00675{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168081935,"flow_last_seen":1626168081946,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":16,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}}
00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168081935,"flow_last_seen":1626168081946,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":16,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00608{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1626168075993,"flow_last_seen":1626168077017,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip6","src_ip":"fe80::1059:a858:f9e7:cf94","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077734,"flow_last_seen":1626168077848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":7,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00598{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626168077734,"flow_last_seen":1626168077848,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":7,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00622{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1626168074926,"flow_last_seen":1626168076790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4712,"flow_avg_l4_payload_len":362,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00607{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1626168074926,"flow_last_seen":1626168076790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4712,"flow_avg_l4_payload_len":362,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077735,"flow_last_seen":1626168077749,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":94,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
00579{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","packets-captured":315,"packets-processed":315,"total-skipped-flows":0,"total-l4-data-len":95708,"total-not-detected-flows":1,"total-guessed-flows":5,"total-detected-flows":31,"total-detection-updates":24,"total-updates":0,"current-active-flows":0,"total-active-flows":35,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":218,"global_ts_msec":1626168081946}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 315/315
~~ skipped flows.............: 0
~~ total layer4 data length..: 95708 bytes
~~ total detected protocols..: 31
~~ total active/idle flows...: 35/35
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 5251476 bytes
~~ total memory freed........: 5251476 bytes
~~ total allocations/frees...: 113845/113845
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 461 chars
~~ json string max len.......: 2445 chars
~~ json string avg len.......: 1453 chars