aboutsummaryrefslogtreecommitdiff
path: root/test/results/bad-dns-traffic.pcap.out
blob: 589180ebc5d9ab5d54574fac327042679004cd82 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1486012623234,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00526{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012623,"pkt_ts_usec":234684,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3821AAEARVP\/AqCtbBAICBIx+ADUAYyoIa68BAAABAAAAAAAAODA1ZTEwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1486012623234,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00525{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012624,"pkt_ts_usec":242985,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB38+5AAEARVH7AqCtbBAICBIx+ADUAY73N0g0BAAABAAAAAAAAODk1ODcwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
00777{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1486012623234,"flow_last_seen":1486012624242,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00570{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012624,"pkt_ts_usec":325522,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"5LMYS\/DDAhoR+f4qCABFAACaAABAADMRVUoEAgIEwKgrWwA1jH4AhhPK0g2BgAABAAEAAAAAODk1ODcwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAcAMAA8AAQAAADwAFwAKEjYzNGYwMGE2MjEwMTBhMDAwMMBF"}
00780{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1486012623234,"flow_last_seen":1486012624325,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00472{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012624,"pkt_ts_usec":325823,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR8\/FAAEARVKHAqCtbBAICBIx+ADUAPZ97lHsBAAABAAAAAAAAEjdjZDUwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAQAAE="}
00741{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1486012623234,"flow_last_seen":1486012624325,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"7cd501a621c362010a.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00513{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012624,"pkt_ts_usec":382053,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"5LMYS\/DDAhoR+f4qCABFAABwAABAADMRVXQEAgIEwKgrWwA1jH4AXFjwlHuBgAABAAEAAAAAEjdjZDUwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAQAAHADAAQAAEAAAA8ABMSOTZiMjAxYTYyMTAxMGFjMzYy"}
00741{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1486012623234,"flow_last_seen":1486012624382,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":445,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"7cd501a621c362010a.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00472{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012625,"pkt_ts_usec":339317,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR9NNAAEARU7\/AqCtbBAICBIx+ADUAPZVqopQBAAABAAAAAAAAEmIxMWMwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAQAAE="}
00741{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1486012623234,"flow_last_seen":1486012625339,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":498,"flow_avg_l4_payload_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"b11c01a621c362010a.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00513{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012625,"pkt_ts_usec":434289,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"5LMYS\/DDAhoR+f4qCABFAABwAABAADMRVXQEAgIEwKgrWwA1jH4AXFDmopSBgAABAAEAAAAAEmIxMWMwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAQAAHADAAQAAEAAAA8ABMSZTE0MDAxYTYyMTAxMGFjMzYy"}
00471{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012626,"pkt_ts_usec":390267,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR9a9AAEARUuPAqCtbBAICBIx+ADUAPeaXV2gBAAABAAAAAAAAEjBhYjgwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAFAAE="}
00517{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012626,"pkt_ts_usec":493531,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"5LMYS\/DDAhoR+f4qCABFAAByAABAADMRVXIEAgIEwKgrWwA1jH4AXiCIV2iBgAABAAEAAAAAEjBhYjgwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAFAAHADAAFAAEAAAA8ABUSMGUzZDAxYTYyMTAxMGFjMzYywB8="}
00473{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012627,"pkt_ts_usec":398898,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR9gVAAEARUo3AqCtbBAICBIx+ADUAPanQuVgBAAABAAAAAAAAEjc3MjMwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
00523{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012627,"pkt_ts_usec":473940,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"5LMYS\/DDAhoR+f4qCABFAAB0AABAADMRVXAEAgIEwKgrWwA1jH4AYJvzuViBgAABAAEAAAAAEjc3MjMwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChJkMDFiMDFhNjIxMDEwYWMzNjLAHw=="}
00608{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012628,"pkt_ts_usec":443874,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"pkt":"AhoR+f4q5LMYS\/DDCABFAAC09opAAEARUaXAqCtbBAICBIx+ADUAoBwVmRMBAAABAAAAAAAAPGI3M2YwMWE2MjFjMzYyMDEwYTU3NjU2YzYzNmY2ZDY1MjA3NDZmMjA2NDZlNzM2MzYxNzAyMTIwNTQ2ODg2NTIwNjY2YzYxNjcyMDY5NzMyMDYyNjU2YzZmNzcyYzIwNjg2MTc2NjUyMDY2NzU2ZTIxMjEwYQxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
00656{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012628,"pkt_ts_usec":521830,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"5LMYS\/DDAhoR+f4qCABFAADXAABAADMRVQ0EAgIEwKgrWwA1jH4Awx2PmROBgAABAAEAAAAAPGI3M2YwMWE2MjFjMzYyMDEwYTU3NjU2YzYzNmY2ZDY1MjA3NDZmMjA2NDZlNzM2MzYxNzAyMTIwNTQ2ODg2NTIwNjY2YzYxNjcyMDY5NzMyMDYyNjU2YzZmNzcyYzIwNjg2MTc2NjUyMDY2NzU2ZTIxMjEwYQxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChJhZWIxMDFhNjIxMDEwYWMzOTPAgg=="}
00473{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012628,"pkt_ts_usec":522162,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR9pxAAEARUfbAqCtbBAICBIx+ADUAPTyE+j4BAAABAAAAAAAAEmYxZmQwMWE2MjFjMzkzMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
00523{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012628,"pkt_ts_usec":571529,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"5LMYS\/DDAhoR+f4qCABFAAB0AABAADMRVXAEAgIEwKgrWwA1jH4AYCrM+j6BgAABAAEAAAAAEmYxZmQwMWE2MjFjMzkzMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChI1NWE3MDFhNjIxMDEwYWMzOTPAHw=="}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1486012635073,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012635,"pkt_ts_usec":73060,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3+zhAAEARTTTAqCtbBAICBNwiADUAYwrvCk0BAAABAAAAAAAAODI0NDMwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1486012635073,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00525{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012636,"pkt_ts_usec":79520,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3+7NAAEARTLnAqCtbBAICBNwiADUAY1S7n3sBAAABAAAAAAAAODZiNTAwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="}
00777{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1486012635073,"flow_last_seen":1486012636079,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"6b5000fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00526{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012637,"pkt_ts_usec":85359,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3\/ElAAEARTCPAqCtbBAICBNwiADUAY0RMqrgBAAABAAAAAAAAOGUxOGYwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="}
00777{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1486012635073,"flow_last_seen":1486012637085,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":273,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00526{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012638,"pkt_ts_usec":93433,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3\/K5AAEARS77AqCtbBAICBNwiADUAY1PDy0gBAAABAAAAAAAAODQ2YjEwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="}
00777{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1486012635073,"flow_last_seen":1486012638093,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":364,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"46b100fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00528{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012639,"pkt_ts_usec":101974,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3\/ZNAAEARStnAqCtbBAICBNwiADUAY\/RRFrgBAAABAAAAAAAAOGM3NTkwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAABAAAQ=="}
00778{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1486012635073,"flow_last_seen":1486012639101,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":455,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00567{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012639,"pkt_ts_usec":174914,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"5LMYS\/DDAhoR+f4qCABFAACWAABAADMRVU4EAgIEwKgrWwA13CIAgtZjFriBgAABAAEAAAAAOGM3NTkwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAABAAAcAMABAAAQAAADwAExI2ZTE3MDBmZGY1NDE3ZDAwMDA="}
00780{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1486012635073,"flow_last_seen":1486012639174,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":577,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00473{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012639,"pkt_ts_usec":175147,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR\/aBAAEARSvLAqCtbBAICBNwiADUAPVKHMO0BAAABAAAAAAAAEjJhN2IwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
00522{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012639,"pkt_ts_usec":238003,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"5LMYS\/DDAhoR+f4qCABFAAB0AABAADMRVXAEAgIEwKgrWwA13CIAYAA+MO2BgAABAAEAAAAAEjJhN2IwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChJjZWZiMDFmZGY1NDE3ZDI1MzLAHw=="}
00473{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012640,"pkt_ts_usec":199072,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR\/oFAAEARShHAqCtbBAICBNwiADUAPZ+EE+4BAAABAAAAAAAAEjM4OGUwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAFAAE="}
00474{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012641,"pkt_ts_usec":205738,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR\/3pAAEARSRjAqCtbBAICBNwiADUAPRScyK4BAAABAAAAAAAAEjA4YzAwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAQAAE="}
00515{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012641,"pkt_ts_usec":318910,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"5LMYS\/DDAhoR+f4qCABFAABwAABAADMRVXQEAgIEwKgrWwA13CIAXMSoyK6BgAABAAEAAAAAEjA4YzAwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAQAAHADAAQAAEAAAA8ABMSYjQyZTAxZmRmNTQxN2QyNTMy"}
00474{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012642,"pkt_ts_usec":224493,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR\/69AAEARSOPAqCtbBAICBNwiADUAPWEvi0IBAAABAAAAAAAAEjUwNzQwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAFAAE="}
00519{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012642,"pkt_ts_usec":281373,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"5LMYS\/DDAhoR+f4qCABFAAByAABAADMRVXIEAgIEwKgrWwA13CIAXlbsi0KBgAABAAEAAAAAEjUwNzQwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAFAAHADAAFAAEAAAA8ABUSYWM2YjAxZmRmNTQxN2QyNTMywB8="}
00473{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012643,"pkt_ts_usec":238555,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRAC9AAEARSGTAqCtbBAICBNwiADUAPaQHCm0BAAABAAAAAAAAEjc2MmIwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
00523{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012643,"pkt_ts_usec":293987,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"5LMYS\/DDAhoR+f4qCABFAAB0AABAADMRVXAEAgIEwKgrWwA13CIAYLAaCm2BgAABAAEAAAAAEjc2MmIwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChIyOTkyMDFmZGY1NDE3ZDI1MzLAHw=="}
00786{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":274,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1486012635073,"flow_last_seen":1486012691087,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":61305,"flow_avg_l4_payload_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1486012730177,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00529{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012730,"pkt_ts_usec":177697,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3Lk5AAEARGh\/AqCtbBAICBLdxADUAYz49\/HsBAAABAAAAAAAAOGEwNTcwMGU2ZGE4MzUxMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1486012730177,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00573{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012730,"pkt_ts_usec":381593,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"5LMYS\/DDAhoR+f4qCABFAACaAABAADMRVUoEAgIEwKgrWwA1t3EAhvb+\/HuBgAABAAEAAAAAOGEwNTcwMGU2ZGE4MzUxMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAcAMAA8AAQAAADwAFwAKEmRlNjkwMGU2ZGE2ZWEyMDAwMMBF"}
00782{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1486012730177,"flow_last_seen":1486012730381,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00473{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012730,"pkt_ts_usec":381905,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRLntAAEARGhjAqCtbBAICBLdxADUAPY6IeT8BAAABAAAAAAAAEmI1NDEwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
00743{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":371,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_first_seen":1486012730177,"flow_last_seen":1486012730381,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"b54101e6da83516ea2.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00523{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012730,"pkt_ts_usec":437815,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"5LMYS\/DDAhoR+f4qCABFAAB0AABAADMRVXAEAgIEwKgrWwA1t3EAYGtAeT+BgAABAAEAAAAAEmI1NDEwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChI1YzRmMDFlNmRhNmVhMjgzNTHAHw=="}
00743{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":372,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1486012730177,"flow_last_seen":1486012730437,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"b54101e6da83516ea2.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00473{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012731,"pkt_ts_usec":395086,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRL1lAAEARGTrAqCtbBAICBLdxADUAPbE6V7kBAAABAAAAAAAAEjMxNzMwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAQAAE="}
00743{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_first_seen":1486012730177,"flow_last_seen":1486012731395,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":411,"flow_avg_l4_payload_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"317301e6da83516ea2.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00515{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012731,"pkt_ts_usec":485911,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"5LMYS\/DDAhoR+f4qCABFAABwAABAADMRVXQEAgIEwKgrWwA1t3EAXCh8V7mBgAABAAEAAAAAEjMxNzMwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAQAAHADAAQAAEAAAA8ABMSYzQ5MzAxZTZkYTZlYTI4MzUx"}
00743{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":374,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1486012730177,"flow_last_seen":1486012731485,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":495,"flow_avg_l4_payload_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"317301e6da83516ea2.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00736{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012732,"pkt_ts_usec":414191,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"pkt":"AhoR+f4q5LMYS\/DDCABFAAEUL4lAAEARGEfAqCtbBAICBLdxADUBAJjrdSEBAAABAAAAAAAAPGFjZTMwMWU2ZGE4MzUxNmVhMjQ3NmY2ZjY0MjA2Yzc1NjM2YjIxMjA1NDY4NjE3NDIwNzc2MTczMjA2NDw2ZTczNjM2MTc0MzIyMDc0NzI2MTY2NjY2OTYzMjA2ZjZlMjA2MTIwNjY2YzYxNmI3OTIwNjM2ZjZlNmU8NjU2Mzc0Njk2ZjZlMjA3NzY5NzQ2ODIwNmM2Zjc0NzMyMDZmNjYyMDcyNjUyZDc0NzI2MTZlNzM2ZDY5Hjc0NzMyZTIwNTM2NTcyNjk2Zjc1NzM2Yzc5MmMyMAxza3VsbHNlY2xhYnMDb3JnAAAFAAE="}
00780{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012732,"pkt_ts_usec":501587,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"pkt":"5LMYS\/DDAhoR+f4qCABFAAE1AABAADMRVK8EAgIEwKgrWwA1t3EBIdVsdSGBgAABAAEAAAAAPGFjZTMwMWU2ZGE4MzUxNmVhMjQ3NmY2ZjY0MjA2Yzc1NjM2YjIxMjA1NDY4NjE3NDIwNzc2MTczMjA2NDw2ZTczNjM2MTc0MzIyMDc0NzI2MTY2NjY2OTYzMjA2ZjZlMjA2MTIwNjY2YzYxNmI3OTIwNjM2ZjZlNmU8NjU2Mzc0Njk2ZjZlMjA3NzY5NzQ2ODIwNmM2Zjc0NzMyMDZmNjYyMDcyNjUyZDc0NzI2MTZlNzM2ZDY5Hjc0NzMyZTIwNTM2NTcyNjk2Zjc1NzM2Yzc5MmMyMAxza3VsbHNlY2xhYnMDb3JnAAAFAAHADAAFAAEAAAA8ABUSOWIxZjAxZTZkYTZlYTI4M2IxwOI="}
00511{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012732,"pkt_ts_usec":501994,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"AhoR+f4q5LMYS\/DDCABFAABtL5BAAEARGOfAqCtbBAICBLdxADUAWY4gBY0BAAABAAAAAAAALjY0NWIwMWU2ZGE4M2IxNmVhMjY3NmY2ZjY0MjA2Yzc1NjM2YjJlMjAzYTI5MGEMc2t1bGxzZWNsYWJzA29yZwAAEAAB"}
00557{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012732,"pkt_ts_usec":559040,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"pkt":"5LMYS\/DDAhoR+f4qCABFAACMAABAADMRVVgEAgIEwKgrWwA1t3EAeLH5BY2BgAABAAEAAAAALjY0NWIwMWU2ZGE4M2IxNmVhMjY3NmY2ZjY0MjA2Yzc1NjM2YjJlMjAzYTI5MGEMc2t1bGxzZWNsYWJzA29yZwAAEAABwAwAEAABAAAAPAATEmFkYTYwMWU2ZGE2ZWEyODNiZg=="}
00474{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012732,"pkt_ts_usec":559413,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRL5NAAEARGQDAqCtbBAICBLdxADUAPXWyLhQBAAABAAAAAAAAEjMzN2EwMWU2ZGE4M2JmNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAQAAE="}
00516{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012732,"pkt_ts_usec":620037,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"5LMYS\/DDAhoR+f4qCABFAABwAABAADMRVXQEAgIEwKgrWwA1t3EAXPaPLhSBgAABAAEAAAAAEjMzN2EwMWU2ZGE4M2JmNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAQAAHADAAQAAEAAAA8ABMSMjEzZTAxZTZkYTZlYTI4M2Jm"}
00474{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012733,"pkt_ts_usec":574897,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRMElAAEARGErAqCtbBAICBLdxADUAPeYHvL4BAAABAAAAAAAAEjU0NWIwMWU2ZGE4M2JmNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
00524{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012733,"pkt_ts_usec":669835,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"5LMYS\/DDAhoR+f4qCABFAAB0AABAADMRVXAEAgIEwKgrWwA1t3EAYDm3vL6BgAABAAEAAAAAEjU0NWIwMWU2ZGE4M2JmNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChJhOGRkMDFlNmRhNmVhMjgzYmbAHw=="}
00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":14,"flow_first_seen":1486012730177,"flow_last_seen":1486012733669,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1486012635073,"flow_last_seen":1486012727540,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":61305,"flow_avg_l4_payload_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1486012623234,"flow_last_seen":1486012630741,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":1620,"flow_avg_l4_payload_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00136{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test"}
Powered by cgit, Themed by Ted Yin.