1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1656230932729365}
00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230932729365,"flow_src_last_pkt_time":1656230932729365,"flow_dst_last_pkt_time":1656230932729365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656230932729365,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"142.251.42.106","src_port":55512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656230932729365,"flow_dst_last_pkt_time":1656230932729365,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656230932729365,"pkt":"ABoRAAACABoRAAABCABFAAA0l3RAAEAGWO8KnoZdjvsqatjYAbtyVk7QfkNIjoAUAYa94wAAAQEICgCjbMKzFenn"}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230932996308,"flow_src_last_pkt_time":1656230932996308,"flow_dst_last_pkt_time":1656230932996308,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230932996308,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"159.138.85.48","src_port":42344,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1656230932996308,"flow_dst_last_pkt_time":1656230932996308,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656230932996308,"pkt":"ABoRAAACABoRAAABCABFAAA8oR5AAEAGmtoKCAABn4pVMKVoFGctlswbAAAAAKAC\/\/8oEgAAAgQFtAQCCAoAo20FAAAAAAEDAwg="}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1656230932996308,"flow_dst_last_pkt_time":1656230932998884,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230932998884,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAGbAufilUwCggAARRnpWjSaTPkLZbMHFAS\/\/\/3PgAA"}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1656230932998966,"flow_dst_last_pkt_time":1656230932998884,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230932998966,"pkt":"ABoRAAACABoRAAABCABFAAAooR9AAEAGmu0KCAABn4pVMKVoFGctlswc0mkz5VAQ\/\/\/3PwAA"}
00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1656230933100033,"flow_dst_last_pkt_time":1656230932998884,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":1656230933100033,"pkt":"ABoRAAACABoRAAABCABFAABtoSBAAEAGmqcKCAABn4pVMKVoFGctlswc0mkz5VAY\/\/9YrAAAJQBFFAT\/was32KlJxON2xSCJ9N6wnfb6l7qzZPr5iQc97RwrBdtMqOkQ\/9mL8viwXQjnqb8X7Z\/cCnAmUPmuRl4x12M4"}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1656230933100033,"flow_dst_last_pkt_time":1656230933100320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230933100320,"pkt":"ABoRAAACABoRAAABCABFAAAoAANAABAGbAqfilUwCggAARRnpWjSaTPlLZbMYVAQ\/\/\/2+gAA"}
00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1656230932996308,"flow_src_last_pkt_time":1656230933222761,"flow_dst_last_pkt_time":1656230933316560,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":223,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1656230933316560,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"159.138.85.48","src_port":42344,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230934073116,"flow_src_last_pkt_time":1656230934073116,"flow_dst_last_pkt_time":1656230934073116,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230934073116,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1656230934073116,"flow_dst_last_pkt_time":1656230934073116,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656230934073116,"pkt":"ABoRAAACABoRAAABCABFAAA8zCNAAEAGtn8KCAABnfAQIJ0WAbspbaIxAAAAAKAC\/\/+2wAAAAgQFtAQCCAoAo24SAAAAAAEDAwg="}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1656230934073116,"flow_dst_last_pkt_time":1656230934076154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230934076154,"pkt":"ABoRAAACABoRAAABCABFAAAoAAdAABAGsrCd8BAgCggAAQG7nRbWkl3OKW2iMlAS\/\/9Y5wAA"}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1656230934076232,"flow_dst_last_pkt_time":1656230934076154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230934076232,"pkt":"ABoRAAACABoRAAABCABFAAAozCRAAEAGtpIKCAABnfAQIJ0WAbspbaIy1pJdz1AQ\/\/9Y6AAA"}
01090{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1656230934082073,"flow_dst_last_pkt_time":1656230934076154,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_usec":1656230934082073,"pkt":"ABoRAAACABoRAAABCABFAAG+zCVAAEAGtPsKCAABnfAQIJ0WAbspbaIy1pJdz1AY\/\/\/tmQAAFgMBAZEBAAGNAwPstd6ZfDEq67StOOayp6oI0yRJl3Pj1rlxAPwX8sKCOCB8KpZ1DHiKwkVZtmEaFeU9dMQerRLZGYPmD+Q8xRxFywACEwEBAAFCAA0ABAACBAMACgAEAAIAFwAtAAIBAQArAAUEAwT7GgAyAAQAAgQDAAAAGwAZAAAWbXF0dC1taW5pLmZhY2Vib29rLmNvbQAzAEcARQAXAEEEgdPCnJtbjcCWk9MTifK3ufutgShnmxxZR7gmyVsf\/kMsCPFx8okn2kbXp6bDp6QBFLB5cOsESfjzhbQxjdJwlwApAK0AiACCbJHFIGZGvJ4n8wMXH9X9nAtmB0QWpH9ZsA80difHqagAAAAAUIUIqklrRvaEgiU+Fr6jdbdb+rna\/e0lx4bxP513qW9kmpNxoYnv9HDlDkORgv1\/3c\/tscu8VUnIALcsBju\/hW5psYR6aE+dMGIuJPq9G+zDccawxJypZFKWGgTLcZ5KdUoAISBUGf15FkIdy4M8WdLwtoD9utZ56Nx\/M\/HgL3QcebgbXg=="}
01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656230934073116,"flow_src_last_pkt_time":1656230934082073,"flow_dst_last_pkt_time":1656230934076154,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":406,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":406,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230934082073,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Messenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"mqtt-mini.facebook.com","tls": {"version":"TLSv1.2","ja3":"159db30fc8fac7fb58bcaeee8785a687","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1656230934082073,"flow_dst_last_pkt_time":1656230934082254,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230934082254,"pkt":"ABoRAAACABoRAAABCABFAAAoAAhAABAGsq+d8BAgCggAAQG7nRbWkl3PKW2jyFAQ\/\/9XUgAA"}
01341{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656230934073116,"flow_src_last_pkt_time":1656230934082073,"flow_dst_last_pkt_time":1656230934194130,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":406,"flow_dst_max_l4_payload_len":236,"flow_src_tot_l4_payload_len":406,"flow_dst_tot_l4_payload_len":236,"midstream":0,"thread_ts_usec":1656230934194130,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Messenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"mqtt-mini.facebook.com","tls": {"version":"TLSv1.3","ja3":"159db30fc8fac7fb58bcaeee8785a687","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}}
00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230934714151,"flow_src_last_pkt_time":1656230934714151,"flow_dst_last_pkt_time":1656230934714151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656230934714151,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"216.58.196.68","src_port":40454,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1656230934714151,"flow_dst_last_pkt_time":1656230934714151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656230934714151,"pkt":"ABoRAAACABoRAAABCABFAAA0ZaRAAEAGp6UKnoZd2DrERJ4GAbvZsETuj7TO0IARAXlU+gAAAQEICgCjbrOWos\/v"}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1656230934714151,"flow_dst_last_pkt_time":1656230934714381,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230934714381,"pkt":"ABoRAAACABoRAAABCABFAAAoAA1AABAGPUnYOsRECp6GXQG7ngaPtM7Q2bBE71AQ\/\/9lcwAA"}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1656230934714151,"flow_dst_last_pkt_time":1656230934714509,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230934714509,"pkt":"ABoRAAACABoRAAABCABFAAAoAA5AABAGPUjYOsRECp6GXQG7ngaPtM7Q2bBE71AR\/\/9lcgAA"}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1656230934714523,"flow_dst_last_pkt_time":1656230934714509,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230934714523,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGDVYKnoZd2DrERJ4GAbvZsETvAAAAAFAEAADEBAAA"}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230939663767,"flow_src_last_pkt_time":1656230939663767,"flow_dst_last_pkt_time":1656230939663767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230939663767,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1656230939663767,"flow_dst_last_pkt_time":1656230939663767,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656230939663767,"pkt":"ABoRAAACABoRAAABCABFAAA8PDFAAEAGXIYKCAABaBIv6rImAbu8t0+5AAAAAKAC\/\/9xfAAAAgQFtAQCCAoAo3OIAAAAAAEDAwg="}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1656230939663767,"flow_dst_last_pkt_time":1656230939665324,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939665324,"pkt":"ABoRAAACABoRAAABCABFAAAoABFAABAGyLpoEi\/qCggAAQG7siZDSLBGvLdPulAS\/\/9Z6wAA"}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1656230939665357,"flow_dst_last_pkt_time":1656230939665324,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939665357,"pkt":"ABoRAAACABoRAAABCABFAAAoPDJAAEAGXJkKCAABaBIv6rImAbu8t0+6Q0iwR1AQ\/\/9Z7AAA"}
00789{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1656230939667804,"flow_dst_last_pkt_time":1656230939665324,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_usec":1656230939667804,"pkt":"ABoRAAACABoRAAABCABFAADiPDNAAEAGW94KCAABaBIv6rImAbu8t0+6Q0iwR1AY\/\/\/StAAAFgMBALUBAACxAwPVyRGpDqR4oXgYViJht\/LcFTYuQb0AYmLUaYESd5Yh8AAAGMArwCzMqcAvwDDMqMATwBQAnACdAC8ANQEAAHD\/AQABAAAAAB0AGwAAGGFwaS5jbG91ZGZsYXJlY2xpZW50LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"}
01151{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656230939663767,"flow_src_last_pkt_time":1656230939667804,"flow_dst_last_pkt_time":1656230939665324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230939667804,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","proto_id":"91.300","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.cloudflareclient.com","tls": {"version":"TLSv1.2","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1656230939667804,"flow_dst_last_pkt_time":1656230939667928,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939667928,"pkt":"ABoRAAACABoRAAABCABFAAAoABJAABAGyLloEi\/qCggAAQG7siZDSLBHvLdQdFAQ\/\/9ZMgAA"}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230939671699,"flow_src_last_pkt_time":1656230939671699,"flow_dst_last_pkt_time":1656230939671699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230939671699,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1656230939671699,"flow_dst_last_pkt_time":1656230939671699,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656230939671699,"pkt":"ABoRAAACABoRAAABCABFAAA83IJAAEAGvDQKCAABaBIv6rIqAbsuP68IAAAAAKAC\/\/+gnwAAAgQFtAQCCAoAo3OKAAAAAAEDAwg="}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1656230939671699,"flow_dst_last_pkt_time":1656230939672582,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939672582,"pkt":"ABoRAAACABoRAAABCABFAAAoABNAABAGyLhoEi\/qCggAAQG7sirRwFD3Lj+vCVAS\/\/9Z5wAA"}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1656230939672616,"flow_dst_last_pkt_time":1656230939672582,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939672616,"pkt":"ABoRAAACABoRAAABCABFAAAo3INAAEAGvEcKCAABaBIv6rIqAbsuP68J0cBQ+FAQ\/\/9Z6AAA"}
00788{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1656230939673366,"flow_dst_last_pkt_time":1656230939672582,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"thread_ts_usec":1656230939673366,"pkt":"ABoRAAACABoRAAABCABFAADi3IRAAEAGu4wKCAABaBIv6rIqAbsuP68J0cBQ+FAY\/\/8FKwAAFgMBALUBAACxAwNmxOOfx0bP\/3oP9IQ+gPtZVU6mOq3fhYCsfwT8M6fLDAAAGMArwCzMqcAvwDDMqMATwBQAnACdAC8ANQEAAHD\/AQABAAAAAB0AGwAAGGFwaS5jbG91ZGZsYXJlY2xpZW50LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"}
01151{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656230939671699,"flow_src_last_pkt_time":1656230939673366,"flow_dst_last_pkt_time":1656230939672582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230939673366,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","proto_id":"91.300","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.cloudflareclient.com","tls": {"version":"TLSv1.2","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1656230939673366,"flow_dst_last_pkt_time":1656230939673469,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939673469,"pkt":"ABoRAAACABoRAAABCABFAAAoABRAABAGyLdoEi\/qCggAAQG7sirRwFD4Lj+vw1AQ\/\/9ZLgAA"}
01542{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656230939663767,"flow_src_last_pkt_time":1656230939667804,"flow_dst_last_pkt_time":1656230939742468,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":2837,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":2837,"midstream":0,"thread_ts_usec":1656230939742468,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","proto_id":"91.300","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.cloudflareclient.com","tls": {"version":"TLSv1.2","server_names":"cloudflareclient.com,*.cloudflareclient.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=cloudflareclient.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E6:54:3B:82:07:1E:29:C4:57:8C:B4:9E:64:38:11:38:9B:FC:66:98"}}}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230939763960,"flow_src_last_pkt_time":1656230939763960,"flow_dst_last_pkt_time":1656230939763960,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230939763960,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"142.250.183.163","src_port":51296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1656230939763960,"flow_dst_last_pkt_time":1656230939763960,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656230939763960,"pkt":"ABoRAAACABoRAAABCABFAAA8inNAAEAGX6IKCAABjvq3o8hgAbvanPnSAAAAAKAC\/\/\/kiAAAAgQFtAQCCAoAo3OhAAAAAAEDAwg="}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1656230939763960,"flow_dst_last_pkt_time":1656230939765172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939765172,"pkt":"ABoRAAACABoRAAABCABFAAAoABZAABAGGhSO+rejCggAAQG7yGAlYwYt2pz501AS\/\/+VDwAA"}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1656230939765213,"flow_dst_last_pkt_time":1656230939765172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939765213,"pkt":"ABoRAAACABoRAAABCABFAAAoinRAAEAGX7UKCAABjvq3o8hgAbvanPnTJWMGLlAQ\/\/+VEAAA"}
00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1656230939766415,"flow_dst_last_pkt_time":1656230939765172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1656230939766415,"pkt":"ABoRAAACABoRAAABCABFAADyinVAAEAGXuoKCAABjvq3o8hgAbvanPnTJWMGLlAY\/\/9axQAAFgMBAMUBAADBAwPtpRoylcoxhyzmXxvjZsZMNdLRYAKuwrX8tJKz4HG3wQAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAAB8\/wEAAQAAAAApACcAACRjcmFzaGx5dGljc3JlcG9ydHMtcGEuZ29vZ2xlYXBpcy5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAAsACQhodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGA=="}
01161{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656230939763960,"flow_src_last_pkt_time":1656230939766415,"flow_dst_last_pkt_time":1656230939765172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230939766415,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"142.250.183.163","src_port":51296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"crashlyticsreports-pa.googleapis.com","tls": {"version":"TLSv1.2","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1656230939766415,"flow_dst_last_pkt_time":1656230939766552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939766552,"pkt":"ABoRAAACABoRAAABCABFAAAoABdAABAGGhOO+rejCggAAQG7yGAlYwYu2pz6nVAQ\/\/+URgAA"}
01542{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656230939671699,"flow_src_last_pkt_time":1656230939673366,"flow_dst_last_pkt_time":1656230939767159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":2800,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":2800,"midstream":0,"thread_ts_usec":1656230939767159,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.CloudflareWarp","proto_id":"91.300","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.cloudflareclient.com","tls": {"version":"TLSv1.2","server_names":"cloudflareclient.com,*.cloudflareclient.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=cloudflareclient.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E6:54:3B:82:07:1E:29:C4:57:8C:B4:9E:64:38:11:38:9B:FC:66:98"}}}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230939817793,"flow_src_last_pkt_time":1656230939817793,"flow_dst_last_pkt_time":1656230939817793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230939817793,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.217.194.188","src_port":43600,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1656230939817793,"flow_dst_last_pkt_time":1656230939817793,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656230939817793,"pkt":"ABoRAAACABoRAAABCABFAAA816BAAEAG6XwKCAABrNnCvKpQFGzl+aQLAAAAAKAC\/\/8RUAAAAgQFtAQCCAoAo3OrAAAAAAEDAwg="}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1656230939817793,"flow_dst_last_pkt_time":1656230939818817,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939818817,"pkt":"ABoRAAACABoRAAABCABFAAAoABtAABAG8Ras2cK8CggAARRsqlAaBlv05fmkDFAS\/\/93dgAA"}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1656230939818992,"flow_dst_last_pkt_time":1656230939818817,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1656230939818992,"pkt":"ABoRAAACABoRAAABCABFAAAo16FAAEAG6Y8KCAABrNnCvKpQFGzl+aQMGgZb9VAQ\/\/93dwAA"}
00936{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1656230939817793,"flow_src_last_pkt_time":1656230939818992,"flow_dst_last_pkt_time":1656230939818817,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230939819684,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.217.194.188","src_port":43600,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"7":"Match by IP"},"proto":"Google","proto_id":"126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1656230939817793,"flow_src_last_pkt_time":1656230939818992,"flow_dst_last_pkt_time":1656230939818817,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230939819684,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.217.194.188","src_port":43600,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00930{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1656230934714151,"flow_src_last_pkt_time":1656230934714523,"flow_dst_last_pkt_time":1656230934714509,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656230939819684,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"216.58.196.68","src_port":40454,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00783{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1656230934714151,"flow_src_last_pkt_time":1656230934714523,"flow_dst_last_pkt_time":1656230934714509,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656230939819684,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"216.58.196.68","src_port":40454,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01056{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230932729365,"flow_src_last_pkt_time":1656230932729365,"flow_dst_last_pkt_time":1656230932729365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656230939819684,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"142.251.42.106","src_port":55512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230932729365,"flow_src_last_pkt_time":1656230932729365,"flow_dst_last_pkt_time":1656230932729365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656230939819684,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"142.251.42.106","src_port":55512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1656230932996308,"flow_src_last_pkt_time":1656230933366844,"flow_dst_last_pkt_time":1656230933316560,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":223,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1656230939819684,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"159.138.85.48","src_port":42344,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1656230939763960,"flow_src_last_pkt_time":1656230939766415,"flow_dst_last_pkt_time":1656230939766552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230939819684,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"142.250.183.163","src_port":51296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1656230939663767,"flow_src_last_pkt_time":1656230939818921,"flow_dst_last_pkt_time":1656230939818981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":301,"flow_dst_max_l4_payload_len":2837,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":2837,"midstream":0,"thread_ts_usec":1656230939819684,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1656230939671699,"flow_src_last_pkt_time":1656230939819619,"flow_dst_last_pkt_time":1656230939819684,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":2800,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":2838,"midstream":0,"thread_ts_usec":1656230939819684,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1656230934073116,"flow_src_last_pkt_time":1656230934969472,"flow_dst_last_pkt_time":1656230934919257,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":236,"flow_src_tot_l4_payload_len":992,"flow_dst_tot_l4_payload_len":439,"midstream":0,"thread_ts_usec":1656230939819684,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":63,"packets-processed":63,"total-skipped-flows":0,"total-l4-payload-len":8443,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1656230939819684}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 63/63
~~ skipped flows.............: 0
~~ total layer4 data length..: 8443 bytes
~~ total detected protocols..: 5
~~ total active/idle flows...: 8/8
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 11514622 bytes
~~ total memory freed........: 11514622 bytes
~~ total allocations/frees...: 216790/216790
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 538 chars
~~ json string max len.......: 1547 chars
~~ json string avg len.......: 1041 chars
|