summaryrefslogtreecommitdiff
path: root/test/results/default/firefox.pcap.out
blob: 62965e0c8e231983d2a6c1178641c6128658bd46 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4365-b08c787f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4365-b08c787f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1620927997754367}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620927997754367,"flow_src_last_pkt_time":1620927997754367,"flow_dst_last_pkt_time":1620927997754367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927997754367,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1620927997754367,"flow_dst_last_pkt_time":1620927997754367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620927997754367,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl5AbuZmizAAAAAALAC\/\/9OVwAAAgQFtAEDAwUBAQgKNAyUbQAAAAAEAgAA"}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1620927997754367,"flow_dst_last_pkt_time":1620927997781073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620927997781073,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yXkJiZGFmZoswaAS\/oiCawAAAgQFrAQCCAo8IAcuNAyUbQEDAwc="}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1620927997781165,"flow_dst_last_pkt_time":1620927997781073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927997781165,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl5AbuZmizBCYmRhoAQECyfcgAAAQEICjQMlIc8IAcu"}
01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1620927997782476,"flow_dst_last_pkt_time":1620927997781073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1620927997782476,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGqiLAqAGykjA6Esl5AbuZmizBCYmRhoAYECyf7gAAAQEICjQMlIg8IAcuFgMBAgABAAH8AwMtfA1DC+zpycv9FdmNMUC5bsJuWnUXyup0IQWmFDUmuyCHAxBTXkoz\/MfE2bI\/cLBp15kHYdbtt6EVNjvh9SpQCwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQABjwAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAzAGsAaQAdACAdqToAdMIvwxEDg\/g+CRDkTMPXNvyCkvGWZE1UHNfqdQAXAEEEaSrAsB1d9DD1rsZ6fsTBmwbdQjaww3ssMweKLDjtvm89IHezibH\/di6RtXqjZOkOURxpgJe+Gaam1ctoaup48QArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927997754367,"flow_src_last_pkt_time":1620927997782476,"flow_dst_last_pkt_time":1620927997781073,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927997782476,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1620927997782476,"flow_dst_last_pkt_time":1620927997808417,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927997808417,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0i1BAADQGLNeSMDoSwKgBsgG7yXkJiZGGmZouxoAQAfqrggAAAQEICjwgB0o0DJSI"}
01197{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927997754367,"flow_src_last_pkt_time":1620927997782476,"flow_dst_last_pkt_time":1620927997814169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1620927997814169,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620927998782772,"flow_src_last_pkt_time":1620927998782772,"flow_dst_last_pkt_time":1620927998782772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927998782772,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1620927998782772,"flow_dst_last_pkt_time":1620927998782772,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620927998782772,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl\/AbveSGQcAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKNAyYZQAAAAAEAgAA"}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620927998806443,"flow_src_last_pkt_time":1620927998806443,"flow_dst_last_pkt_time":1620927998806443,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927998806443,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1620927998806443,"flow_dst_last_pkt_time":1620927998806443,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620927998806443,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmEAbtCftk8AAAAALAC\/\/\/03wAAAgQFtAEDAwUBAQgKNAyYeQAAAAAEAgAA"}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1620927998782772,"flow_dst_last_pkt_time":1620927998817178,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620927998817178,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yX\/JSxfE3khkHaAS\/oi4VgAAAgQFrAQCCAo8IAs5NAyYZQEDAwc="}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1620927998817261,"flow_dst_last_pkt_time":1620927998817178,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927998817261,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl\/AbveSGQdyUsXxYAQECzVWgAAAQEICjQMmII8IAs5"}
01466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1620927998820522,"flow_dst_last_pkt_time":1620927998817178,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"thread_ts_usec":1620927998820522,"pkt":"EBMx8Tl2KDc3AG3ICABFAALcAABAAEAGqX\/AqAGykjA6Esl\/AbveSGQdyUsXxYAYECwwygAAAQEICjQMmIU8IAs5FgMBAqMBAAKfAwO3vIr9uiJ48zzMf52GsXt4xkS1HnhZS28F\/9nVtQa\/JSARzVdUDjCom9ejIr9F9nHpr\/Ooxj6X4lFWVS4DuL59ogAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACMgAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIIYQxSluq6g42rhsNiC0vZO+RSLs9Lc+BoLP46MvmywVABcAQQRH6zF0G3XQTSNI3Y1zyDpklxgrGlYydrEUXDKsmOlWDTlQccHbDWUx+QCuHh\/4fXU1rkqfToj1sH7nwHIfkbqSACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQApATsBBgEAMypzcqAzWsBAZINcgx+ygKHqX8dlc3gNHYe5ARjKH2m\/2THc30fZqwWttqz+MhhOBuir\/aONtTrQ+uN7prJ0qsiw+PKiGDT2X3k4SV5DVAwgaBQQfVaChGgTL9TuxTqcXjABL+DsrumeTVx0crsf4BGQigfE\/UGrAhMWWGWMyPGgrBY5dCxjFeXPzI6n5izjK21UO4m4mGQ0knXt1a5aWSs4hVAntH\/1nWn46Yvp16v6wnSNwCgTmCuvGO7uL6zEmlN6b697mGRBnn3CmjjivLPd2RlnN\/sRHkJFZT7sQh6CfBBulV\/PEeGcX2XjnDtUC3g5CQsKyPjk\/HDxhhMKJlw9bJYAMTBgVj+1QQAEnNQ6YMh4adur454Yr31knwx6D0ttCCNB5Ar\/5l2gc7rg2qVLaQE7hUg="}
01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927998782772,"flow_src_last_pkt_time":1620927998820522,"flow_dst_last_pkt_time":1620927998817178,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927998820522,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1620927998806443,"flow_dst_last_pkt_time":1620927998833815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620927998833815,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yYRFBnlrQn7ZPaAS\/ogBdQAAAgQFrAQCCAo8IAtKNAyYeQEDAwc="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1620927998833884,"flow_dst_last_pkt_time":1620927998833815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927998833884,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmEAbtCftk9RQZ5bIAQECwefwAAAQEICjQMmJA8IAtK"}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1620927998820522,"flow_dst_last_pkt_time":1620927998849436,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927998849436,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA051pAADQG0MySMDoSwKgBsgG7yX\/JSxfF3khmxYAQAfjgwQAAAQEICjwgC1s0DJiF"}
01461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1620927998850076,"flow_dst_last_pkt_time":1620927998833815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"thread_ts_usec":1620927998850076,"pkt":"EBMx8Tl2KDc3AG3ICABFAALcAABAAEAGqX\/AqAGykjA6EsmEAbtCftk9RQZ5bIAYECyN6AAAAQEICjQMmJ48IAtKFgMBAqMBAAKfAwNAzR6c7iJcDBDZ2OSnohULz18pBZGP2l3acYhLNliW1SCaZ4UhDzGNmamCWj7lh5yndtX+A5Qj\/Vo0pS14rgaccQAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACMgAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIMO9fLbtYoy7wr4nDFrsvn6ZcJoE4YIn7v76H+x9iAkkABcAQQRxFV6yz59yZ1DVbyModG076e+kDUcckNtpF88rNlUIK9cS8XHrZokfkMFIciZwd8LHFIC9Gsa3UC38ksGr2hjkACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQApATsBBgEAMypzcqAzWsBAZINcgx+ygKHqX8dlc3gNHYe5ARjKH2m\/2THc30fZqwWttqz+MhhOBuir\/aONtTrQ+uN7prJ0qsiw+PKiGDT2X3k4SV5DVAwgaBQQfVaChGgTL9TuxTqcXjABL+DsrumeTVx0crsf4BGQigfE\/UGrAhMWWGWMyPGgrBY5dCxjFeXPzI6n5izjK21UO4m4mGQ0knXt1a5aWSs4hVAntH\/1nWn46Yvp16v6wnSNwCgTmCuvGO7uL6zEmlN6b697mGRBnn3CmjjivLPd2RlnN\/sRHkJFZT7sQh6CfBBulV\/PEeGcX2XjnDtUC3g5CQsKyPjk\/HDxhhMKJlw9bLMAMTASbwuo8QWja2o9mr0+Frf3OIK5pq78cRY8SbYmyrN4A0Z9kQhYPaolWzEoVShdu5I="}
01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927998806443,"flow_src_last_pkt_time":1620927998850076,"flow_dst_last_pkt_time":1620927998833815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927998850076,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
01196{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927998782772,"flow_src_last_pkt_time":1620927998820522,"flow_dst_last_pkt_time":1620927998850942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620927998850942,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1620927998850076,"flow_dst_last_pkt_time":1620927998875954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927998875954,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0dCZAADQGRAGSMDoSwKgBsgG7yYRFBnlsQn7b5YAQAfgp0gAAAQEICjwgC3U0DJie"}
01196{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927998806443,"flow_src_last_pkt_time":1620927998850076,"flow_dst_last_pkt_time":1620927998877179,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620927998877179,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620927999109976,"flow_src_last_pkt_time":1620927999109976,"flow_dst_last_pkt_time":1620927999109976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927999109976,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1620927999109976,"flow_dst_last_pkt_time":1620927999109976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620927999109976,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmPAbugsPXqAAAAALAC\/\/947AAAAgQFtAEDAwUBAQgKNAyZgQAAAAAEAgAA"}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620927999111334,"flow_src_last_pkt_time":1620927999111334,"flow_dst_last_pkt_time":1620927999111334,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927999111334,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1620927999111334,"flow_dst_last_pkt_time":1620927999111334,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620927999111334,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmQAbsCvXBwAAAAALAC\/\/+cWAAAAgQFtAEDAwUBAQgKNAyZggAAAAAEAgAA"}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620927999112216,"flow_src_last_pkt_time":1620927999112216,"flow_dst_last_pkt_time":1620927999112216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927999112216,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1620927999112216,"flow_dst_last_pkt_time":1620927999112216,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620927999112216,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmRAbvLRPiuAAAAALAC\/\/9LkAAAAgQFtAEDAwUBAQgKNAyZgwAAAAAEAgAA"}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1620927999109976,"flow_dst_last_pkt_time":1620927999138093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620927999138093,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yY9yeaT2oLD166AS\/ogrVAAAAgQFrAQCCAo8IAx5NAyZgQEDAwc="}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1620927999111334,"flow_dst_last_pkt_time":1620927999138095,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620927999138095,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yZBJLtVRAr1wcaAS\/ohHrwAAAgQFrAQCCAo8IAx6NAyZggEDAwc="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1620927999138163,"flow_dst_last_pkt_time":1620927999138093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927999138163,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmPAbugsPXrcnmk94AQECxIWgAAAQEICjQMmZw8IAx5"}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1620927999138166,"flow_dst_last_pkt_time":1620927999138095,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927999138166,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmQAbsCvXBxSS7VUoAQECxktgAAAQEICjQMmZw8IAx6"}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1620927999112216,"flow_dst_last_pkt_time":1620927999140847,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620927999140847,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yZFyBGfZy0T4r6AS\/og7hgAAAgQFrAQCCAo8IAx9NAyZgwEDAwc="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1620927999140932,"flow_dst_last_pkt_time":1620927999140847,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927999140932,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmRAbvLRPivcgRn2oAQECxYiwAAAQEICjQMmZ88IAx9"}
01466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1620927999141444,"flow_dst_last_pkt_time":1620927999138095,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"thread_ts_usec":1620927999141444,"pkt":"EBMx8Tl2KDc3AG3ICABFAALcAABAAEAGqX\/AqAGykjA6EsmQAbsCvXBxSS7VUoAYECxqegAAAQEICjQMmZ88IAx6FgMBAqMBAAKfAwMib7sEwVHJP8NafDdEcMRu+2BtW80kInWBAD4KrwhQpiB866aqa7yFxIfhXZTYSAx6ddVCnWqOsCWmpuTunaX1mwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACMgAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIMy+F3v+RcJdQkDhcgxxv+q0LPoq\/2mdWLz4DbhUlU0JABcAQQSHckCcHdMJGlaj94G9MrpqvN\/LQY4GmzuN\/x59Xu\/wdGrOVrynO7q9eaBmxxO48u8iWBXSYIjZIO\/YAQtrWf0uACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQApATsBBgEAMypzcqAzWsBAZINcgx+ygK7vZjFETFDV+K4OTU2h7iMgn6BkHtGH526mQ4bqBfv1cHLHiyotXTUtt7v3XJ+Pve3eILUUdCMTAf6ppR\/5v1DvtEEhKEUYvXLDdpRLI5UYlBKJOeJvFEHMVCMj1\/VQu3rqDjEDWvU95zAtCzn3RTsyGtKwLG0LJBEVcKxZ4IRBUjqiSWvy3+DilYpWnbXb\/2GrqKzSVFxIMcA5Pizs1nnSPkfNgZxF\/G8ArqEEZd9PBSbejDG9p9aZJLOqZhLKYbmoSskc1bzO9DF6Hs11\/gJKXH0oS6nxQr28NltJX3EV6GF0q1MNFnHb\/mNO0AWNcyUzmSEAMTC7DFviiMAHSyKO9UJflICxrfrBiSjn+Q51G\/9zze3vin9E\/h3yoA8+LmA5m8meUew="}
01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927999111334,"flow_src_last_pkt_time":1620927999141444,"flow_dst_last_pkt_time":1620927999138095,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927999141444,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
01464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1620927999143664,"flow_dst_last_pkt_time":1620927999138093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"thread_ts_usec":1620927999143664,"pkt":"EBMx8Tl2KDc3AG3ICABFAALcAABAAEAGqX\/AqAGykjA6EsmPAbugsPXrcnmk94AYECwByQAAAQEICjQMmaE8IAx5FgMBAqMBAAKfAwPLbD5gOnSMmUdmLValgevvP4bb+k8e08lwqX+YbKGt3iAlkc8vad1pAkmv3DLXWEMycffSzBs5DNVF7m0FcRK\/nQAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACMgAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIHrZFQRNw5ldSnTOZrYb4ROYY6jGIfJVGxBV4uizHTpsABcAQQS3NAbJNADMbeg6uNBn+xHw3ydMMZ8\/z0knTfC\/Pk5sGbbav2GL7wpVEgjyFzNhlOyo4p3\/\/ZRvEWbgTq4d2O7vACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQApATsBBgEAMypzcqAzWsBAZINcgx+ygK7vZjFETFDV+K4OTU2h7iMgn6BkHtGH526mQ4bqBfv1cHLHiyotXTUtt7v3XJ+Pve3eILUUdCMTAf6ppR\/5v1DvtEEhKEUYvXLDdpRLI5UYlBKJOeJvFEHMVCMj1\/VQu3rqDjEDWvU95zAtCzn3RTsyGtKwLG0LJBEVcKxZ4IRBUjqiSWvy3+DilYpWnbXb\/2GrqKzSVFxIMcA5Pizs1nnSPkfNgZxF\/G8ArqEEZd9PBSbejDG9p9aZJLOqZhLKYbmoSskc1bzO9DF6Hs11\/gJKXH0oS6nxQr28NltJX3EV6GF0q1MNFnHb\/mNO0AWNcyUzmSMAMTAdEIyR1ohqOXooWJz4QOYPIEnPNAiJJdYf5MRX0x2j7hrA220r1vjmga7S5HF+hl8="}
01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927999109976,"flow_src_last_pkt_time":1620927999143664,"flow_dst_last_pkt_time":1620927999138093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927999143664,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
01462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1620927999148674,"flow_dst_last_pkt_time":1620927999140847,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"thread_ts_usec":1620927999148674,"pkt":"EBMx8Tl2KDc3AG3ICABFAALcAABAAEAGqX\/AqAGykjA6EsmRAbvLRPivcgRn2oAYECwS0QAAAQEICjQMmaU8IAx9FgMBAqMBAAKfAwNFQzpkgfyhNgbTNJ5e9Ud666zcsVLrnCFPuu5R0gMQ5iCf4hyAAf2e1Nqt4X\/d0hmTfioGtwn0kLEAuqj5y87exAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACMgAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AICxuuwafTKLEKqG16GJB5qZPLJEh4U2+SES78FZlA\/54ABcAQQTAAyquj6BD0IPU30kXgMXDwejI4l0XzpOwpQEzc8hKPk7HPRn0O\/XXDhe2CgGPmdE8r3OyDN41Lk+AQK9FIkrkACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQApATsBBgEAMypzcqAzWsBAZINcgx+ygK7vZjFETFDV+K4OTU2h7iMgn6BkHtGH526mQ4bqBfv1cHLHiyotXTUtt7v3XJ+Pve3eILUUdCMTAf6ppR\/5v1DvtEEhKEUYvXLDdpRLI5UYlBKJOeJvFEHMVCMj1\/VQu3rqDjEDWvU95zAtCzn3RTsyGtKwLG0LJBEVcKxZ4IRBUjqiSWvy3+DilYpWnbXb\/2GrqKzSVFxIMcA5Pizs1nnSPkfNgZxF\/G8ArqEEZd9PBSbejDG9p9aZJLOqZhLKYbmoSskc1bzO9DF6Hs11\/gJKXH0oS6nxQr28NltJX3EV6GF0q1MNFnHb\/mNO0AWNcyUzmSgAMTBBOwyJxtnEOswesRCmg08gZTe717MpXIgpoRB+yZwyzrZ5Gi9t5mtcvX9nEpcbXSo="}
01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1620927999112216,"flow_src_last_pkt_time":1620927999148674,"flow_dst_last_pkt_time":1620927999140847,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927999148674,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","tls": {"version":"TLSv1.2","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1620927999141444,"flow_dst_last_pkt_time":1620927999167303,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927999167303,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0N2ZAADQGgMGSMDoSwKgBsgG7yZBJLtVSAr1zGYAQAfhwIAAAAQEICjwgDJk0DJmf"}
01196{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927999111334,"flow_src_last_pkt_time":1620927999141444,"flow_dst_last_pkt_time":1620927999169718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620927999169718,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1620927999143664,"flow_dst_last_pkt_time":1620927999169750,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927999169750,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0GipAADQGnf2SMDoSwKgBsgG7yY9yeaT3oLD4k4AQAfhTvwAAAQEICjwgDJs0DJmh"}
01196{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927999109976,"flow_src_last_pkt_time":1620927999143664,"flow_dst_last_pkt_time":1620927999170826,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620927999170826,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1620927999148674,"flow_dst_last_pkt_time":1620927999178235,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1620927999178235,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0RutAADQGcTySMDoSwKgBsgG7yZFyBGfay0T7V4AQAfhj7AAAAQEICjwgDKI0DJml"}
01196{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620927999112216,"flow_src_last_pkt_time":1620927999148674,"flow_dst_last_pkt_time":1620927999179715,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1620927999179715,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.iit.cnr.it","tls": {"version":"TLSv1.3","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}}
00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1620927997754367,"flow_src_last_pkt_time":1620927998052138,"flow_dst_last_pkt_time":1620927998628677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":983,"flow_dst_tot_l4_payload_len":7072,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1620927998782772,"flow_src_last_pkt_time":1620927999107713,"flow_dst_last_pkt_time":1620927999136180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1491,"flow_dst_tot_l4_payload_len":4419,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1620927998806443,"flow_src_last_pkt_time":1620927999135237,"flow_dst_last_pkt_time":1620927999135180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":1127,"flow_dst_tot_l4_payload_len":1903,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1620927999109976,"flow_src_last_pkt_time":1620927999224233,"flow_dst_last_pkt_time":1620927999224319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1130,"flow_dst_tot_l4_payload_len":9203,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":1620927999111334,"flow_src_last_pkt_time":1620927999213956,"flow_dst_last_pkt_time":1620927999214178,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1130,"flow_dst_tot_l4_payload_len":12083,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1620927999112216,"flow_src_last_pkt_time":1620927999228482,"flow_dst_last_pkt_time":1620927999227832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1509,"flow_dst_tot_l4_payload_len":9549,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4365-b08c787f","packets-captured":129,"packets-processed":129,"total-skipped-flows":0,"total-l4-payload-len":51599,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1620927999228482}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 129/129
~~ skipped flows.............: 0
~~ total layer4 data length..: 51599 bytes
~~ total detected protocols..: 6
~~ total active/idle flows...: 6/6
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 11632055 bytes
~~ total memory freed........: 11632055 bytes
~~ total allocations/frees...: 216853/216853
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 545 chars
~~ json string max len.......: 1471 chars
~~ json string avg len.......: 1007 chars
Powered by cgit, Themed by Ted Yin.