aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/googledns_android10.pcap.out
blob: 6b165eaf2b6db3ed2da32b9beb0538e8d7ff4df8 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

00624{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00845{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1592552824409182}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592552824409182,"flow_src_last_pkt_time":1592552824409182,"flow_dst_last_pkt_time":1592552824409182,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1592552824409182,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592552824409182,"flow_dst_last_pkt_time":1592552824409182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552824409182,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gpUAAHcG7tcICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT59wAAAQEIChWqa0r\/\/5Cw"}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1592552824632762,"flow_dst_last_pkt_time":1592552824409182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552824632762,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gzYAAHcG7jYICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT5GAAAAQEIChWqbCn\/\/5Cw"}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1592552824856545,"flow_dst_last_pkt_time":1592552824409182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552824856545,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0g5MAAHcG7dkICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT4OAAAAQEIChWqbQn\/\/5Cw"}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1592552825296508,"flow_dst_last_pkt_time":1592552824409182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552825296508,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0hHAAAHcG7PwICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT2gAAAAQEIChWqbsH\/\/5Cw"}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592552825913529,"flow_src_last_pkt_time":1592552825913529,"flow_dst_last_pkt_time":1592552825913529,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592552825913529,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1592552825913529,"flow_dst_last_pkt_time":1592552825913529,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1592552825913529,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8tGBAAEAGuAjAqAGfCAgEBLusA1UTsXihAAAAAKAC\/\/9hlgAAAgQFtAQCCAr\/\/8zBAAAAAAEDAwg="}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592552825913790,"flow_src_last_pkt_time":1592552825913790,"flow_dst_last_pkt_time":1592552825913790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592552825913790,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1592552825913790,"flow_dst_last_pkt_time":1592552825913790,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1592552825913790,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8yAFAAEAGoGPAqAGfCAgICNrYA1WXsATAAAAAAKAC\/\/8uSAAAAgQFtAQCCAr\/\/8zBAAAAAAEDAwg="}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1592552825913529,"flow_dst_last_pkt_time":1592552825926858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1592552825926858,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8q2cAAHcGygEICAQEwKgBnwNVu6wOvAEKE7F4oqAS6yBkegAAAgQFZAQCCAp\/X4MU\/\/\/MwQEDAwg="}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1592552825913790,"flow_dst_last_pkt_time":1592552825927045,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1592552825927045,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8xdcAAHYGrI0ICAgIwKgBnwNV2tjD\/e2fl7AEwaAS6yBjdQAAAgQFZAQCCApkDcpF\/\/\/MwQEDAwg="}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1592552825928257,"flow_dst_last_pkt_time":1592552825926858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552825928257,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0tGFAAEAGuA\/AqAGfCAgEBLusA1UTsXiiDrwBC4AQAVd8vQAAAQEICv\/\/zMV\/X4MU"}
00769{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1592552825928997,"flow_dst_last_pkt_time":1592552825926858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_usec":1592552825928997,"pkt":"EBMx8Tl2ag\/ahpuQCABFAADOtGJAAEAGt3TAqAGfCAgEBLusA1UTsXiiDrwBC4AYAVdpogAAAQEICv\/\/zMV\/X4MUFgMBAJUBAACRAwOw6eX3GPuUCseewx8KJQKq65uZZdDYuRYi0MWCjT+jCwAAHsArwC\/ALMAwzKnMqMAJwBPACsAUAJwAnQAvADUACgEAAEoAAAAPAA0AAApkbnMuZ29vZ2xlABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQ=="}
01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1592552825913529,"flow_src_last_pkt_time":1592552825928997,"flow_dst_last_pkt_time":1592552825926858,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592552825928997,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1592552825929178,"flow_dst_last_pkt_time":1592552825927045,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552825929178,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0yAJAAEAGoGrAqAGfCAgICNrYA1WXsATBw\/3toIAQAVd7uAAAAQEICv\/\/zMVkDcpF"}
00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1592552825929471,"flow_dst_last_pkt_time":1592552825927045,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_usec":1592552825929471,"pkt":"EBMx8Tl2ag\/ahpuQCABFAADOyANAAEAGn8\/AqAGfCAgICNrYA1WXsATBw\/3toIAYAVdohAAAAQEICv\/\/zMVkDcpFFgMBAJUBAACRAwOVSYhvB5NCZzUc9GHHE6Pd9b9dT20UrbAk09jz7PnHSwAAHsArwC\/ALMAwzKnMqMAJwBPACsAUAJwAnQAvADUACgEAAEoAAAAPAA0AAApkbnMuZ29vZ2xlABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQ=="}
01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1592552825913790,"flow_src_last_pkt_time":1592552825929471,"flow_dst_last_pkt_time":1592552825927045,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592552825929471,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1592552825928997,"flow_dst_last_pkt_time":1592552825940289,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552825940289,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0q3UAAHgGyPsICAQEwKgBnwNVu6wOvAELE7F5PIAQAPB8fAAAAQEICn9fgyL\/\/8zF"}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1592552825929471,"flow_dst_last_pkt_time":1592552825941529,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552825941529,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0xdkAAHYGrJMICAgIwKgBnwNV2tjD\/e2gl7AFW4AQAPB7dgAAAQEICmQNylT\/\/8zF"}
01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1592552825913529,"flow_src_last_pkt_time":1592552825928997,"flow_dst_last_pkt_time":1592552825957880,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1592552825957880,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}}
01740{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1592552825913529,"flow_src_last_pkt_time":1592552825928997,"flow_dst_last_pkt_time":1592552825957993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":2836,"midstream":0,"thread_ts_usec":1592552825957993,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC","blocks":0}}}
01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1592552825913790,"flow_src_last_pkt_time":1592552825929471,"flow_dst_last_pkt_time":1592552825959083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1592552825959083,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}}
01740{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1592552825913790,"flow_src_last_pkt_time":1592552825929471,"flow_dst_last_pkt_time":1592552825960222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":2836,"midstream":0,"thread_ts_usec":1592552825960222,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC","blocks":0}}}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592552826036505,"flow_src_last_pkt_time":1592552826036505,"flow_dst_last_pkt_time":1592552826036505,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592552826036505,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1592552826036505,"flow_dst_last_pkt_time":1592552826036505,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1592552826036505,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA80uBAAEAGmYjAqAGfCAgEBLuwA1WtLB4AAAAAAKAC\/\/8imQAAAgQFtAQCCAr\/\/8zgAAAAAAEDAwg="}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1592552826036505,"flow_dst_last_pkt_time":1592552826049329,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1592552826049329,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8wHkAAHcGtO8ICAQEwKgBnwNVu7B94BEWrSweAaAS6yCziAAAAgQFZAQCCAq0eUC+\/\/\/M4AEDAwg="}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1592552826051146,"flow_dst_last_pkt_time":1592552826049329,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552826051146,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA00uFAAEAGmY\/AqAGfCAgEBLuwA1WtLB4BfeARF4AQAVfLywAAAQEICv\/\/zOS0eUC+"}
00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1592552826051495,"flow_dst_last_pkt_time":1592552826049329,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_usec":1592552826051495,"pkt":"EBMx8Tl2ag\/ahpuQCABFAADO0uJAAEAGmPTAqAGfCAgEBLuwA1WtLB4BfeARF4AYAVfZbQAAAQEICv\/\/zOS0eUC+FgMBAJUBAACRAwNJCyrg3LiPOkzp25J1tFPL9Xy02QHRBJvQzPxg67QKYwAAHsArwC\/ALMAwzKnMqMAJwBPACsAUAJwAnQAvADUACgEAAEoAAAAPAA0AAApkbnMuZ29vZ2xlABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQ=="}
01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1592552826036505,"flow_src_last_pkt_time":1592552826051495,"flow_dst_last_pkt_time":1592552826049329,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592552826051495,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1592552826051495,"flow_dst_last_pkt_time":1592552826064156,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552826064156,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0wIMAAHcGtO0ICAQEwKgBnwNVu7B94BEXrSwem4AQAPDLiQAAAQEICrR5QM3\/\/8zk"}
01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1592552826036505,"flow_src_last_pkt_time":1592552826051495,"flow_dst_last_pkt_time":1592552826080321,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1592552826080321,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}}
01740{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1592552826036505,"flow_src_last_pkt_time":1592552826051495,"flow_dst_last_pkt_time":1592552826081468,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":2836,"midstream":0,"thread_ts_usec":1592552826081468,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC","blocks":0}}}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1592552826207745,"flow_dst_last_pkt_time":1592552824409182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552826207745,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0hqoAAHcG6sIICAgIwKgBnwNV2jAOPHBKaWPSFIARAUTy8AAAAQEIChWqclH\/\/5Cw"}
02343{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1592552826036505,"flow_src_last_pkt_time":1592552827147738,"flow_dst_last_pkt_time":1592552827146388,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1042,"flow_dst_tot_l4_payload_len":5862,"midstream":0,"thread_ts_usec":1592552827147738,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":99,"avg":71648.9,"max":447414,"stddev":121761.7,"var":14825912320.0,"ent":3.5,"data": [12824,14641,349,14827,16165,1147,99,31089,1039,512,12517,28602,36858,41216,19219,12546,6221,5033,24265,307087,326211,13788,74283,386701,447414,5048,23824,155667,173706,5036,23182]},"pktlen": {"min":52,"avg":268.2,"max":1470,"stddev":356.7,"var":127227.7,"ent":4.1,"data": [60,60,52,206,52,1470,1470,291,52,52,52,145,344,211,52,211,551,52,551,52,211,52,551,52,211,52,551,52,211,52,551,52]},"bins": {"c_to_s": [9,0,1,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,1,0,1,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,0,1,0,1,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0],"entropies": [4.326680183,5.023234367,4.955651283,5.448351860,4.985801220,7.066713810,7.519642353,7.136388302,5.063529015,5.025067329,5.063529015,6.146316528,7.108041286,6.700643539,4.985801220,6.774869442,7.568095207,4.947339535,7.581867695,5.078046322,6.760867119,5.062724590,7.546683311,5.078046322,6.761339188,4.972088814,7.559946537,5.078046322,6.814634323,4.964581966,7.566140175,5.078046322]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592552827426405,"flow_src_last_pkt_time":1592552827426405,"flow_dst_last_pkt_time":1592552827426405,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592552827426405,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1592552827426405,"flow_dst_last_pkt_time":1592552827426405,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1592552827426405,"pkt":"EBMx8Tl2ag\/ahpuQCABFAABUl9BAAEAB0IHAqAGfCAgICAgA4JUAAgABem3sXgAAAADqxwcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592552827426405,"flow_src_last_pkt_time":1592552827426405,"flow_dst_last_pkt_time":1592552827426405,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592552827426405,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.297900}}
00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1592552827426405,"flow_dst_last_pkt_time":1592552827440141,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1592552827440141,"pkt":"ag\/ahpuQEBMx8Tl2CABFoABUAAAAAHEBdrIICAgIwKgBnwAA6JUAAgABem3sXgAAAADqxwcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1592552828402579,"flow_dst_last_pkt_time":1592552827440141,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1592552828402579,"pkt":"EBMx8Tl2ag\/ahpuQCABFAABUl\/5AAEAB0FPAqAGfCAgICAgAgPEAAwABe23sXgAAAABJawcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1592552828402579,"flow_dst_last_pkt_time":1592552828415412,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1592552828415412,"pkt":"ag\/ahpuQEBMx8Tl2CABFoABUAAAAAHEBdrIICAgIwKgBnwAAiPEAAwABe23sXgAAAABJawcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592552871852324,"flow_src_last_pkt_time":1592552871852324,"flow_dst_last_pkt_time":1592552871852324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1592552871852324,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1592552871852324,"flow_dst_last_pkt_time":1592552871852324,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552871852324,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0V5sAAHYGHtYICAQEwKgBnwNVu2A7uJADhSLfzIARAX\/+2gAAAQEICuSDFST\/\/78G"}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1592552871852324,"flow_dst_last_pkt_time":1592552871941265,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1592552871941265,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAAoAABAAEAGbH3AqAGfCAgEBLtgA1WFIt\/MAAAAAFAEAAC96AAA"}
01063{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1592552827426405,"flow_src_last_pkt_time":1592552828402579,"flow_dst_last_pkt_time":1592552828415412,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1592552871941265,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592552878549677,"flow_src_last_pkt_time":1592552878549677,"flow_dst_last_pkt_time":1592552878549677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592552878549677,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1592552878549677,"flow_dst_last_pkt_time":1592552878549677,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1592552878549677,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8PO5AAEAGL3vAqAGfCAgEBLviA1WhETzJAAAAAKAC\/\/\/ccgAAAgQFtAQCCAoAAAAnAAAAAAEDAwg="}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1592552878549677,"flow_dst_last_pkt_time":1592552878562423,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1592552878562423,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8nAYAAHYG2mIICAQEwKgBnwNVu+J3bBxFoRE8yqAS6yB6VAAAAgQFZAQCCAo7E6h3AAAAJwEDAwg="}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1592552878563796,"flow_dst_last_pkt_time":1592552878562423,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552878563796,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0PO9AAEAGL4LAqAGfCAgEBLviA1WhETzKd2wcRoAQAVeSlgAAAQEICgAAACw7E6h3"}
01260{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1592552878564695,"flow_dst_last_pkt_time":1592552878562423,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1592552878564695,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAI5PPBAAEAGLXzAqAGfCAgEBLviA1WhETzKd2wcRoAYAVddrgAAAQEICgAAACw7E6h3FgMBAgABAAH8AwMrWAyrTdDxfgOP+1tzuunb7Cy\/yXCgSWeXoKBkBPrVPyA3JDMO7OphzpU36YzIUm3zGK0YYOmlQM62LkpDm0rDGgAewCvAL8AswDDMqcyowAnAE8AKwBQAnACdAC8ANQAKAQABlQAAAA8ADQAACmRucy5nb29nbGUAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwDiARwM3mDSTy2KnFOJMzn7stzGYyX+ErxweKZvMWA+DHe7GLRnLRUybuHfiV5knTQIjhK\/GK5IIqvLNAmTKNvSo0hv8h0ulRB0aqm8FwgEpkVHHcM6UG5TzNCQ9KdT\/k7UNWuK7swRz9Yvi+k8q96rcEJr\/LXENmBb2UY8tY9l2xJKbBYA9tKwIPIBAerEXFDAPYWZdKDd5Q1S\/gPO223uC0X1er\/jYr9tA39W1m4B\/\/vKp4wt45p5c\/xW9Tg39T7eLvvvPWnCGQRfWtPx5seY9+CMB7cDPpL3T3JV2Fpgho3ydgANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAVAGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1592552878549677,"flow_src_last_pkt_time":1592552878564695,"flow_dst_last_pkt_time":1592552878562423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592552878564695,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150800_0707305c9f76_120e542614af","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1592552878564695,"flow_dst_last_pkt_time":1592552878577342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552878577342,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0nAgAAHYG2mgICAQEwKgBnwNVu+J3bBxGoRE+z4AQAPCQ6QAAAQEICjsTqIYAAAAs"}
01338{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1592552878549677,"flow_src_last_pkt_time":1592552878564695,"flow_dst_last_pkt_time":1592552878577421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":147,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":147,"midstream":0,"thread_ts_usec":1592552878577421,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3s":"1249fb68f48c0444718e4d3b48b27188","ja4":"t12d150800_0707305c9f76_120e542614af","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}}
02348{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1592552878549677,"flow_src_last_pkt_time":1592552881411235,"flow_dst_last_pkt_time":1592552881429656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":499,"flow_src_tot_l4_payload_len":1522,"flow_dst_tot_l4_payload_len":3141,"midstream":0,"thread_ts_usec":1592552881429656,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":79,"avg":185210.9,"max":1253719,"stddev":341703.1,"var":116761001984.0,"ent":3.2,"data": [12746,14119,899,14919,79,14194,1137,19603,19131,13753,1318,58447,651251,714961,3808,23304,1234142,1253719,12532,32716,484043,503710,3783,30780,265369,292430,20267,12603,11759,7400,12615]},"pktlen": {"min":52,"avg":198.2,"max":569,"stddev":197.9,"var":39161.3,"ent":4.4,"data": [60,60,52,569,52,199,52,103,52,211,52,551,52,211,52,551,52,211,52,551,52,211,52,551,52,211,52,211,551,52,52,551]},"bins": {"c_to_s": [8,1,0,0,6,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,0,0,0,1,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1,1],"entropies": [4.235814571,4.852156162,4.801308155,6.238618374,4.739399433,6.089945793,4.839769840,5.473562241,4.801805496,6.831297874,4.671903133,7.530720711,4.839769840,6.775491714,4.763343334,7.509344101,4.801308155,6.680355549,4.891996861,7.580490112,4.947339535,6.744199276,4.770353794,7.577538013,4.860989094,6.758264065,4.878231525,6.768933296,7.616032600,4.884933472,4.916693211,7.554844856]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
01063{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1592552827426405,"flow_src_last_pkt_time":1592552828402579,"flow_dst_last_pkt_time":1592552828415412,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1592552910946566,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00945{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1592552824409182,"flow_src_last_pkt_time":1592552826207745,"flow_dst_last_pkt_time":1592552826208808,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1592552955542932,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DoH_DoT","proto_id":"196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
00782{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1592552824409182,"flow_src_last_pkt_time":1592552826207745,"flow_dst_last_pkt_time":1592552826208808,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1592552955542932,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01125{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1592552825913790,"flow_src_last_pkt_time":1592552826054113,"flow_dst_last_pkt_time":1592552826052819,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":363,"flow_dst_tot_l4_payload_len":3480,"midstream":0,"thread_ts_usec":1592552955542932,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
01061{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1592552827426405,"flow_src_last_pkt_time":1592552828402579,"flow_dst_last_pkt_time":1592552828415412,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1592552955542932,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01125{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1592552825913529,"flow_src_last_pkt_time":1592552826030445,"flow_dst_last_pkt_time":1592552826029230,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":363,"flow_dst_tot_l4_payload_len":3480,"midstream":0,"thread_ts_usec":1592552955542932,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
00945{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1592552871852324,"flow_src_last_pkt_time":1592552871852324,"flow_dst_last_pkt_time":1592552871941265,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1592552996502369,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DoH_DoT","proto_id":"196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
00782{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1592552871852324,"flow_src_last_pkt_time":1592552871852324,"flow_dst_last_pkt_time":1592552871941265,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1592552996502369,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01155{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":52,"flow_dst_packets_processed":52,"flow_first_seen":1592552826036505,"flow_src_last_pkt_time":1592552867048536,"flow_dst_last_pkt_time":1592552867047150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":318,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":3935,"flow_dst_tot_l4_payload_len":17280,"midstream":0,"thread_ts_usec":1592552996502369,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}}
00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592553007037028,"flow_src_last_pkt_time":1592553007037028,"flow_dst_last_pkt_time":1592553007037028,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592553007037028,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1592553007037028,"flow_dst_last_pkt_time":1592553007037028,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1592553007037028,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8FgpAAEAGVl\/AqAGfCAgEBLxSA1VGZWurAAAAAKAC\/\/+KUgAAAgQFtAQCCAoAAH2hAAAAAAEDAwg="}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1592553007037028,"flow_dst_last_pkt_time":1592553007051414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1592553007051414,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8ScwAAHYGLJ0ICAQEwKgBnwNVvFKvdpW\/RmVrrKAS6yB4FwAAAgQFZAQCCAp\/c2KvAAB9oQEDAwg="}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1592553007078898,"flow_dst_last_pkt_time":1592553007051414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592553007078898,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0FgtAAEAGVmbAqAGfCAgEBLxSA1VGZWusr3aVwIAQAVeQUgAAAQEICgAAfa1\/c2Kv"}
00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1592553007088078,"flow_dst_last_pkt_time":1592553007051414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"thread_ts_usec":1592553007088078,"pkt":"EBMx8Tl2ag\/ahpuQCABFAADOFgxAAEAGVcvAqAGfCAgEBLxSA1VGZWusr3aVwIAYAVd\/mgAAAQEICgAAfa9\/c2KvFgMBAJUBAACRAwNWAMlRN\/y9+y5bn87kl8S7SwnuvLXD9du+\/Dt1fS20NAAAHsArwC\/ALMAwzKnMqMAJwBPACsAUAJwAnQAvADUACgEAAEoAAAAPAA0AAApkbnMuZ29vZ2xlABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQ=="}
01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1592553007037028,"flow_src_last_pkt_time":1592553007088078,"flow_dst_last_pkt_time":1592553007051414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592553007088078,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1592553007088078,"flow_dst_last_pkt_time":1592553007101326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592553007101326,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0SeYAAHYGLIsICAQEwKgBnwNVvFKvdpXARmVsRoAQAPCP6wAAAQEICn9zYuEAAH2v"}
01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1592553007037028,"flow_src_last_pkt_time":1592553007088078,"flow_dst_last_pkt_time":1592553007118877,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1592553007118877,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}}
01741{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1592553007037028,"flow_src_last_pkt_time":1592553007088078,"flow_dst_last_pkt_time":1592553007118996,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":154,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":2836,"midstream":0,"thread_ts_usec":1592553007118996,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","domainame":"dns.google","tls": {"version":"TLSv1.2","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","ja4":"t12d150700_0707305c9f76_0f3b2bcde21d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC","blocks":0}}}
02348{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1592553007037028,"flow_src_last_pkt_time":1592553013061132,"flow_dst_last_pkt_time":1592553013091250,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1042,"flow_dst_tot_l4_payload_len":5862,"midstream":0,"thread_ts_usec":1592553013091250,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":78,"avg":389623.4,"max":5703762,"stddev":1387530.2,"var":1925240193024.0,"ent":1.5,"data": [14386,41870,9180,49912,17551,119,78,32502,535,103,15369,30822,15661,19948,22571,85476,5640736,5703762,20528,7552,6167,13685,17563,31103,85377,103703,33240,18803,6257,16181,17586]},"pktlen": {"min":52,"avg":268.2,"max":1470,"stddev":356.7,"var":127227.7,"ent":4.1,"data": [60,60,52,206,52,1470,1470,291,52,52,52,145,344,211,52,551,52,211,52,211,551,52,52,551,52,211,52,211,551,52,52,551]},"bins": {"c_to_s": [9,0,1,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,1,0,1,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,1,0,1,1],"entropies": [4.338340282,5.027645111,4.884933472,5.431665897,4.776611805,7.047077656,7.517809868,7.078123569,4.923395157,4.961856842,4.884933472,5.934261322,7.043113232,6.764406681,4.891996861,7.507923126,5.000318527,6.783365250,4.853535175,6.745207787,7.564836025,4.961856842,4.815073490,7.579652309,4.808010578,6.780797958,4.587473392,6.752651691,7.539085865,4.961856842,4.878231525,7.529703617]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
01154{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":68,"flow_dst_packets_processed":65,"flow_first_seen":1592552878549677,"flow_src_last_pkt_time":1592552996489587,"flow_dst_last_pkt_time":1592552996502369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":499,"flow_src_tot_l4_payload_len":5210,"flow_dst_tot_l4_payload_len":14618,"midstream":0,"thread_ts_usec":1592553079303170,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}}
01159{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":121,"flow_dst_packets_processed":120,"flow_first_seen":1592553007037028,"flow_src_last_pkt_time":1592553079303170,"flow_dst_last_pkt_time":1592553079299653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":318,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":11059,"flow_dst_tot_l4_payload_len":37798,"midstream":0,"thread_ts_usec":1592553079303170,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google"}}
00858{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":532,"packets-processed":532,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":97842,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":6,"total-detection-updates":9,"total-updates":2,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":77,"global_ts_usec":1592553079303170}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 532/532
~~ skipped flows.............: 0
~~ total layer4 data length..: 97842 bytes
~~ total detected protocols..: 6
~~ total active/idle flows...: 8/8
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 8493448 bytes
~~ total memory freed........: 8493448 bytes
~~ total allocations/frees...: 145417/145417
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 545 chars
~~ json message max len.......: 2353 chars
~~ json message avg len.......: 1448 chars
Powered by cgit, Themed by Ted Yin.