aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/naver.pcap.out
blob: 2c53490a0494b95d407277cea0e0d614a12eba8d (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1730387261423525}
00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1730387261423525,"flow_src_last_pkt_time":1730387261423525,"flow_dst_last_pkt_time":1730387261423525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387261423525,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.52.84.208","src_port":40026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1730387261423525,"flow_dst_last_pkt_time":1730387261423525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1730387261423525,"pkt":"AgAAAAABAgAAAAACCABFAAA8GPlAAEAG\/eYK160BFzRU0JxaAbsaMFI+AAAAAKAC\/\/+b7AAAAgQm6AQCCArcYYAbAAAAAAEDAwk="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1730387261423525,"flow_dst_last_pkt_time":1730387261449768,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1730387261449768,"pkt":"AgAAAAABAgAAAAACCABFAAAwAABAAEAGFuwXNFTQCtetAQG7nFp363frGjBSP3ASBAA4owAAAgQm6AMDCQA="}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1730387261449929,"flow_dst_last_pkt_time":1730387261449768,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1730387261449929,"pkt":"AgAAAAABAgAAAAACCABFAAAoGPpAAEAG\/fkK160BFzRU0JxaAbsaMFI\/d+t37FAQAICRGwAA"}
01213{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1730387261453362,"flow_dst_last_pkt_time":1730387261449768,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":566,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":566,"pkt_l4_len":532,"thread_ts_usec":1730387261453362,"pkt":"AgAAAAABAgAAAAACCABFAAIoGPtAAEAG+\/gK160BFzRU0JxaAbsaMFI\/d+t37FAQAIBUzAAAFgMBAgABAAH8AwPX38a3MCvLk8uZ1hRP4mrIcI\/KE5Ca09x0fVESciasXyAHVzLhzlLebn9ANLoi0ghqpVMwaJhABDq537sQ5LecrAAeEwETAhMDwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABlQAAABAADgAAC20ubmF2ZXIuY29tABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACBTdWagI7SgZgL7PYcAj7Gok6yNBt0GqqRKhpu0eBDiIwAtAAIBAQArAAUEAwQDAwAVAPIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1730387261453362,"flow_dst_last_pkt_time":1730387261453466,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1730387261453466,"pkt":"AgAAAAABAgAAAAACCABFAAAoAABAAEAGFvQXNFTQCtetAQG7nFp363fsGjBUP1AQA\/+LnAAA"}
01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1730387261423525,"flow_src_last_pkt_time":1730387261453544,"flow_dst_last_pkt_time":1730387261453466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387261453544,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.52.84.208","src_port":40026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"m.naver.com","domainame":"m.naver.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1730387261423525,"flow_src_last_pkt_time":1730387261453544,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1730387261479172,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.52.84.208","src_port":40026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"m.naver.com","domainame":"m.naver.com","tls": {"version":"TLSv1.2","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1730387261479172,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387261479172,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"110.93.157.96","src_port":42040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1730387261479172,"pkt":"AgAAAAABAgAAAAACCABFAAA8O\/FAAEAGOzUK160Bbl2dYKQ4AbsIxNkQAAAAAKAC\/\/9rfQAAAgQm6AQCCAotHELSAAAAAAEDAwk="}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1730387261479172,"pkt":"AgAAAAABAgAAAAACCABFAAAwAABAAEAGdzJuXZ1gCtetAQG7pDh363frCMTZEXASBAAbpQAAAgQm6AMDCQA="}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1730387261479172,"pkt":"AgAAAAABAgAAAAACCABFAAAoO\/JAAEAGO0gK160Bbl2dYKQ4AbsIxNkRd+t37FAQAIB0HQAA"}
01218{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":566,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":566,"pkt_l4_len":532,"thread_ts_usec":1730387261479172,"pkt":"AgAAAAABAgAAAAACCABFAAIoO\/NAAEAGOUcK160Bbl2dYKQ4AbsIxNkRd+t37FAQAIDGAgAAFgMBAgABAAH8AwO+WVIKKHo4iEcoj\/2Pni3Ip89I+2z4VSX\/b8wvs98HySB7XO7+kUJfvAJd5\/Eq9AEree5Z8A+qIo2kx6RomAIoFAA+EwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAJ0AnAA9ADwANQAvAP8BAAF1AAAAIgAgAAAda3ItY29sLWV4dC5uZWxvLm5hdmVyY29ycC5jb20ACwAEAwABAgAKAAwACgAdABcAHgAZABgzdAAAABAACwAJCGh0dHAvMS4xABYAAAAXAAAAMQAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgHONekpeLZ\/26p8X\/\/d9UWhxjgWruEmQYfGC\/OrMdsG8AFQCjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":59,"pkt_l4_len":25,"thread_ts_usec":1730387261479172,"pkt":"AgAAAAABAgAAAAACCABFAAAtO\/RAAEAGO0EK160Bbl2dYKQ4AbsIxNsRd+t37FAYAIByEAAAAAAAAAA="}
01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1730387261479172,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387261479172,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"110.93.157.96","src_port":42040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"kr-col-ext.nelo.navercorp.com","domainame":"kr-col-ext.nelo.navercorp.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113ht_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}}
01773{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1730387261479172,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261663060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":4356,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4356,"midstream":0,"thread_ts_usec":1730387261663060,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"110.93.157.96","src_port":42040,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"kr-col-ext.nelo.navercorp.com","domainame":"kr-col-ext.nelo.navercorp.com","tls": {"version":"TLSv1.2","server_names":"*.nelo.navercorp.com,*.slog.navercorp.com,slog.navercorp.com,*.nelo2.navercorp.com,nelo2.navercorp.com,*.nelo2-col.navercorp.com,nelo2-col.navercorp.com,nelo.navercorp.com","ja3s":"263c859c5391203d774bc0599793d915","ja4":"t13d3113ht_e8f1e7e78f70_1b3407e2c936","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1","subjectDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=NAVER Corp., CN=*.nelo.navercorp.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"C0:F0:CB:37:C1:2D:17:DC:21:40:1D:14:10:E5:3B:78:0F:37:B6:EA","blocks":0}}}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1730387269609964,"flow_src_last_pkt_time":1730387269609964,"flow_dst_last_pkt_time":1730387269609964,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387269609964,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"184.50.200.195","src_port":45578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1730387269609964,"flow_dst_last_pkt_time":1730387269609964,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1730387269609964,"pkt":"AgAAAAABAgAAAAACCABFAAA8ps9AAEAGWx4K160BuDLIw7IKAbuEfl3+AAAAAKAC\/\/\/PPQAAAgQm6AQCCAqf4OiaAAAAAAEDAwk="}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1730387269609964,"flow_dst_last_pkt_time":1730387269634792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1730387269634792,"pkt":"AgAAAAABAgAAAAACCABFAAAwAABAAEAGAfq4MsjDCtetAQG7sgp363frhH5d\/3ASBACX8gAAAgQm6AMDCQA="}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1730387269634949,"flow_dst_last_pkt_time":1730387269634792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1730387269634949,"pkt":"AgAAAAABAgAAAAACCABFAAAoptBAAEAGWzEK160BuDLIw7IKAbuEfl3\/d+t37FAQAIDwagAA"}
01214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1730387269636387,"flow_dst_last_pkt_time":1730387269634792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":566,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":566,"pkt_l4_len":532,"thread_ts_usec":1730387269636387,"pkt":"AgAAAAABAgAAAAACCABFAAIoptFAAEAGWTAK160BuDLIw7IKAbuEfl3\/d+t37FAQAIBuHgAAFgMBAgABAAH8AwNZH7rBuBt1xrwIbjDlhPOR+5G6F4LrPLdIPSTRSpxo7CA+vFrtGzprO63Vue4VRezFRaS1Ecv5l\/tFSXo37dw7hAAeEwETAhMDwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABlQAAAB0AGwAAGGR0aHVtYi1waGluZi5wc3RhdGljLm5ldAAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAMwAmACQAHQAg78Ojm6jaXZuX1wRTpsRNjRNdUV3aV2AqjZhzlffXTnkALQACAQEAKwAFBAMEAwMAFQDlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1730387269636423,"flow_dst_last_pkt_time":1730387269634792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":59,"pkt_l4_len":25,"thread_ts_usec":1730387269636423,"pkt":"AgAAAAABAgAAAAACCABFAAAtptJAAEAGWyoK160BuDLIw7IKAbuEfl\/\/d+t37FAYAIDuXQAAAAAAAAA="}
01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1730387269609964,"flow_src_last_pkt_time":1730387269636423,"flow_dst_last_pkt_time":1730387269634792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1730387269636423,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"184.50.200.195","src_port":45578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"dthumb-phinf.pstatic.net","domainame":"dthumb-phinf.pstatic.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
01597{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1730387269609964,"flow_src_last_pkt_time":1730387269636423,"flow_dst_last_pkt_time":1730387269664358,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":3760,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3760,"midstream":0,"thread_ts_usec":1730387269664358,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"184.50.200.195","src_port":45578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"dthumb-phinf.pstatic.net","domainame":"dthumb-phinf.pstatic.net","tls": {"version":"TLSv1.2","server_names":"*.pstatic.net,pstatic.net","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","ja4":"t13d1513h2_8daaf6152771_eca864cca44a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","subjectDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=NAVER Cloud Corp., CN=*.pstatic.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"97:14:4D:E1:78:70:D4:E8:6B:CD:80:41:48:2B:5E:D3:E8:34:7D:CB","blocks":0}}}
00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1730387261423525,"flow_src_last_pkt_time":1730387261453544,"flow_dst_last_pkt_time":1730387261479172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2856,"midstream":0,"thread_ts_usec":1730387269664358,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"23.52.84.208","src_port":40026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1730387269609964,"flow_src_last_pkt_time":1730387269636423,"flow_dst_last_pkt_time":1730387269664358,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":3760,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3760,"midstream":0,"thread_ts_usec":1730387269664358,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"184.50.200.195","src_port":45578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1730387261479172,"flow_src_last_pkt_time":1730387261479172,"flow_dst_last_pkt_time":1730387261663060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":4356,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4356,"midstream":0,"thread_ts_usec":1730387269664358,"l3_proto":"ip4","src_ip":"10.215.173.1","dst_ip":"110.93.157.96","src_port":42040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Naver","proto_id":"91.433","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00841{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/naver.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":22,"packets-processed":22,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12523,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1730387269664358}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 22/22
~~ skipped flows.............: 0
~~ total layer4 data length..: 12523 bytes
~~ total detected protocols..: 3
~~ total active/idle flows...: 3/3
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 8452406 bytes
~~ total memory freed........: 8452406 bytes
~~ total allocations/frees...: 144809/144809
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 528 chars
~~ json message max len.......: 1778 chars
~~ json message avg len.......: 1152 chars
Powered by cgit, Themed by Ted Yin.