aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/no_sni.pcap.out
blob: 91761f954f0c5a30612a5d01213c840363a73e44 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1604822444474923}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604822444474923,"flow_src_last_pkt_time":1604822444474923,"flow_dst_last_pkt_time":1604822444474923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1604822444474923,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1604822444474923,"flow_dst_last_pkt_time":1604822444474923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1604822444474923,"pkt":"EBMxuRBeeDHBvV4kCABFAABPAABAAEAGFoDAqAF3aBD5+ciDAbvkc0fPNh\/971AYEABWfwAAFwMDACKpSo7n5l1NtXHPvYJ17DEID+iXo6vcSBPbb4QBvLt6N\/RR"}
00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604822444474923,"flow_src_last_pkt_time":1604822444474923,"flow_dst_last_pkt_time":1604822444474923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1604822444474923,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1604822444475424,"flow_dst_last_pkt_time":1604822444474923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1604822444475424,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGFo\/AqAF3aBD5+ciDAbvkc0f2Nh\/971AYEAB\/fAAAFwMDABPsQXLhLYpNcnxO3uEm2chWzCNj"}
01052{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1604822444474923,"flow_src_last_pkt_time":1604822444475424,"flow_dst_last_pkt_time":1604822444474923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1604822444475424,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1604822444475512,"flow_dst_last_pkt_time":1604822444474923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1604822444475512,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGFqfAqAF3aBD5+ciDAbvkc0gONh\/971AREABQ2gAA"}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604822444486731,"flow_src_last_pkt_time":1604822444486731,"flow_dst_last_pkt_time":1604822444486731,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822444486731,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1604822444486731,"flow_dst_last_pkt_time":1604822444486731,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1604822444486731,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGFo\/AqAF3aBD5+cmWAbsdU0ZpAAAAALAC\/\/\/IBQAAAgQFtAEDAwYBAQgKKlLxbAAAAAAEAgAA"}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1604822444475512,"flow_dst_last_pkt_time":1604822444593192,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1604822444593192,"pkt":"eDHBvV4kEBMxuRBeCABFAAAoz19AADkGTkdoEPn5wKgBdwG7yIM2H\/3v5HNIDlAQAERglwAAAAAAAAAA"}
00926{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822444474923,"flow_src_last_pkt_time":1604822444475512,"flow_dst_last_pkt_time":1604822444593192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1604822444593192,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1604822444475512,"flow_dst_last_pkt_time":1604822444594798,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1604822444594798,"pkt":"eDHBvV4kEBMxuRBeCABFAAAoz2BAADkGTkZoEPn5wKgBdwG7yIM2H\/3v5HNIDlARAERglgAAAAAAAAAA"}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1604822444486731,"flow_dst_last_pkt_time":1604822444624675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1604822444624675,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADkGHZtoEPn5wKgBdwG7yZbnV+zfHVNGaoAS\/\/9HygAAAgQFeAEBBAIBAwMK"}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1604822444624753,"flow_dst_last_pkt_time":1604822444624675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1604822444624753,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGFqfAqAF3aBD5+cmWAbsdU0Zq51fs4FAQEAB4YwAA"}
01354{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1604822444629426,"flow_dst_last_pkt_time":1604822444624675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":670,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":670,"pkt_l4_len":636,"thread_ts_usec":1604822444629426,"pkt":"EBMxuRBeeDHBvV4kCABFAAKQAABAAEAGFD\/AqAF3aBD5+cmWAbsdU0Zq51fs4FAYEACqFQAAFgMBAmMBAAJfAwM4QGbYN4X20uSmpCi+qLH24nxablHacDaB7g46zEyvJCCS0jgQR8zClHgewuqoUAH32VWvHW5IuO5vXWulcb1skAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQAB8gAAAB8AHQAAGm1vemlsbGEuY2xvdWRmbGFyZS1kbnMuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIHmVJzDe7D6qJNs1W0qD8RIXzzYXXPM\/3vnHoxYUiJkqABcAQQTWxNAmZdh04nOlC2Wggbf1TQ5Pxz25m+va297qXK9jD3ovCZ5UT7sdbxNYgxx9TZMDsDXvKRSDpVE90jpfHkDFACoAAAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAKQDrAMYAwDOWKpJVdqJ22Z6lGoaHhJKmtmYwswNzWnU5DNuC8HGbdiXoFAZXxZG56tM93v7A4wn4E03RF1w530ZLeasMMIMsYEC4asY+xpMYZn2lZDq8jUcVaGkQ1uyuuJKtxOTpieuSHwZbHKadjDUlTR7uiwEOMjeGRMdOORxuffgTWS\/WKkZmXbE85P+ToRCh8lvZip4mWqQ0NEC5HrF38UgI1faKYf2KszBanKyjpCdEBVxPT1o2z7xi9N1pX8fd5IJJ3Dhki3gAISCp9COAa94cIbcD4ODGkygxHHNgI8KCuth8lpXGNGBiug=="}
01250{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822444486731,"flow_src_last_pkt_time":1604822444629426,"flow_dst_last_pkt_time":1604822444624675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":616,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":616,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822444629426,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mozilla.cloudflare-dns.com","domainame":"mozilla.cloudflare-dns.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1814h2_e8a523a41297_7673359314f0","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1604822444629706,"flow_dst_last_pkt_time":1604822444624675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1604822444629706,"pkt":"EBMxuRBeeDHBvV4kCABFAAAuAABAAEAGFqHAqAF3aBD5+cmWAbsdU0jS51fs4FAYEABd6QAAFAMDAAEB"}
01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1604822444486731,"flow_src_last_pkt_time":1604822444629799,"flow_dst_last_pkt_time":1604822444807971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":616,"flow_dst_max_l4_payload_len":682,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":682,"midstream":0,"thread_ts_usec":1604822444807971,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mozilla.cloudflare-dns.com","domainame":"mozilla.cloudflare-dns.com","tls": {"version":"TLSv1.3","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"t13d1814h2_e8a523a41297_7673359314f0","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604822444913120,"flow_src_last_pkt_time":1604822444913120,"flow_dst_last_pkt_time":1604822444913120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822444913120,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1604822444913120,"flow_dst_last_pkt_time":1604822444913120,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1604822444913120,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGlCjAqAF3aBB8YMmcAbs\/DuN6AAAAALAC\/\/+FPgAAAgQFtAEDAwYBAQgKKlLy+gAAAAAEAgAA"}
02164{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1604822444486731,"flow_src_last_pkt_time":1604822444918595,"flow_dst_last_pkt_time":1604822444918472,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":616,"flow_dst_max_l4_payload_len":682,"flow_src_tot_l4_payload_len":1296,"flow_dst_tot_l4_payload_len":1416,"midstream":0,"thread_ts_usec":1604822444918595,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":27858.2,"max":180261,"stddev":53974.2,"var":2913210624.0,"ent":3.0,"data": [137944,138022,4673,280,93,180261,3035,178242,156,4,141,2334,6395,1417,5511,15440,136,687,115,1388,73966,13479,4177,2946,6,76790,62,5422,2521,12,7950]},"pktlen": {"min":40,"avg":127.2,"max":722,"stddev":163.8,"var":26828.9,"ent":4.2,"data": [64,52,40,656,46,210,46,722,40,102,46,40,124,46,71,40,191,126,100,132,71,46,46,46,366,71,40,40,46,293,71,40]},"bins": {"c_to_s": [10,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,0,1,1,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1,1,0,0,1,1,1,0],"entropies": [4.396777153,4.868495941,4.453056812,7.114666462,4.555532932,6.968688488,4.414441109,7.666847229,4.630641460,6.135609627,4.457919598,4.630641460,6.314809799,4.414441109,5.619441509,4.511769772,6.797011852,6.413628101,6.156311035,6.369709969,5.547562122,4.414441109,4.414441109,4.414441109,7.324114323,5.703947544,4.630641460,4.630641460,4.457919598,7.272934914,5.647610664,4.630641460]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1604822444913120,"flow_dst_last_pkt_time":1604822445034293,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1604822445034293,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADkGmzRoEHxgwKgBdwG7yZyEa\/jPPw7je4AS\/\/9djQAAAgQFeAEBBAIBAwMK"}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1604822445034393,"flow_dst_last_pkt_time":1604822445034293,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1604822445034393,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGlEDAqAF3aBB8YMmcAbs\/DuN7hGv40FAQEACOJgAA"}
01810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1604822445039824,"flow_dst_last_pkt_time":1604822445034293,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1001,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1001,"pkt_l4_len":967,"thread_ts_usec":1604822445039824,"pkt":"EBMxuRBeeDHBvV4kCABFAAPbAABAAEAGkI3AqAF3aBB8YMmcAbs\/DuN7hGv40FAYEADx5QAAFgMBA64BAAOqAwOKZdoIJJLXVGZA4tLet+CaUHoCgYsVNfGcUO5E5Yyw\/iDkSSMrT+G4DHKylGZE+9t1xT9Bwk1il4gkdGKmixfHxQAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQADPQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAzAGsAaQAdACDGOo4vonTOM2GYlWlh+M28Bv4rBtCSolJUMSM6byGyQgAXAEEEsB47X5x8IY\/5MH1UqXpFAzbgAcO0IeN+cLY8gPqZEdzm0gMalJCJbmIbZn57y5aw8W4ViyGLcMicP949QRl9egArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQH\/zgFuEwEAHQAgPGWhhHXhSBIvBL4hXbOZcIM+rNQD2DcGROPY4ll\/rXoAINowFgSFokV0+8oDzPiOBNFVqPuEsCkk5QU+JZFVeXqbASQVT3cyI9DPD+8Kd3Ww2Vi2d0E4DueGAORAkX1nZsCd92axwR+an6cI7N5dHl3UWilB1dYjPA\/Cb+kdo\/rtnIL2uvuu1ZO84mgnhL6aaGeyGgbrvNPbA3g3+pnNDT4RerDjfoe6\/qjpiEkt\/Cxegk8zCUdDD7xu0Ze3gFLPNBw+NMoVVk69a4J2D0HN5dwh\/g8OZb9iLxYQWYC6JERpN1lgtG78xLVcvV7ggnnVMs5uIwGEnfiUjF5hH5552rRr3aNqybi0n1REe12jTc0CaJnSAjssolOGEIF7Eaz0cCSNxSIxNWYS+ViM9d+mFqlG4AnoxOS3kAdhb0o3XzgfHmqOXT\/Qig2tFDnf48VJlSDMHfMizonuSCJtbeL2gpig1kFTmUpSABwAAkABACkA6wDGAMDNhC2AFFGfXEp15it59dLTTVcyyn8S81OKgZyxn+d71MvWDP\/H\/yZ0CKRnioxg4kYE8g9KY6NDndAUJAO9irc5kVyEUHYiCa1\/b7\/PO7UXyHtWF05jOnlW5epvkBcUEoz1cKj1FoHg8jVn4OXxB+hMeVp6O5W\/MXtAJMwvSY1RBUIJUwEcBDbTUg50wHii6KzVTxBq1wBqLSaTaWlzZDkiUB263uSuAwEWUj4P6lD3GW+slylGFmC4b7jJ6LG5XizAQoRaACEg2Q4sqc9BVWDARn8I0Hf4LU0dkZ+vNaoeVKdqU0RHzqY="}
01520{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822444913120,"flow_src_last_pkt_time":1604822445039824,"flow_dst_last_pkt_time":1604822445034293,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":947,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":947,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822445039824,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1813h2_e8a523a41297_a36e8500eb55","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1604822445039824,"flow_dst_last_pkt_time":1604822445134722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1604822445134722,"pkt":"eDHBvV4kEBMxuRBeCABFAAAo0tZAADkGyGloEHxgwKgBdwG7yZyEa\/jQPw7nLlAQAEKaMQAAAAAAAAAA"}
01563{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1604822444913120,"flow_src_last_pkt_time":1604822445039824,"flow_dst_last_pkt_time":1604822445135087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":947,"flow_dst_max_l4_payload_len":232,"flow_src_tot_l4_payload_len":947,"flow_dst_tot_l4_payload_len":232,"midstream":0,"thread_ts_usec":1604822445135087,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"t13d1813h2_e8a523a41297_a36e8500eb55","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
02509{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1604822444913120,"flow_src_last_pkt_time":1604822445694881,"flow_dst_last_pkt_time":1604822445694834,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":947,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2075,"flow_dst_tot_l4_payload_len":8322,"midstream":0,"thread_ts_usec":1604822445694881,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":120,"avg":50434.7,"max":472643,"stddev":107031.5,"var":11455736832.0,"ent":3.0,"data": [121173,121273,5431,100429,365,95332,957,4750,120,77068,533,71774,182,427,594,188,76917,15494,380381,472643,2763,2757,2091,2075,1637,1645,1367,284,1629,603,593]},"pktlen": {"min":40,"avg":367.0,"max":1500,"stddev":489.4,"var":239474.4,"ent":3.9,"data": [64,52,40,987,46,272,40,104,210,903,46,552,40,46,71,40,71,46,46,1078,40,830,40,1431,40,1431,40,1500,393,40,1164,40]},"bins": {"c_to_s": [12,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,1,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,1,1,0,1,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,0,1,0],"entropies": [4.459277153,4.906957626,4.434184551,7.493985176,4.501398087,6.837790012,4.611769199,6.011372089,6.893880844,7.790526867,4.501398087,7.625611782,4.561769009,4.501398087,5.703947067,4.561769009,5.575730801,4.457919598,4.501398087,7.808494568,4.611769199,7.795384884,4.611769199,7.862168789,4.611769199,7.876565933,4.611769199,7.855591774,7.425184250,4.611769199,7.806784630,4.611769199]},"ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604822447227531,"flow_src_last_pkt_time":1604822447227531,"flow_dst_last_pkt_time":1604822447227531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447227531,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1604822447227531,"flow_dst_last_pkt_time":1604822447227531,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1604822447227531,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGSmLAqAF3aBHGJcmzAbtjbUROAAAAALAC\/\/+t4gAAAgQFtAEDAwYBAQgKKlL7RgAAAAAEAgAA"}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604822447249969,"flow_src_last_pkt_time":1604822447249969,"flow_dst_last_pkt_time":1604822447249969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447249969,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1604822447249969,"flow_dst_last_pkt_time":1604822447249969,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1604822447249969,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGSmLAqAF3aBHGJcm0AbsYxEgFAAAAALAC\/\/\/0wAAAAgQFtAEDAwYBAQgKKlL7WQAAAAAEAgAA"}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604822447287011,"flow_src_last_pkt_time":1604822447287011,"flow_dst_last_pkt_time":1604822447287011,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447287011,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1604822447287011,"flow_dst_last_pkt_time":1604822447287011,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1604822447287011,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGx9jAqAF3aBZIqsm1AbvwpFrxAAAAALAC\/\/+HSQAAAgQFtAEDAwYBAQgKKlL7eQAAAAAEAgAA"}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604822447287254,"flow_src_last_pkt_time":1604822447287254,"flow_dst_last_pkt_time":1604822447287254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447287254,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1604822447287254,"flow_dst_last_pkt_time":1604822447287254,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1604822447287254,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGx9jAqAF3aBZIqsm2AbtLPosXAAAAALAC\/\/\/8iAAAAgQFtAEDAwYBAQgKKlL7eQAAAAAEAgAA"}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604822447287617,"flow_src_last_pkt_time":1604822447287617,"flow_dst_last_pkt_time":1604822447287617,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447287617,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1604822447287617,"flow_dst_last_pkt_time":1604822447287617,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1604822447287617,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGx9jAqAF3aBZIqsm3AbsAL2HpAAAAALAC\/\/9wxQAAAgQFtAEDAwYBAQgKKlL7eQAAAAAEAgAA"}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1604822447227531,"flow_dst_last_pkt_time":1604822447311202,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1604822447311202,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADcGU25oEcYlwKgBdwG7ybNKGfaqY21ET4AS\/\/\/K9AAAAgQFeAEBBAIBAwMK"}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1604822447311306,"flow_dst_last_pkt_time":1604822447311202,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1604822447311306,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGSnrAqAF3aBHGJcmzAbtjbURPShn2q1AQEAD7jQAA"}
01222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1604822447321601,"flow_dst_last_pkt_time":1604822447311202,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1604822447321601,"pkt":"EBMxuRBeeDHBvV4kCABFAAItAABAAEAGSHXAqAF3aBHGJcmzAbtjbURPShn2q1AYEABxjAAAFgMBAgABAAH8AwOOdaINkrkni1lkg0EYhB7CXywxYLUEQaB94XZ7swcviyDoXf8Mnld+CWLGSYqiJkQGZZHCItfbHLw5GpALvsX0fwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQABjwAAAEIAQAAAPTk1MWM1NThhLTVlMDctNDdjYS1hMGMwLTIyNWRhMWIzMzE2My5pcy1jZi5oZWxwLmV2ZXJ5MWRucy5uZXQAFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIOfwyLIVH0Su0me3OGwu5ql9kHcNhOKA2\/oA4t1UmEYWABcAQQQbVWVY2y3r6Noo9p6qd3fGD31lfhwkBleOSQVZR94Q2uMqa3NtF3kY1er0qJelDJ3SvS5bjVDkBqwPJYfE80afACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822447227531,"flow_src_last_pkt_time":1604822447321601,"flow_dst_last_pkt_time":1604822447311202,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447321601,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","domainame":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1814h2_e8a523a41297_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1604822447249969,"flow_dst_last_pkt_time":1604822447325440,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1604822447325440,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADcGU25oEcYlwKgBdwG7ybQgqbhsGMRIBoAS\/\/95lAAAAgQFeAEBBAIBAwMK"}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1604822447325515,"flow_dst_last_pkt_time":1604822447325440,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1604822447325515,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGSnrAqAF3aBHGJcm0AbsYxEgGIKm4bVAQEACqLQAA"}
01222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1604822447330671,"flow_dst_last_pkt_time":1604822447325440,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1604822447330671,"pkt":"EBMxuRBeeDHBvV4kCABFAAItAABAAEAGSHXAqAF3aBHGJcm0AbsYxEgGIKm4bVAYEACqNQAAFgMBAgABAAH8AwMTMNwzO21ZEZnBJ8YoE109\/i6YNzxxygde+NFPk4Vg0yBtnXms51StvlcYPwUtQJ3a2Aae1RGCTFOxqXrJXOFBFAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQABjwAAAEMAQQAAPjk1MWM1NThhLTVlMDctNDdjYS1hMGMwLTIyNWRhMWIzMzE2My5pcy1kb2guaGVscC5ldmVyeTFkbnMubmV0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAzAGsAaQAdACAAGB+Ylz9tQWb3UZnj0MzC1iRLGQar+XyEWlMZnweIGQAXAEEEqEtOLMcAlryMSCaEMrbAEwrL0bH8mkD8soGNzp04CSJANtzqXJe3j\/dKAkxSvfkPUgnR4yBBz+PZw0ry7VkmCQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQBkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822447249969,"flow_src_last_pkt_time":1604822447330671,"flow_dst_last_pkt_time":1604822447325440,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447330671,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","domainame":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1814h2_e8a523a41297_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1604822447287011,"flow_dst_last_pkt_time":1604822447368937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1604822447368937,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybVDiAdt8KRa8oAS\/\/+aXQAAAgQFeAEBBAIBAwMK"}
00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1604822447369036,"flow_dst_last_pkt_time":1604822447368937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1604822447369036,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm1AbvwpFryQ4gHblAQEADK9gAA"}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1604822447287254,"flow_dst_last_pkt_time":1604822447370587,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1604822447370587,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybbraGnySz6LGIAS\/\/8FNwAAAgQFeAEBBAIBAwMK"}
00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1604822447370657,"flow_dst_last_pkt_time":1604822447370587,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1604822447370657,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm2AbtLPosY62hp81AQEAA10AAA"}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1604822447287617,"flow_dst_last_pkt_time":1604822447373226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1604822447373226,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybcBQwC0AC9h6oAS\/\/\/M1wAAAgQFeAEBBAIBAwMK"}
00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1604822447373287,"flow_dst_last_pkt_time":1604822447373226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1604822447373287,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm3AbsAL2HqAUMAtVAQEAD9cAAA"}
01496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1604822447374307,"flow_dst_last_pkt_time":1604822447368937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"thread_ts_usec":1604822447374307,"pkt":"EBMxuRBeeDHBvV4kCABFAALwAABAAEAGxSjAqAF3aBZIqsm1AbvwpFryQ4gHblAYEAByzwAAFgMBAsMBAAK\/AwOo7n9Ps15wBazvRSwP0XknzspI1stxfxt\/UzR\/iTVJEyAC8G++cc8\/RPDfJFBfMKnQnmiwhlHCQVzbLmLhap\/o+wAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACUgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgTLq0AqwNou6MGsB1+SYEgJSmTUTOD\/TxJYrSVvP1oDoAFwBBBKeqi+5mZF4FqrZM+Nc98bOF1LLJjzR7iMhqwT8EHpJcTJIoY3Ocwhydzi6GkM5amaGkSUUhnwcxZgCBpYGYspkAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEB\/84BbhMBAB0AIFOmheJL4xy5gpY\/yJcKeKS\/9XQSn93DrBI1rxRCLVANACDaMBYEhaJFdPvKA8z4jgTRVaj7hLApJOUFPiWRVXl6mwEkut4Z8rAnlJ\/BQOlO633VmiJBVo0HHpTYKwow\/UrgM4eV1qOMwieMsrNSqM1l6bwtgDOlVaEPC0GRn4aCQtU1XP2X4FcQcEBgB0TQYfr+VqTH9px\/hRvQKbytE9L34VP2TUenG1F8iF0heywb5ZSJNRlrHCwIxo1Q1cFXgSmt+bxqFdr2xk3KCZcGELX4JsHF1xtxipkI9hU2eSqna\/RV\/6OZjs+0xDobkL7dH+C4x8IS+6ZbU9dcdpF1KnVLSsBAwCn4gdmjyqOcJkFmyD9MzJR7Kox31au\/1ccnVPYgJWTBHIf96KJnmFelvEa3Tqt25pUSu5EXfJqkJM4E5MPphlNhuXtutSQatEVfktgwClJtegRW83L4awezF4ogcf6f2s73jwAcAAJAAQ=="}
01521{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822447287011,"flow_src_last_pkt_time":1604822447374307,"flow_dst_last_pkt_time":1604822447368937,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447374307,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1813h2_e8a523a41297_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
01495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1604822447380742,"flow_dst_last_pkt_time":1604822447373226,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"thread_ts_usec":1604822447380742,"pkt":"EBMxuRBeeDHBvV4kCABFAALwAABAAEAGxSjAqAF3aBZIqsm3AbsAL2HqAUMAtVAYEAAkOwAAFgMBAsMBAAK\/AwNVI7InNdA1ot5OdKof1kA6BpGq39LpfrSaqLEJ4t4pyCCv0oSr4LDlh2WzJ9HwxgZARteBYDIbmU3nj0BJKwky+gAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACUgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg7QAbQ7koWJMYoOecI197XFg+d23v8PjWib7icO3n\/FwAFwBBBA8OlHTHMCeAOzQUay5DCVe2ET8f6buSW4LVGxdHe8jrqvhXpCb+NoAKMsX\/aFrJFFo51N2cc4w\/Fh30MOpOulUAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEB\/84BbhMBAB0AIEjhe5bsavzQ67r6YZd7oG78oUtyH0sMqVomsLYebm5wACDaMBYEhaJFdPvKA8z4jgTRVaj7hLApJOUFPiWRVXl6mwEkGl0dzIxH3UbiFXD\/ti+ZnNhfaZg98I\/A6UThXpUgVWxUYvURDuH8NPk4Yq3Wst5v1HkmMCj4IVcnOzpyhEPOCiWeUPZXAZ4C3Zu0CMcpfFQbdWpVdpuIwE+\/Jo9nfuvAdM6x2QV3DWfmZjs5LPCegAhmYb1Z9kADX+9l3va5NlStNZ2VFMQja7+fVl0pkiRHXepdGBP3rxz5pEAqsK2x3S0wdezniiFt5uiKguifcr2z7DsmYE1kM\/9e9xwV\/H4+Yk7MFcFkSsTPg5EZY2llGE2vj8EVxsCSYDBvziAk02Bjbvs5qsudzlQiboR7Y1bxovyogiImbMIdV17\/v5\/g9VPZmxrlZKp6AB2jx3X\/4Z3P+WoYFKr4VUuHGSa2WCRn\/aBSJAAcAAJAAQ=="}
01521{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822447287617,"flow_src_last_pkt_time":1604822447380742,"flow_dst_last_pkt_time":1604822447373226,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447380742,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1813h2_e8a523a41297_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
01493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1604822447386869,"flow_dst_last_pkt_time":1604822447370587,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"thread_ts_usec":1604822447386869,"pkt":"EBMxuRBeeDHBvV4kCABFAALwAABAAEAGxSjAqAF3aBZIqsm2AbtLPosY62hp81AYEADBvgAAFgMBAsMBAAK\/AwNRUOqW8fcFAIVJ2wDVWV7C3Kd3FLHiQcf08yw4FN3iXSCr++V7bGNoaO02ERHmP51fO+JZbR4AQQj87xtTZ0QmgwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACUgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg1\/nF9GBjzoBJP3vChsI3TG08\/GK1TsqGFkFsvA4YsTYAFwBBBM6shgU+jIrVFTkZ9XOduv8uISc+1jmvtR4\/i\/iVQ5mkzXP3UH4e2gztWXshEhxsgD9Q5DnmNDoCVwQBrWyhBo4AKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEB\/84BbhMBAB0AIIL8GVgWuqJ31PIAS9EwGQtG8rU0tCk\/N7q9r130NnNwACDaMBYEhaJFdPvKA8z4jgTRVaj7hLApJOUFPiWRVXl6mwEkS8IkWC2D2bmZ1aalyMpfcETszLdbZEvlB692JDGmKS2g777tYyoryGh1b\/cgxb2Dw0XmCzUpt799pNsl5lfgsSb\/zWK7FUTYSo2B\/3jOPhS7A9xCnyXTSYLUKwD33PzWwKbZHq+itqMzgYfes2eqKe1zHFL9BWGSPB\/yCuItpWVRqR\/vBTR8RtAcUd7v1jo1gB8dmhG7Jx6xY5Eufjxl6HfZY3+g7L+DeH+NKvI3qqQ+O8gr2YFAyaInp+4djrXbPsVdnGNailJditx+fCJhojUSCluxDsiDydGVbRxMt9OyK2BuCFCC7gNcCbFUB04DHqlhZREnseT0GjaFHQJqQMbN02cS6Eo6rN7cQDGYg6nBwThwqMwQ555qhDUtBoETTMl5QQAcAAJAAQ=="}
01521{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1604822447287254,"flow_src_last_pkt_time":1604822447386869,"flow_dst_last_pkt_time":1604822447370587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604822447386869,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1813h2_e8a523a41297_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1604822447321601,"flow_dst_last_pkt_time":1604822447410183,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1604822447410183,"pkt":"eDHBvV4kEBMxuRBeCABFAAAo1yZAADcGfFNoEcYlwKgBdwG7ybNKGfarY21GVFAQAEIJRwAAAAAAAAAA"}
01342{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1604822447227531,"flow_src_last_pkt_time":1604822447321601,"flow_dst_last_pkt_time":1604822447412088,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1604822447412088,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","domainame":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1814h2_e8a523a41297_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1604822447330671,"flow_dst_last_pkt_time":1604822447437859,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1604822447437859,"pkt":"eDHBvV4kEBMxuRBeCABFAAAo2NFAADcGeqhoEcYlwKgBdwG7ybQgqbhtGMRKC1AQAEK35gAAAAAAAAAA"}
01344{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1604822447249969,"flow_src_last_pkt_time":1604822447330671,"flow_dst_last_pkt_time":1604822447447323,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1604822447447323,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","domainame":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1814h2_e8a523a41297_d267a5f792d4","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1604822447374307,"flow_dst_last_pkt_time":1604822447498308,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1604822447498308,"pkt":"eDHBvV4kEBMxuRBeCABFAAAoH25AADQGtIJoFkiqwKgBdwG7ybVDiAdu8KRdulAQAELX7AAAAAAAAAAA"}
01566{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1604822447287011,"flow_src_last_pkt_time":1604822447374307,"flow_dst_last_pkt_time":1604822447500011,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1604822447500011,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1813h2_e8a523a41297_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1604822447380742,"flow_dst_last_pkt_time":1604822447502334,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1604822447502334,"pkt":"eDHBvV4kEBMxuRBeCABFAAAofoRAADQGVWxoFkiqwKgBdwG7ybcBQwC1AC9kslAQAEIKZwAAAAAAAAAA"}
01566{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1604822447287617,"flow_src_last_pkt_time":1604822447380742,"flow_dst_last_pkt_time":1604822447506495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1604822447506495,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1813h2_e8a523a41297_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1604822447386869,"flow_dst_last_pkt_time":1604822447513175,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1604822447513175,"pkt":"eDHBvV4kEBMxuRBeCABFAAAoowNAADQGMO1oFkiqwKgBdwG7ybbraGnzSz6N4FAQAEJCxgAAAAAAAAAA"}
01566{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1604822447287254,"flow_src_last_pkt_time":1604822447386869,"flow_dst_last_pkt_time":1604822447515088,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1604822447515088,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","domainame":"","tls": {"version":"TLSv1.3","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","ja4":"t13d1813h2_e8a523a41297_0d6ff543c596","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
02511{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1604822447287011,"flow_src_last_pkt_time":1604822447783794,"flow_dst_last_pkt_time":1604822447783495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1453,"flow_dst_tot_l4_payload_len":5882,"midstream":0,"thread_ts_usec":1604822447783794,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":23,"avg":32040.9,"max":143742,"stddev":43042.9,"var":1852691072.0,"ent":3.8,"data": [81926,82025,5271,129371,1703,673,126443,63976,9103,148,11896,1581,143742,57056,79239,1596,80830,1627,14677,255,13311,11856,23,12136,91,25357,25014,814,775,5252,5500]},"pktlen": {"min":40,"avg":271.3,"max":1500,"stddev":409.4,"var":167573.6,"ent":3.8,"data": [64,52,40,752,46,1500,1371,40,104,210,366,115,115,1371,52,46,552,40,71,46,71,40,567,71,40,40,354,40,71,40,354,40]},"bins": {"c_to_s": [12,0,3,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,0,0,1,0,1,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0],"entropies": [4.459277153,4.906957626,4.521928787,7.339107990,4.501398087,7.864248276,7.833704948,4.680641651,5.877521515,6.990070820,7.449111938,6.292889118,6.375582218,7.833081245,4.709867954,4.544876099,7.609548569,4.680641651,5.444761276,4.457919598,5.626344681,4.680641651,7.643690109,5.580639362,4.630641460,4.630641460,7.406938553,4.680641651,5.636977673,4.680641651,7.347516537,4.680641651]},"ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00954{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1604822444474923,"flow_src_last_pkt_time":1604822444594879,"flow_dst_last_pkt_time":1604822444595017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01035{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":154,"flow_dst_packets_processed":114,"flow_first_seen":1604822444486731,"flow_src_last_pkt_time":1604822448523987,"flow_dst_last_pkt_time":1604822448523926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":616,"flow_dst_max_l4_payload_len":682,"flow_src_tot_l4_payload_len":6898,"flow_dst_tot_l4_payload_len":10164,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mozilla.cloudflare-dns.com"}}
01316{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1604822444913120,"flow_src_last_pkt_time":1604822445727508,"flow_dst_last_pkt_time":1604822445705929,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":947,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2075,"flow_dst_tot_l4_payload_len":12913,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1604822447227531,"flow_src_last_pkt_time":1604822447574511,"flow_dst_last_pkt_time":1604822447785853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1113,"flow_dst_tot_l4_payload_len":3583,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1604822447249969,"flow_src_last_pkt_time":1604822447595974,"flow_dst_last_pkt_time":1604822447807205,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1114,"flow_dst_tot_l4_payload_len":3582,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01315{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":16,"flow_first_seen":1604822447287011,"flow_src_last_pkt_time":1604822447785923,"flow_dst_last_pkt_time":1604822447869770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1453,"flow_dst_tot_l4_payload_len":5913,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01309{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1604822447287254,"flow_src_last_pkt_time":1604822447844256,"flow_dst_last_pkt_time":1604822447844195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":987,"flow_dst_tot_l4_payload_len":3333,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01309{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1604822447287617,"flow_src_last_pkt_time":1604822447839595,"flow_dst_last_pkt_time":1604822447839532,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":712,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":987,"flow_dst_tot_l4_payload_len":3333,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":442,"packets-processed":442,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":57511,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":79,"global_ts_usec":1604822448523987}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 442/442
~~ skipped flows.............: 0
~~ total layer4 data length..: 57511 bytes
~~ total detected protocols..: 8
~~ total active/idle flows...: 8/8
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 8595175 bytes
~~ total memory freed........: 8595175 bytes
~~ total allocations/frees...: 145324/145324
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 529 chars
~~ json message max len.......: 2516 chars
~~ json message avg len.......: 1521 chars
Powered by cgit, Themed by Ted Yin.