summaryrefslogtreecommitdiff
path: root/test/results/default/quic_0RTT.pcap.out
blob: badec1742b120e4c0a0d50a5e0b4f8aca0fffa83 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

00510{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00573{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1603888789791229}
00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603888789791229,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789791229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603888789791229,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
02210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789791229,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603888789791229,"pkt":"AAAAAAAAAAAAAAAAht1gINJtBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB7CsRWwTYBOvD\/wAAHAhCNdWrrb4+VQiw7LD1RGMN+zL7OkPMAtXpNlW5O0b2\/q+3KdcOtoYFqBIwOi4AbeOZTA9r8spxR89EzuGsSMH\/bUH9ekHEQ922xeaUjW2FgbWmXjMqS+663UY67NIITXpkFxwR22N+eMGvlLVxq1DPyvGiZiTcqCSaCZ0JYqKt+vdrIBp0w3K49QUaWm1DuJd+cQIJzCcz93gKXA+aQn8qJuO+lEHGyiCLVgeWI9\/dk7q4fiSnyVYB8Z\/88\/1PGsSPr7zMnahidPl8sGnTG9MT+px4myWEEHOjoSU0yW9DlNQElkOgitzZjllGvGhUhiBIICMF4QAUv3\/uP2UIoOlO5XivEkb+TEkDY+TeRlQOAIIUbsGZNooxIOe9TQJ82TvA7CrEVTKBa\/0UwEVbDA+egVUviZQiH5ib3Eft7yjRSwrLosJr+JYLE\/b1gPCQqV3\/X9AjXGrd184V\/I069AxL1W3hrfjhc9kTxr61FQb3iBePpHQNPrmWPpWzg65lBvr27yyzoj6wYSTbO781l0YatfDl\/dDvdQIfKr2P6uLMGzJJZkB+Ef6aEehROc00Tde4mLvS3KtN0T7iH4IEsYc3Db9k0scho9GMCBSBIiEPvgGR0Y67dvPV5slktWIWuArg\/VlYjYX5wnaRfV563WjXbTYNGUsYH6yJ12K39PLd+9sxGuDsDv7wuOHQ\/wAAHAhCNdWrrb4+VQiw7LD1RGMN+0KnwyOIE1IPFP+gl6zZC2dnhr2vJbjX4p4gjfOHidbDFdeXHDeCB6AR+v8jJSYiWVKpOKT1tYDZ2eaYAb8EM4juskAwg8WJRDDALjE67avfbFy2bAKFGVwliLbq9g9yfe2DG7zudaoq7VcKjW8DJUYzFu0kG3f0I+eg9KERSSE9tNgraaUChfDY0CfeGXPHIGfNOqV2eildt3CypMlgx434dmv5i8bOFyWursPeR9FPxLAp0E17z39ZowCy9mzMTuEiKSfVFZVEb8A56B9ppGExgQC8QO0Af3vfqS2ttKNvFYUOgdWvnxDVxIQ3xlWS6ELnr9IEyJP7QN13nNZW2yyDnRClGdlAqhKZndvswyZgxdwswpMFr+Hp46L60HP3+Etr\/g+ZQ+dSKaPL8j+qjU4\/5GbDlG+Y8GGpP5yetDzWW4wN5wTi1RfvXLkUi4VB3m4LwQbvS4nockw+p2t9FIJYuLtV0dMHU6Hv7HaVbrS2rEeooj88IkO1U14qUJPxLmg2Uy36iXq2YaI6VfIvwaNOpQxMq6KJ4BIC327gV6F7pkRGqQyr\/fLXQ9\/QAgpjmMNkP95RpEi6vYM4P3hLk7YGQVBnB+IU0NE43CFBWiQCbD6GGRc88ZdV8uxhElyGuoq\/YHF3odV6QEFs9PDd2W40mlJEPTrU\/YbNrDK9EX6uJSY7GfN5JJTDeEvWfQOsQ0uy8IYjlyJ5TxtnQXnq04wVfUtffinNWMR7cNrjwWmw0LkdigoLMel\/dN7JQkDILpNPwSYQ07T0bRnC52xgOJ5umHTPriox2zwHfRI6lLvfBx7j5PR\/iXTtkoj6weekfmGYFZhQNsP1hkCk+6CJfCIo1m1SFLNWhogGJZIJgLWrvdtqIciw9ptTqsx5dUUsMd3KoDy70p2VEA=="}
01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603888789791229,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789791229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603888789791229,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"abcd","quic": {"tls": {"version":"TLSv1.3","ja3":"a7b629a5bd67bfc25e2c78b3daa4c12f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-32","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}}}
02210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789792113,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603888789792113,"pkt":"AAAAAAAAAAAAAAAAht1gIEmLBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvsKwTYBOuB\/wAAHAiw7LD1RGMN+wgWsFEjN2HZaQBAoeulPe6gJ\/sr\/GIbyJYc14UNgXtYbxk5qiSqETQY4WZpoAlQETVvk0wWYFOpUIdBARl1suh9iNp9EVeqqDCK8cOmjC1x9D6Kfk9hGxfOeT71tvhKd4oN+bdYPjbqVP0GFxeHN3IMs7Zr+fKeQyuFIUWnb5Z155Se3XdA\/gkvhnMx1ULX5WEKCC9gZx60DO5zH6utYTXgxvBd7Ru+OqadPKlFof8AABwIsOyw9URjDfsIFrBRIzdh2WlAxDmD+hjo+e1bU72YwbmAGOLxO5htQDsPNuVs6LSSsGz3SFw0RPm4E415JCnhx8Ge0QKEWADh5iBKGwMueF2ztpwDH7jsWxr3wB6t01oBA1kA7ZvkbHO543VSXW8URQBDqZoClPbnrQAcBZ+H69\/w3iitABvrJy3KVNkC9+NdHjbogcNpY\/5rLpRLS5HK\/H6JgUnP0BdrxIIF6HWRic\/Wf7gn1j0WoelZtuUrK3RpR66wFjn8EMNQiKG+ggDuldLKh\/U6tL0BsOyw9URjDfuFTTkGJh6F+XUUpTe3M82jojmegspYUKam1MxQec2Qkg\/alipH7KpbN4YAt16GjKA0vziYX61TA5r\/+c+B2T\/sfMV9v\/HKdLDeTVTmLVtM6L+LQWLFNxbF4yrEngXf\/VZT2XaqBGXuy2LCG0Ll9PjYDBtAtstKFFXX1\/Aq9PC+CdywR1PopMQdX5Z9pMSyZiyB5Lzg3cVGVQshXQFro5Kf54d6amO7D2XxOTcZnQiaAf\/TGRrLMf2QELrrUW5vGD6IdIKDtOHH0dTjyWhDTPJEfsacf7m9B9Xhce36eKCRqwlUUYp9cEORg9tAs+LNJkhiCPhfdI2kmtp2bekrtpez6Fafq\/eSu5bTHdTjUlYAqlsCVns0h2QvzRkddQkOUP7gAh5QNKxagIYkVNaIjoRzRpVUuqTaY5AYQbzrX47APe8VY1hIf5XFE6TPMKmMe2Q\/0CtWSycEDeCk28gGteNWfkas+cB+UI1rrRtWgkmad7zXpxmJvEVKx1EjCgwWfU89z+KDl6jD4P4IeVlDy+ynTr4HbYfYMZyTtc1RDHu8b7675WQKM\/HIrQq6E8CeXlwrV\/kN4X7y3aDTZ8UUUEk3f6P1Q8uLPJ2Yruxo4hJaXf2cw6q7EdHqcpvwl9wyP0SydRM5I5Xs9cDxcS9AAJl75598Onx7hfnsjzw2+Lk4PiuB9x8RRtBxDIfr1GIv04yL1ivxWfjBmvn9aCE1EDAtVLxBhg2AhlMxK5+fcZuD8gajCU3jBim0JQ1mEhqnrWZNbjfhTXGYll4oRXXUgYKlIV5s1CchSlcMgg5uu0+4Aj3J0p8FsizlxDbb6CHs\/xgqFSxARbNxD3LVLxEd+HIIdIWwvT1MTqPrwh0uOKGI3kFXzTPm+StyKn3RLAeyIgL4EkpQslwgXWxlUtDWXyicGhGk5giCxEYaSUkCR2ecvlHkQpbq28IGeTXJEr9czuuYuc6xx6JNXW8HuS7eYhN\/9rkNRrkW+Ih9+rtXr1O+2Dy7ZXSKTG4Wnmba1vr6ZEKbxvCvQURsWLQQxX5DHxb0xG+It92fZknkVToOutQ6p1RiqEpFpKmIm03EPunCuw=="}
00576{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1642696459202000}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642696459202000,"flow_src_last_pkt_time":1642696459202000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642696459202000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"142.250.181.227","src_port":51972,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1642696459202000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":1642696459202000,"pkt":"eJS0JASgYDjgxTWgCABFAABpHCNAAH8R13bAqAJkjvq148sEAbsAVb1N3AAAAAEIZbnuI7NzRNYAQDw6ETJgJtnaW4Dzps3McwFi0x8VnVwO7RJLNCBVBqiWNmzfu9oL42X8gbNncXuRY2lvH2rb4p2qGfmxe2Y="}
01017{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1642696459202000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":409,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":409,"pkt_l4_len":375,"thread_ts_usec":1642696459202000,"pkt":"eJS0JASgYDjgxTWgCABFAAGLHCRAAH8R1lPAqAJkjvq148sEAbsBd7Ag1AAAAAEIZbnuI7NzRNYAQV5mqkZpRs8e99gEnxpMKgcyM4ebNtzOcUmv1eRpS\/4Y\/mYyP1B30U9uS4NGHjyOGaFJnHQyUbtswyTwz+8uass48b1GPbmGmqQGpgZzohRjGIpGw5eZwAz\/Hue6+YW9hwAmx9m0UhFfKsxUneEQJWrND6vl7b4\/1fQnPQDJpSQzDhzIhJtH1Pbfr\/WxE+M9SYDl1quiMttOidtA3D1KovBObJj1YlosZRsCpK8jwfULuNPkMn0+JgLUu2\/2STd82m+o+3G92qTNfTHYeBX+Sz8bpdn3vD9Uzax\/wWQI6eIrKNESFD3RLvXcx4+iyLJ6EqD8eYRGEEvi4b4XufDdC9OsxQBFVDeX\/54chXjPWbYOB67nyOuSaNm7e\/7SQG5tg2Rrb8\/P35bz7qAI+r9SDAYGGzm0kMCD\/gcU\/eB9a0NUUKHN\/qxjP0dTa9I1hufPHnolkoo70d0iz7y+nNj5LA=="}
02206{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1642696459323000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1642696459323000,"pkt":"eJS0JASgYDjgxTWgCABFAAT+HCVAAH8R0t\/AqAJkjvq148sEAbsE6tl4xAAAAAEIZbnuI7NzRNYANwDSMfgjq4OxpsfNKcHQ6KARDCyokxbtdp7Y\/Omp0cgQbiBRYO+svznVHOtWf7OlGIMtn2Cg\/L1EmSLhP0Fff3TR+PBjnn3xKD8J\/aXiVRElqimYQhalnslkwkFcz7HT5WSmmKu4VoyTjxT9a2r5CICxjv1e9gZGEz50cjhoD2ifxD11+2hodb962BAC\/69O1Xv7QK5dQ7pWtXXbReRv2043pozLoG5Sj2DRMO1jzwfGKVPeVvT6d3JlS+\/KFcQH3FOK7kbLNVQ3jTdxtjQcTDCM2ukPhL52VnU0pRYEcfjnjof+2lc5G708JE9V+N+aPQfwCKFa5jq2wn4OGgPZLtG2fCQr2cyH0ggy1NVhjg9Ppi7euoidj8RKLvTYQHeTxlktPUw62Wb4HvH8ZODv\/gnhARYvir4g3SQl0wed+fLy\/MMm2W9stuJOVK7y7NU6TiiV\/etQcKxr9mbJ6ZXswOYHzV7nrCnF01Wz8lBkk3myFnjIlcHxnhKms9mN9iiIbNFpeXJL0wUZdIEnFx+Ky6EgcDSAfEyoQnRRGM6QJDw0zN40CpMAyCRvB7Jyv+Bt3LirQNGyGd2dTTtojFQ1QV4fn6SGbPHH1GJ0j3V3A6qcv3\/D0XQUm9UlTMeIgfYR9WTA9lMzaoa8u854U\/EBloDQk2k\/cEdn3H4u5xBHgxiuL6pwtyLEHkPJy5lONubue6FY9Xu9UgQ506YI68R\/DDFzi0q2TNYnr4hnF6dG9Y5WaLfMuXizESHWoxemhD37Rfn6vCFR7J4ODkYWcp5CYaBU1VgcR6GmgIMd3qM\/Jfg2H\/q7qOyc9JW\/3r+LeNWzj2UHLsMUIYyaf5Ea6GNZqInTyU0bc8m0oo4A1iczFeKZySJkcrdZfH\/rfaR84LoUghhfE3e0AMP2sjdBbQCEqVv1BVJiI99xS8aoheyOzBIahfJyTcHIm7ktke0hlsEG9Is0vLG0l1ilTK4Rj2O\/lkGmeH2XTmlALT1pIzMj9geHB2pUsBIP5Y7SoqHlZjGQr92qQybpGhJHNLIv3JI1Z8mJUYsdrsS1xdH6JLFMgP3I824xWjGxx61Z1FZbLgGZSBMBdxlPVAKfvKpa6Vsc1eNW2RW6hOD99IyH+koOCha9y8yvDciPmiBC2Rr4g+XS2Eq8WTac+E98GisQXSiAXdS3+BAln09Oi4AVOx5zIXFd88Vlb0QZIGSelwYpnrLG8t58dTvE5lm61yDW1G793J6Ahb1Nhef18kf2zIcqjpCZFoWo+25ejWZ6N3PwmpBS32yQTUw137N3jXhogEcues\/cCZE2LhsPmlEp\/zblpfwU5rcVPvPYNjSYhEYNjzukfs5uhGYeYy4LI7jkGSEeOC3\/Gb+nU34gZq9xDhByquJ2L3F9DLphkTQeFxWzwwSmmjfJsutdeUVze0no0ko2PrUhTeLlKpYj8izHdG9s7aOmOtdfSXVqMsJ13XMA4+gCkfdXoMipLMY3myoeJcRzm20YUipIu6v2+vE5GcH3QL9tm+Eh1cMqanwMU3PBaaSfgg7GixdA871kdeO6y5bZU66uPVwCvSl\/hr0eU\/XX7I0CwmoKl0SRgDwU9cfA7UTJlJgscaWUggnIw56M08zUwx7UrXDpLSddDw64YEJX2dOGolI="}
01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1642696459202000,"flow_src_last_pkt_time":1642696459323000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1694,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642696459323000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"142.250.181.227","src_port":51972,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ssl.gstatic.com","quic": {"tls": {"version":"TLSv1.3","ja3":"06b6b2a2cba0b7deeaaa6a3d8374d627","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}}
02209{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1642696459323000,"flow_dst_last_pkt_time":1642696459356000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1642696459356000,"pkt":"YDjgxTWgeJS0JASgCABFAAT+AABAADsRMwWO+rXjwKgCZAG7ywQE6jvAzwAAAAEACGW57iOzc0TWAEO2m4xezp8ws0tQPnqBuBcAojttkFh04+K\/D0raNfPH21\/7ougjUz4MIS05h2RLaXvn8cGgBek+PkNR+LsuV02sOigm8m9fvkQaUDrBSUHo\/RAmYFFj9ojgCwYHWpc\/YOgCISwnl2FS8VuECkUwwn+5IyLNVhaOMyvV+PuxSyjkklPAKDD752bd\/UT4FW16DEneoJUk1z4fKzjex9yf\/x9rUYjnNt57WbB3lyAPzjq818AeJg1x5dPNghSsy4Krqtbc+17P4GLMRqEzOsFHRo3Yz0CJ8yvts2N25zGiC4yTRPD5WxpAP5LKsqoCx8Sf3NdGliML6koQhKRuGULCooL5KZx2JXRAtOn7o432gddzY22shzzzExx1lTUZ2StIlGCEGLqUSHGaPUPvUr3gSjTWZpgLZdeuP7ebatkYth\/vYLN\/RugHV1KFnGnrwNVXft7PVEE+uA8oDt4RAFdxHxU+Ps11faAi4D1a3Oxr3SlIfFkCtZkXwPCMgWBtE+NpDc2liwzPaZrau4v4cUGT3la9K6S8cvpqGdeilTVGoHP4q7i9ZK00X1xVWn24IympqeXXb819yqhclCYHLVV6vWKfQja9c6rWFyOuXQuLtg18oeoJZUj4Pd9RB3YYbPnW7m6QNQ4BTtU6vvPNQMCWZT3rhvGXgh3y2JBLFC9EkEZK9ka7snhc6D6+LtAUXKluj9BaALlR7F7POfrvAMAaG+s1RSoj3utpkKJne9N7UMaUrc7jXpVtJJ46qBKdePNkw4mVwBAjKYsOrVZphNNom0qt+zTuewQPHtmp4phKHd\/vByh6RTtPL+CCNjmoeYFYh3+jlEtFsQ9Km8DgeX8uE3A3dE8oPkHX0\/OUK8xs+s+ZWNlaMcOOF3NDr\/0G4LztG+I8s\/3Tk5Egnnh3afdTDB39iV3m+GpSg7knwQZLwFDZ1EV5qf8wM1N59zJzLfF6M+G7kdoJsqze07I21wo5MatU8zcjRUgJyNwIXWRmuCZoSqojWo0TwVkttP86dcbg9osFtW5+\/VnjOs2x0hOJK41DomDHEwrgANjXOPa0oMps+KlVDOF27IU+3cLr7d00Lv2sMYFZHcEieykaLyoX6kpCUTcNIB7LPQzwACU5EcHDXRkPjq2ZDXxet6ASFUFEgD8pnKTKF3Rnhhh7YU8BDqjNJNULlMQsUgwBEuH+l7LlGhoOn29Jxkd8fDOZIpAO1QQIVY4SsJZjX3SH96gjQXIzIuFEboZdt\/Lm8fO\/qbJ1pc\/azHu+ohbrAAAAAQAIZbnuI7NzRNZA0DS\/CR4RVBhRhc\/EuYd6u5uR\/c8IjArXjNnib23WXM2S72ngjVoOgg3\/rihSHoUobagRlzQq5LCQUodqZJgCKHilkx\/Yg8NhlmZ+v64QpqppS8KHYZNGQAeutjG3e\/3dfbeaUc+DKSAeFGgSUu\/FlpFXKMG+G2MheEhcZNTaskGAyuryPKO53HPDO7DuQIKsn7G4sNiArnVgMIbRo7K9kDZf34JMCEKJRy4iZwL96fsm70eVgcI5fzJ\/3\/Ji7BqY4sYxRchVjH6A3lnlQo6j6KFToDnRTfRd+G2rdlNIcO39yF1Ujtebhk1YcpiS7Sk0IGLF5m2opxXtDuTv\/aEXI9haigMtp3sL0O0="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1642696459323000,"flow_dst_last_pkt_time":1642696459356000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1642696459356000,"pkt":"YDjgxTWgeJS0JASgCABFAAA2AABAADsRN82O+rXjwKgCZAG7ywQAItXNXm+IJiWIMOQ7CKcNHT+QszcDtXkUT0taPAE="}
01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1642696459202000,"flow_src_last_pkt_time":1642696459408000,"flow_dst_last_pkt_time":1642696459432000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":1250,"flow_src_tot_l4_payload_len":1874,"flow_dst_tot_l4_payload_len":2674,"midstream":0,"thread_ts_usec":1642696459432000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"142.250.181.227","src_port":51972,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
01198{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603888789791229,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789792113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":1232,"midstream":0,"thread_ts_usec":1642696459432000,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
00582{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":7012,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1642696459432000}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 17/17
~~ skipped flows.............: 0
~~ total layer4 data length..: 7012 bytes
~~ total detected protocols..: 2
~~ total active/idle flows...: 2/2
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 7792749 bytes
~~ total memory freed........: 7792749 bytes
~~ total allocations/frees...: 146443/146443
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 515 chars
~~ json string max len.......: 2215 chars
~~ json string avg len.......: 1364 chars
Powered by cgit, Themed by Ted Yin.