aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/quic_sh.pcap.out
blob: b724a5fa069962e18b24133de760f9d6d1d04325 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

00612{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00833{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1723407275497185}
00808{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1723407275497185,"flow_src_last_pkt_time":1723407275497185,"flow_dst_last_pkt_time":1723407275497185,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1723407275497185,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:91b7:b97e:6e2:fad8","dst_ip":"2606:4700:7::a29f:9804","src_port":37542,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1723407275497185,"flow_dst_last_pkt_time":1723407275497185,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":105,"pkt_l4_len":51,"thread_ts_usec":1723407275497185,"pkt":"ILAB4IZiNObXAhsnht1gBL+AADMRQCABCwcKPcESkbe5fgbi+tgmBkcAAAcAAAAAAACin5gEkqYBuwAz6z5TAd\/A\/mLGQHc83s7+AcZFeK6BRmC2KEO3r5UQVK7k8OWoUS6c\/hTxJk4v"}
00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1723407275497268,"flow_dst_last_pkt_time":1723407275497185,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":109,"pkt_l4_len":55,"thread_ts_usec":1723407275497268,"pkt":"ILAB4IZiNObXAhsnht1gBL+AADcRQCABCwcKPcESkbe5fgbi+tgmBkcAAAcAAAAAAACin5gEkqYBuwA360JPAd\/A\/mLGQHc83s7+AcZFeK6BRmBEshJIK73Nlb3xL\/55Wvb3pDve6sYe6dpI9A=="}
00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1723407275497268,"flow_dst_last_pkt_time":1723407275512112,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"thread_ts_usec":1723407275512112,"pkt":"NObXAhsnILAB4IZiht1gCbgfACQRNyYGRwAABwAAAAAAAKKfmAQgAQsHCj3BEpG3uX4G4vrYAbuSpgAkXwNA0kb7O4RCnK+VeET\/70cW2aZXb4T2z2CMoJpq"}
00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1723407275497268,"flow_dst_last_pkt_time":1723407275516636,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":177,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":177,"pkt_l4_len":123,"thread_ts_usec":1723407275516636,"pkt":"NObXAhsnILAB4IZiht1gCbgfAHsRNyYGRwAABwAAAAAAAKKfmAQgAQsHCj3BEpG3uX4G4vrYAbuSpgB7Kl9EbAQvTxIwb39GlroUaRyFNQ7tYE\/\/\/QSOH715\/piUKvtt75G3kM4K74UsdSDVxoxp6UvssAyuO6di2a+2AEJkOLEPcr63r3CGxVvilfYxWZivFM9T6nUgrU4NAVsviv8IhuUG5aju4BKLDJXsPZNWbLuy"}
00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1723407275517299,"flow_dst_last_pkt_time":1723407275516636,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":105,"pkt_l4_len":51,"thread_ts_usec":1723407275517299,"pkt":"ILAB4IZiNObXAhsnht1gBL+AADMRQCABCwcKPcESkbe5fgbi+tgmBkcAAAcAAAAAAACin5gEkqYBuwAz6z5FAd\/A\/mLGQHc83s7+AcZFeK6BRmDS6\/8eTCeAArksqgPEkD2wiktrE893"}
01120{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1723407275497185,"flow_src_last_pkt_time":1723407275517299,"flow_dst_last_pkt_time":1723407275516636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":115,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1723407275517299,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:91b7:b97e:6e2:fad8","dst_ip":"2606:4700:7::a29f:9804","src_port":37542,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}}
00817{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1723407281575531,"flow_src_last_pkt_time":1723407281575531,"flow_dst_last_pkt_time":1723407281575531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1230,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1723407281575531,"l3_proto":"ip6","src_ip":"2a00:1450:4002:411::200e","dst_ip":"2001:b07:a3d:c112:91b7:b97e:6e2:fad8","src_port":443,"dst_port":33144,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
02210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1723407281575531,"flow_dst_last_pkt_time":1723407281575531,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1292,"pkt_l4_len":1238,"thread_ts_usec":1723407281575531,"pkt":"NObXAhsnILAB4IZiht1oAAAABNYROyoAFFBAAgQRAAAAAAAAIA4gAQsHCj3BEpG3uX4G4vrYAbuBeATWifhN+N9i1EPatItiRXTOx7Yuc\/DX1Qim+PuaELYwdZVlYMztteg7qU1a94hy2S8L6mnlDtyYb7cU8FsgTSaDcJP5FRKCBB0aC+Ly+m0AmP2c204ViiQXwj6cW04RIrbiSMjCwBJzcxbqvxBo2pT8hr73vyphWUhRYPFcEv+NyZ0ZJoiYPEiN37uGGDXYWtJxWuwsmtCXA3EviQyp0lCmF+PyNaBY+aIymmo9eh5UeHFsRGKyhc7y+uvSmhS4H+aIsqyE+adKwDLSkcyynQeTwW6pInfsMmr0aZAi2C44vNmd\/2BjU7lhjUMe0xVoBcVCxZvQrKUFtHAss9778ubIO83JUYBktNvczwUMHelKQCopfH6+jiwgfNwn1BK\/0GgG+gtjZeqr1e3qcx3KY9pOfS6KgYgJG9aapC5gtdkJ3oKWQZAu+VMz9ceE9vdeP4pvyVbS\/12RaAljC2rA3q2RW2Ax1IIXZ7qYP44qYUE1a4AYxi9tV5Jc6JGVenkTcoagn+0OPsQ2No++0Ti3r35NNtuc0YP9cE3rRZnoPhT3zWJBbF0aXv66AXQ8z7Mj6GXKhSCS4pBSlqyp5VkI255zXO+UXBPAqDokMdGNITnMU8YY1LWIKk4yUJ2iEG23F7syemvFlB2NrSu1JPLCfdaebsIBiRzJEJ824A\/floI84sDDQ1++iRQ9wXH4+Ks3laaVHU+l\/jI0JwYCjDo4io\/X59U2vN6hgZVkfni8v5VLTfWgQjw5RYG0T2Pd\/hS16CmF\/4W+7fB9yrJH2tisCCkcH4Evn5YB5et5hjIR+PvdN6r5\/g7sRxHmBjFvxt6I2g8pOljIH6U+7R1ZUAImNax80Wx9v3m4eHF0SxToAnnSFIUJJl35+TGFExHwd5hgym3Ohrt2tCbFoPg9VbeCg8181kUxyY40AgOoPbXcj72HI8WIuzXZVyrTgtvHuYXcnTm5+tier8xhsPB4+rA5o92N1eExDXgF0u+Lc9HPVa6NCQ7AtzSuQ\/qRrPgITQ2p8\/ATRSp1L3DwxdnRAxMC\/n7hBX3W2\/bRMtaPs1fNjGSDsQBsDbQj16Q1EnrTR+09ijeVfrtZFVqv4W9zx0IJgGhEwlOJbn491zj9SyOIokb5eZ7I1sJmRGWFPKOSwglP+vSH50Hv3VP0uqlBaI7EhOgd623jJnpHErQpEcp3aQ65RYX16m+fybukEHbwYwEAuTupcc8s+7Vs\/7bhWvEico7yvDdcb7EjVQ7L6X1GMjfpXygXFz\/X\/jLwXw8v1EP+IE8QISGoWz9BJ06FSyAkDZiRaRBMdGP\/ES\/rmcJtuFGTHiM20\/J4qfpC5z5vME6hTS6hHDfLyB+rxeK44tuyQ6aA\/z\/nm+jTHqTa2\/TPKczxiwVKygmAdJp0JgpbcKzefhiTEI1xbt03S\/qbWWII7kL+Rl0yIJuLict02xlpFABVHKmgnLRzA3DaIwi8qukbejO\/b7R06BoP6aWAvsg29Ilf9K5eZiFAJ0OL\/xOpgniucvCu7OdJlovBgxdhl9bLCdSnsFkFNnmwf15AJ\/pWePzYirNK0OZhSRFO5qRCHwOv+SS8KEBv1velPzxA4DKB4xAeZGUAhklL7uKzJVOQZlxtmq34v3b5zNL5g6PsnkyRIoU="}
02203{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1723407281577293,"flow_dst_last_pkt_time":1723407281575531,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1292,"pkt_l4_len":1238,"thread_ts_usec":1723407281577293,"pkt":"NObXAhsnILAB4IZiht1oAAAABNYROyoAFFBAAgQRAAAAAAAAIA4gAQsHCj3BEpG3uX4G4vrYAbuBeATWjGNPHZ6F0CXPId30dz43EObYyF6d7zgYYnPiIg63NEa\/sBD3h1Y+mKUy9rY0G59EiE7dZA9YTm1vr6pWqXYEu\/1qKu8YmWjP5navsvm4ZAvtPMUJDzEK\/9w8wR9BazJkfbFD7kHbfMEK6wlQOJ60wKcW\/2nBOtsVtL5Rw6BfB7q2SR00odAPUYvQwZ4Kopm3RRh9CjeGFfi3UGtFQBeW\/94vHpDtIeFa8S8qrNv6xP5ledLeFgQaJZMvhWI97WpQApDv+7iNK8ZMuswBZuwdwsKPqDT1vEk59dTtoq24HkipROZ5eCbyDSXN8FexgowK4RU8d1OROG+nkYq58FcR2vq2D+TSgjjiceMVVmJkgXiaNwDrQ1uiwD9Y098cFgnx3ow9OvIFQGFuaD+4o1x3wu08kB5g5WwDBcfJwqiDvIxxAfsxw8QO6wUW+H9Ee94f8En3W6XgQ5AVXed4psx6NbqTImRuRL4\/bPbx7Ms8r9+P3cLYKae9LE8EKIi83OlgGwEVn9RlssHLMcYymn+8dkbL0xTwb9sRVOPvgTlOU54QS2eGuwmPZ55DyJWDDunE2gYjAZ8X9NpS13HDII\/fP3pC8ouOC8oesVWEwCWCpHLACZxu8TdJTVMktYVvtrLMf18BBD1qVnzX4T2bu3Mz2athAQTnlUdr8vR5VWO6n5QTx\/+s4oMn8+6svOAvnCsjATjm4wfFjTyYOf95sQCGc89RoZl1ET9wPof\/1sBxAiYHysu6mPsbWtmZTTgXvUWi59wku2CyeWDfiOVbmr3jJuFBd74xGhb7I0xuw\/ifje+h0v7I259rdsWIe51R2+a709FJGlc5SRs34cZ8ivrs4RnJeEELRih\/bFrRX\/YeSvA2GeBApgA6Nev1YR2JSev0OJPTnUbPwnRCyVZuyCI86igIqdIwgvyZq5+VXk+dZ39qjS4ITzOC7xm7Srd+aNhbi3wf6eT0jDXAuj6DRw6FK60\/sOWrqxqU5R2n2dr4oWHoyBLqOXd+gBUpAteOcy1Z6I5F+LWloD+c3pYeqZgSLpKjGaUqdpGvVAg7rcqQpmXrfu4iKWzr+wuTLqL2aixdydJWN1zmTEb3z6IEir35gAN7l8PeJ4l1K792D1N+Vv4e5vWsXCgMk\/4L+nXzYy4GJsmMzH2tahHxzCJFr\/n5HgFstuCQyku6w9KuJfVqGU5c7Mp8lYS4w0mj2p5wxtuyIswbnbF62GbDndPO25PMTiUA3gepz2SeqEbIchENp17JZp9XMYD2\/pGCHDhC6anFfUAbdHjJyptnSsojW0f1sYbDpNC3oMwtWSV5RVewmOdNy3Ki149+Mek8HPk6OtdZ59K5+cyMc+1o8qYvIrfCGrPKM0Yswy91+uu3bGY43HZLj0dpXhVDW2SfuJJ8sjF+WDQ++MdkpUTtxAQySMRQLnx171VS2r7g4V4PVYjH8dN7cCRBM7PZx3tSY3LxqFoVU8tZ96F1EAz0l8daehzJicb7oeXW+ztgV8mclkWHkf8cE0caUn8vDdcWuss64FLpxbub0XonSopcxRTEtCP+WITqZeOQFTSJrtBC3VQVOAM0YjlBK7IPHXuxN\/4JezU9vZ1wy\/rsvWH\/hMzhOFynHB\/vxgF8JATF5NM+QlcV3NI="}
02214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1723407281577293,"flow_dst_last_pkt_time":1723407281575531,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1292,"pkt_l4_len":1238,"thread_ts_usec":1723407281577293,"pkt":"NObXAhsnILAB4IZiht1oAAAABNYROyoAFFBAAgQRAAAAAAAAIA4gAQsHCj3BEpG3uX4G4vrYAbuBeATWSt5DYMg1kSVbe9m6ZF8YsqJoE85Tp58DFrXU\/jSwswwRYDCTiIIKt5caa+iuPf3J\/MR3Agf85zAE7Uvw6C95C6L5QZ9QKORe9RyFIx+xFSTnUnZh3tGw\/DJpn\/0J2xDpVShkrg3QwXnPUxkF8nIk9TOeilMI\/maJQF4ZlhVJ7kHb4TOZUPOEKSTf455YWKuRKV0iM8XA0va6C0\/MfT71\/4iFkbEr+q9domQ71wJqFJfzgebn5PmpDUX5HpUdO4pJ+SCdYV0fzFFFXMIP8zpVK2kXkv\/xnHu\/ZyeGEygyk4kgp3rgvGoJl4gbaLxz+mMsWNYzN1cAJAzlrvvq70VuB7stiVRKPGS\/Y8NPmvgQ1HkFQJAHGo7RvJyEhN2buRR80KZGsXdsahuj6ls1+RQIx6GAYEfXOHBE3JWNL5XpknCDsCQx9ZmfnawKQP92mrntr4wSaLS5YASnDGjcH1wyrywWBLwZ\/e9xUtwUOR6EwmGrrS+Ew\/AhtfGoGXjxA3jpZH9oKW73M3Z\/qqnzlQcxEpqPEraRih23U01zoBATaxnU7fIf\/15OStT0iSEKyGVlIprXYE1Y4hxFS6jf3f4zxksEazYQPvfQzafc5IUdl9VCV+\/+9LBWsGEcDLBFTQlhKyLNDbKga5YDS5K19KFXDpJAyOjkFYAHUfw0gziGO+HLlZQngnaYJBJgsxb0PZWrnYeRxMei9elnQehnL7oWvgs34THNz9lMH98HrnUGCa5jNwBGN4we+ILycwFxFCAjO\/mDsuapMF+yNpfvfq\/XnANnVya0FdTADQg\/Qk3iqCH6hhgAt0J7+rBb8QahAzuRg0F+wRw8lZ6cWuGQwuu2coIokV8K3lg0WD7a9aFw9HXA47fGMkmK9JmNQTZ2khbHU6uuXdyT6JiSX1qxWGr0z3aexNhGhL5HDo\/derWIyOz+NPk8m2syo8RAPtfnwnfB+t9x01WdILIEz+lauY8T5ge4wA4KDfNMhR9WB4GZr5BD6h5\/URic0XpDrHaN6gI\/WppKxG8NSJVXS1i2ChY88xZv7T+v4ATlks5XNdx5HhSKuSCjQ4tRn6pZyWLUIN+1Kqidt9vBwwKnCDFuLC1X1K2VJpWU12KERmHzybfCIcAroRMV\/lqYjIVh3zjMQPAPF+4UNd83WcVKT4wAO8WuVYuBB+foutmrbuGDnDIMQiitcWbk0\/JV9tVrkBqDI9MFCVOAeIDnmxrOinHvU9NtaNlSWTML\/I00Jg1PWt8z2ZK5kR4mPWfVkxXpaHQ4BipZ\/vcR\/T4kbkIpx2Yjqw7DDh8anBRetlTWuugKvhriVNm2K7t0KHtVxw8JVHbrkf6nXn+uoRTuPTqC56TPAKYDmizVDs00TRxgLeSjez07ESIH6whtAEA8v4D1FVq08ZejR3lDJ5EHdnFi52aAhH2gJVcN8BDT2Zh4Koala\/ItDvwddogutrNM1YVSBOHbBCRPckypswWmLx5kJ\/isVyanwiZpQgN778ZtxeQXawWJkdJxWAq7VJye9SXRrcYONn\/nnpVkLC089ogand2lJdUA\/dZx\/UgkJpanedgiwL2bNvFK6awIy7Eqw40lPxELYWgrio8nkorowkZO++WtLXBTCcMQiHuFx+I6jLRAYxgljyc="}
00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1723407281577293,"flow_dst_last_pkt_time":1723407281600371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":99,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":99,"pkt_l4_len":45,"thread_ts_usec":1723407281600371,"pkt":"ILAB4IZiNObXAhsnht1gBK7EAC0RQCABCwcKPcESkbe5fgbi+tgqABRQQAIEEQAAAAAAACAOgXgBuwAt5fhX4onnXuLM2jhNYNsWwJBqRJdL6HIOsuybnSc3nZhFgOLP3PH0"}
00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1723407281577293,"flow_dst_last_pkt_time":1723407281600797,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":104,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":104,"pkt_l4_len":50,"thread_ts_usec":1723407281600797,"pkt":"ILAB4IZiNObXAhsnht1gBK7EADIRQCABCwcKPcESkbe5fgbi+tgqABRQQAIEEQAAAAAAACAOgXgBuwAy5f1A4onnXuLM2jhlF1xdUcKTxa2zo5HPQCsMvH9VMmp3qbJIwUWk0fqsI4A="}
01123{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1723407281575531,"flow_src_last_pkt_time":1723407281577293,"flow_dst_last_pkt_time":1723407281600916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1230,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":3690,"flow_dst_tot_l4_payload_len":116,"midstream":0,"thread_ts_usec":1723407281600916,"l3_proto":"ip6","src_ip":"2a00:1450:4002:411::200e","dst_ip":"2001:b07:a3d:c112:91b7:b97e:6e2:fad8","src_port":443,"dst_port":33144,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1723407282505786,"flow_src_last_pkt_time":1723407282505786,"flow_dst_last_pkt_time":1723407282505786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1723407282505786,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"13.226.175.53","src_port":40408,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1723407282505786,"flow_dst_last_pkt_time":1723407282505786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1723407282505786,"pkt":"ILAB4IZiNObXAhsnCABFAABHhhFAAEARNODAqAH1DeKvNZ3YAbsAM3\/5QRByBAInLtDojrU+kNAtT6ZtHczcxoDjBE8YUW+ixvB05Z93YizAOHyBJg=="}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1723407282505833,"flow_dst_last_pkt_time":1723407282505786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1723407282505833,"pkt":"ILAB4IZiNObXAhsnCABFAABHhhJAAEARNN\/AqAH1DeKvNZ3YAbsAM3\/5QxByBAInLtDojrU+kNAtT6ZtHczc+drSetCPqLTs8dsFTmGwR+hg38RhKw=="}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1723407282505890,"flow_dst_last_pkt_time":1723407282505786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1723407282505890,"pkt":"ILAB4IZiNObXAhsnCABFAABHhhNAAEARNN7AqAH1DeKvNZ3YAbsAM3\/5QxByBAInLtDojrU+kNAtT6ZtHczc52j34dVf9KFE4PqBJ3kYChjDc4bVDA=="}
01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1723407282505786,"flow_src_last_pkt_time":1723407282505890,"flow_dst_last_pkt_time":1723407282505786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1723407282505890,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"13.226.175.53","src_port":40408,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1723407282505938,"flow_dst_last_pkt_time":1723407282505786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1723407282505938,"pkt":"ILAB4IZiNObXAhsnCABFAABHhhRAAEARNN3AqAH1DeKvNZ3YAbsAM3\/5QRByBAInLtDojrU+kNAtT6ZtHczcq2e\/tGvEDsWX4BoBYg5lpNVH8Hjusg=="}
02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1723407282505938,"flow_dst_last_pkt_time":1723407282507442,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"thread_ts_usec":1723407282507442,"pkt":"NObXAhsnILAB4IZiCABFAAXIAABAAPYR\/28N4q81wKgB9QG7ndgFtMjBTrWeMH5tzY4G5cqlbIL+SuXSLPDDvV\/sJ63EHnFPc3Blq\/U\/k6ibODyPuriDAJ3MG5bbpZ5lH6jbD38V8o148egWFkx3XxH+Gt1rxmyEFvbOCKiDlz1heTqhe5laV5p\/6WCi0R2RfXNr5SkdtcD5YvxsjuqVZAnz5Mfkgk++yyHzcrtNhHvLSsZaJBugv0N3tsLKL+MyMC804rzBSdxp\/5EvRma8cBv4kVQpoFa051f8wvIfqmLM5O7D3gAOeRvH8SqEHTionLuPy7MNBaepuoiQC10MjoergVzRqagdB31kzp8wpkj\/xUiinvvzzV36xvV8L9hQUvDBbKiO4Aa4p5dCUexU2t0qlPK2MUkAOLUnfnTY8deG7ZRMzwDCYiSLiMBoRfWWqIr9SLkPvu6Iy0ZYENbbwIYXegS2waP1JJ6KDoE3NaU1Y8sSYxJqYuS2cOOc0rmpJL6iM4vUO9Nxa5cV6yuXVC3cVIayys3eKGkG30LZ0k0Slv7P92t\/Mq84zZ64POEuvR8z4bBl9Nm1z70a7AENIwZdB5FKRD\/sEOzwFjqi3Mw74PwNgc25OBZHEvdiZzuzkDTM\/gDa1ZS30Wta+M8gU4GqqUTVvYBa+da1mg\/R0gn6E0KhQSgT9qpBtJo1yAomGbdytZ\/aikS6R6ZfL3pCvwn3ox8fHw1hg\/OGjipDC8PiGCfF4bhq7dz0QCuvplm1uQecmbIXUuY9jgTCRsp4NQqeHphWfpfNbF8hdbqqszojgJ\/8F9INFac27lQNndSskNaiEfBDVlEmYSKupEBK50kPd5UwdMBPeeSurUW2C3rhzu3TIUgWJS3ZG0fZcijTvtmuoY\/JNZsXPqQlZHhhdRKwrDG3X1JTjnpc\/bNwd6+eBv8\/4li\/JyrlDgAZZrp0m72su8CAvzQdvr5FdljW4JXsVnJVhX4x3kqCJR706ARX2I9khVJpuEop8cpuoJ4KIhHlR8QSFlmQm6vKsoP5Xw0Erj84XSQIvjX5mCWfTxeh2o1z4BuuecK4vqWQJntCeaDoUb2Max+ODtk0jw+a79CgyDwyJXpJEKRzpV73cC\/pPGJXImgIQYmC1PWv6eoUi7MoPlGQm2Db7lq1r4s0UM1JkK07VpXeJcKKmriXGAnhLKOpQETjlsj\/vjbcVRW1R0zTzbT9TwdzjrNmN+mr\/28NeToL8ocb9gMMUmz3lFA2J30axDBn4xfAc7MIBEpfJ9wQjZJuLccJxlxEOmWwi8FXpjNoUflPVugjgj8HYvr8JBwhiqwm+MIALOlkq\/AuQyu3+RrMua619SbjyqNQ53ewLZO7FrDch+YC4pM5PkZRwNvqqkLYl4sKLCEL6i0vsuP\/5amRZA0wMNuAZ5itGaE0h2aE0mx9Ko240+o7CTNmZMay1n9+MIz0cL7fADYg\/vEASmonMIcqITQT1fgZHqXXmLotXMXEgMfw6vSFF467rqdSO2cxPpE4zxcX7h4aOPG1qkuSqeqVBR\/JH1dNa3HYiOJjDlipIjvucSYxOlH02lgf\/gTPS29slS6SH6eaAF\/jqofkxXpnzVHVHYB4hI8Ut8cUVaiYesn2zZhZs335ns7Sq3TwZoBcSWNwdt0jsizIeUvQNw4rubJxBwjeyNN2qQpokAUDcm1FBYqRdjUpoC9dTBqMoQkuvTt130JJU+o0yvFqpo80O8DRA0Q5vBOWKdqclGpHowOPago27l6vOltEhPOUALfmY\/yH9dH1yScYEQ3bHMCJXQZNdRQ6k6UXYXlX1vmhGXgIIvwfh5ib+8UtiL8APZBcvTJ8d8jXP3ZZCOy\/\/7yu+C4VYlZV\/5YsClafCFemROLXV4I4P1hxVJ48EUQJ1js0gv3A3UUhczsXhyNIPYnjEh6h\/\/u1fCvR\/1dCsQG\/g58ELsGp8FBndnvikH4+XZjB3U0sJGXXAJBVbDML"}
01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1723407282505786,"flow_src_last_pkt_time":1723407282505938,"flow_dst_last_pkt_time":1723407282507442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":4356,"midstream":0,"thread_ts_usec":1723407282507442,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"13.226.175.53","src_port":40408,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":7,"flow_first_seen":1723407281575531,"flow_src_last_pkt_time":1723407281577293,"flow_dst_last_pkt_time":1723407281601021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1230,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":3690,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1723407282507442,"l3_proto":"ip6","src_ip":"2a00:1450:4002:411::200e","dst_ip":"2001:b07:a3d:c112:91b7:b97e:6e2:fad8","src_port":443,"dst_port":33144,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":15,"flow_first_seen":1723407275497185,"flow_src_last_pkt_time":1723407275605171,"flow_dst_last_pkt_time":1723407275604060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":12143,"midstream":0,"thread_ts_usec":1723407282507442,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:91b7:b97e:6e2:fad8","dst_ip":"2606:4700:7::a29f:9804","src_port":37542,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_sh.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":38,"packets-processed":38,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":20895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1723407282507442}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 38/38
~~ skipped flows.............: 0
~~ total layer4 data length..: 20895 bytes
~~ total detected protocols..: 3
~~ total active/idle flows...: 3/3
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 8428459 bytes
~~ total memory freed........: 8428459 bytes
~~ total allocations/frees...: 144794/144794
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 574 chars
~~ json message max len.......: 2490 chars
~~ json message avg len.......: 1527 chars
Powered by cgit, Themed by Ted Yin.