aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/riot.pcapng.out
blob: 061d3cac9b6e98f5d41e1f0ba83cff38cd07ae57 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1679740451287612}
00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679740451287612,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1400,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1400,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740451287612,"l3_proto":"ip4","src_ip":"52.41.135.135","dst_ip":"192.168.26.22","src_port":443,"dst_port":51817,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1679740451287612,"pkt":"rBWiWIrRJhEKmxQ6CABFAAWgaetAANwGmP00KYeHwKgaFgG7ymlvVZVZdql7b1AQAG415gAAFgMDD+sLAA\/nAA\/kAAdYMIIHVDCCBjygAwIBAgIQD6KljRei+mqTVyEujADhITANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTIyMDMyNDAwMDAwMFoXDTIzMDQyNDIzNTk1OVowgdAxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVsYXdhcmUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYDVQQFEwc0MTU1ODQzMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLTG9zIEFuZ2VsZXMxGTAXBgNVBAoTEFJpb3QgR2FtZXMsIEluYy4xGjAYBgNVBAMTEWVrZy5yaW90Z2FtZXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAus13vndQVpCZQ\/6PU8G+iDtU3rn+bD7d3d5AQ0WHga2RFZSUS4+6wZSACw1hvY9jxBAMKhZCGI2lsyH3XsGZcqmDGaQNAesHLuc6DvGlXCziBRbNOFBP05C\/on20exh8HLy3EJ\/LZMxR89Y3ZwTAOu691hgcmW6+p0X71KlNaQIO7fGLFtbN4DanvTd4uh5guifZZf9uVE7Y\/bar80NdArcGHl+U6zztdb3TJScjZRMR153rnT1qzYEjEUWDpFzWAVWCPkDLeueyPLhUoG8Wi4cDjpqnNqH4oHo2cbTeuoG+8\/gGed9TZeQgA9QE3N7f5bmLcS7A7+s47IsJ1RrFgQIDAQABo4IDgjCCA34wHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFFeL4L3PsxfrUVsE8HMc96hHy9G1MDQGA1UdEQQtMCuCEWVrZy5yaW90Z2FtZXMuY29tghZ0ZXN0LmVrZy5yaW90Z2FtZXMuY29tMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWczLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWczLmNybDBKBgNVHSAEQzBBMAsGCWCGSAGG\/WwCATAyBgVngQwBATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYgGCCsGAQUFBwEBBHwwejAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFIGCCsGAQUFBzAChkZodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyRXh0ZW5kZWRWYWxpZGF0aW9uU2VydmVyQ0EuY3J0MAkGA1UdEwQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABf70O7bsAAAQDAEYwRAIgZcAfjxYIGLSb7O8oj5RjpQ8KzltiTGJYuU6CKygHjkICIGg7XyVQ50yZJpsXatTr+CnOqs1Ofw9NfwN15OxsGC1WAHUANc8ZG7+xbFe\/D61MbULLu7Y="}
02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1679740451287612,"pkt":"rBWiWIrRJhEKmxQ6CABFAAWgaexAANwGmPw0KYeHwKgaFgG7ymlvVZrRdql7b1AQAG4YEQAAJyAmUeo\/4SrvqAPDO9ZMAAABf70O7ewAAAQDAEYwRAIgbExkqx\/44d4BgvWQpdxRieBSelu86su7x8R8AGdR3CsCIDADQRj1HF0cGtcNaC1YS22cWe09BnL84k7bSvuslPfPAHYAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAF\/vQ7uDgAABAMARzBFAiEAsAO\/XUJkEUyCF1g0U+MQyf6ugkG6ZlpEvNTq+J8MobECIG4mIF3E1GfYS4up\/O+nPD3Fc6JMxp0dsgeIANHAro39MA0GCSqGSIb3DQEBCwUAA4IBAQBArYmu+AQtIEuKrCGgjIojRxWSY2o6aMd1q3E29BWJDeZO56UpuaUbOuK97nyjGup3Lr6fQa5e3qpL\/uejTwGkV4SeqDKMuM5D3q0MuOU0ekxfpXSxhGONh14TIDMQ1w0Z2\/HKDfIECyfBEfg5XhF7XcI3eKoTogXveVOzeFDgPja2UbS6HAh\/z7JYI+q3ymzgJIgWN15ksiiDFZVmRjD0VfmxNorVeBx6P86FPbnEVCiBXKe6fvuPwRCgTcjwUE377F7XetwlfTxcK\/rgSX8BPdMUonImi5ilfgK+EHj9++mKQrwbgVoka3afJB6Z6A3\/2l4WB5hZvkSD0v9l0LZHAAPJMIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0tMqbf5YE\/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH\/BAQDAgGGMA8GA1UdEwEB\/wQFMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe\/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2Yzi9RKR\/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CA="}
02247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1334,"pkt_l4_len":1300,"thread_ts_usec":1679740451287612,"pkt":"rBWiWIrRJhEKmxQ6CABFAAUoae1AANwGmXM0KYeHwKgaFgG7ymlvVaBJdql7b1AYAG6l\/wAAMdv0unAmXZBgnrxLFwkvtMseQ2jJByfB0lz36iG5aBKcPJy\/nvyAXJtjzexHqiUnZ6A38wCCfVTXqfjpLhOjd+gfSgAEujCCBLYwggOeoAMCAQICEAx5qUSwjBGVIJJhX+JrHYMwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTAeFw0xMzEwMjIxMjAwMDBaFw0yODEwMjIxMjAwMDBaMHUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xNDAyBgNVBAMTK0RpZ2lDZXJ0IFNIQTIgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXU6QEUfiZphZIS2cnqpNJ0DntDLCwAIfxZyiGhYyOY9q8sUA44tP17KUFGLg9PsWZFzLsGIz68QymZCGFywcQNLBSiCsfaJvSsY8SsLPS54gfH+84d1RTX4B5Py4aqqgeSysNq7djuTW3fRS8WUvfUUrSoeIM4pCCh2qu6tdk1phV6P2vGlBsVLwR8v1K8p27fw701b6OFokSVdjAcTTu9twt7MSHJYaN2CHksE0Midw5Jhfd9teUhdgEIXCdb2\/\/XLoZ4UXLVlcofhwNQVeqt7gnu7Hk+irvISN1Gq0tm4Y1jJx3tXOt2JQt5PMMne7BTmJ+F8Bxnize8fkQKBkzAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUPdNQpdagre7zSmAKZdMh1Pj41g8wHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBAJ220JCG4YYC7cWg8DQcdMGNdsyGCqjwSopC1j\/IqU2tfAit5rZQuKIaTYgHsSkh3Ofaxjwh4OMRSXCseh0BpMoROlerfVcqQHT90x2FGFDfV0d1oX1VIC5HN1ByjH+CG9Jijy0DWtrDyKHOLFKiAGPrc7pxyEknI5dkhZ44Dq1jaDy6UoFYeaMsDN\/ebesx8rqgfGzxLNThvXeENwPOMrXImoEaSpJOO0aahf6DovmejKPMDV6zPc8EeI8UFHsynMcAplzEtaFVjVpWaKQicKo8gXHZnahFO\/Tl9qJR3cd7YuhvDHTruNr4v4cNeVCRkJsYO5FZJ\/E1KBOrJn7V93o="}
00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679740491797221,"flow_src_last_pkt_time":1679740491797221,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491797221,"l3_proto":"ip4","src_ip":"35.234.85.218","dst_ip":"192.168.26.22","src_port":443,"dst_port":51949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
02192{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1679740491797221,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1679740491797221,"pkt":"rBWiWIrRJhEKmxQ6CABFAAUAz69AADUGHMYj6lXawKgaFgG7yu2QLAUB3sfhBFAQAH5vcAAAFgMDAEQCAABAAwOxF7gbpj70K78wMBPdC8r2W9WGuIgW2nJET1dOR1JEAQDALwAAGAAjAAD\/AQABAAAQAAUAAwJoMgALAAIBABYDAw6SCwAOjgAOiwAHqzCCB6cwggaPoAMCAQICEEABhPNLr6Y00jNU7h7YPQkwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUlkZW5UcnVzdDEuMCwGA1UECxMlSHlkcmFudElEIFRydXN0ZWQgQ2VydGlmaWNhdGUgU2VydmljZTEfMB0GA1UEAxMWSHlkcmFudElEIFNlcnZlciBDQSBPMTAeFw0yMjEyMDgxOTUyMTRaFw0yNDAxMDcxOTUxMTRaMGoxFzAVBgNVBAMTDmVtYmVkLnJncHViLmlvMRcwFQYDVQQKEw5SaW90IEdhbWVzIEluYzEUMBIGA1UEBxMLTG9zIEFuZ2VsZXMxEzARBgNVBAgTCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynLnAfQTxBcv07rWjI+H6zBqVi8jSj6x+A5p4Oq3vvYKMNsvo6sUgOeXFrMfQJIG9Xs7gqO8hSBOoXahKctRlhl+7gVv7Z98jUaB6+G0ntryoU+AcSB0oeYTwCYxEcEcFz4NaiZQpPnEQHlIMWzhv6vmq5Yr7A73co7N\/Tx1Xm\/\/F89sBLkLVAAnNp0A41JDBZNlQ0FgNZ9bfIFKgBIoqFS86xIvDH\/cCgfcYGOLmnJ451BIX6mv0\/UzE9hmuR2kZRaj8VL9FWFfDbkgrStkFx7iF0oJe41BDa2fIR+H5M2w3pI1KREu4YcumW6Qf15XsohNPoF4XkpRDUVFR3lC5wIDAQABo4IEPzCCBDswDgYDVR0PAQH\/BAQDAgWgMIGFBggrBgEFBQcBAQR5MHcwMAYIKwYBBQUHMAGGJGh0dHA6Ly9jb21tZXJjaWFsLm9jc3AuaWRlbnRydXN0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL3ZhbGlkYXRpb24uaWRlbnRydXN0LmNvbS9jZXJ0cy9oeWRyYW50aWRjYU8xLnA3YzAfBgNVHSMEGDAWgBSJuJu2nu37sMa9DexnTjyjkp0t+TCCASYGA1UdIASCAR0wggEZMAwGCmCGSAGG+S8ABgMwggEHBgZngQwBAgIwgfwwQAYIKwYBBQUHAgEWNGh0dHBzOi8vc2VjdXJlLmlkZW50cnVzdC5jb20vY2VydGlmaWNhdGVzL3BvbGljeS90cy8wgbcGCCsGAQUFBwICMIGqDIGnVGhpcyBUcnVzdElEIFNlcnZlciBDZXJ0aWZpY2F0ZSBoYXMgYmVlbiBpc3N1ZWQgaW4gYWNjb3JkYW5jZSB3aXRoIElkZW5UcnVzdCdzIFRydXN0SUQgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vc2VjdXJlLmlkZW50cnVzdC5jb20vY2VydGlmaWNhdGVzL3BvbGljeS90cy8wRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL3ZhbGlkYXRpb24uaWRlbnRydXN0LmNvbS9jcmwvaHlkcmFudGlkYw=="}
01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679740491797221,"flow_src_last_pkt_time":1679740491797221,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491797221,"l3_proto":"ip4","src_ip":"35.234.85.218","dst_ip":"192.168.26.22","src_port":443,"dst_port":51949,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"","ja3s":"827b71c134bd28975c2d605a06ef00ef","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","negotiated_alpn":"h2"}}}
02196{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1679740491798367,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1679740491798367,"pkt":"rBWiWIrRJhEKmxQ6CABFAAUAz7BAADUGHMUj6lXawKgaFgG7yu2QLAnZ3sfhBFAYAH4+KQAAYW8xLmNybDBNBgNVHREERjBEgg5lbWJlZC5yZ3B1Yi5pb4IOc2l0ZXMucmdwdWIuaW+CECouZW1iZWQucmdwdWIuaW+CECouc2l0ZXMucmdwdWIuaW8wHQYDVR0OBBYEFNi\/Zo25RrqdYAn7F3LOdzuAH985MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHcAdv+IPwq2+5VRwmHM9Ye6NLSkzbsp3GhCCp\/mZ0xaOnQAAAGE80uzXQAABAMASDBGAiEA\/KWALWJaBKfJfTs2hCTl69GRywkBUiWWO9poPmeOEz4CIQDbPrGG\/X6EUzdWXtZU25gwm6nScqYFBO9aCY0DWX6pHQB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABhPNLsLUAAAQDAEcwRQIhAKyYfeMd42iteKuKlyYsiyFPhscnScBDBDTC+uxP+oQtAiBdK\/uE3\/bWDEK41+xRTXMFj+tKH63iUt9eQaSFKgW1gwB2AHPZnokbTJZ4oCB9R53mssYc0FFecRkqjGuAEHrBd3K1AAABhPNLsOwAAAQDAEcwRQIgJcx4gLT+qs6j0\/JU2XppE4e0W\/pyFMXqlbdfJ0KTs8UCIQCh3Es1iAdT4eeouWKmfINjzzbJUgZ8Xxt45by1OtqOszANBgkqhkiG9w0BAQsFAAOCAQEApt6YyF0RDD3LCk4lXrYvjGjcrofeF0QRAH4oinPJ4NmjpUGeAMRapGJtNFYjF9J5dpzFky85cljVbDXsmZpyxnNARuqhsGvBSBiq2uwVg8vO3b8nOsG3j\/e445bikJGwmFM83Wmsxw33I03GmTxmmYPWb7DtVfty6SOcEKtw14hyqZ4ps7U1z03J4Ps9oJqrbyyvatoqx7Y97Cz6zPZrrB8nAUPZVpxqA85Kv7iXGQDztrQT0kpqcRFSnXP1QtQV+OaNWzRa1Mup9ldQfxvpcgGoeKiT7rG2S5aYKJ1d7CR2hegWi9NlhfELASIllZcu9doynliwJ9tWQyIKVcwsIAAG2jCCBtYwggS+oAMCAQICEEABbvsKIFz66+GPcdc6u3gwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUlkZW5UcnVzdDEnMCUGA1UEAxMeSWRlblRydXN0IENvbW1lcmNpYWwgUm9vdCBDQSAxMB4XDTE5MTIxMjE2NTYxNVoXDTI5MTIxMjE2NTYxNVowcjELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUlkZW5UcnVzdDEuMCwGA1UECxMlSHlkcmFudElEIFRydXN0ZWQgQ2VydGlmaWNhdGUgU2VydmljZTEfMB0GA1UEAxMWSHlkcmFudElEIFNlcnZlciBDQSBPMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOobmWw1VjBo+12xWUFpfroYdEiHloTvK5e\/TFePu2Uo9i8aLOXvM2tB9SVVc0zT2rqdhqON\/Auc3mqmhrclLIVfA9McFIlsmprKU2qOz447gofNfrafc++q6dYq4zTIeaP83idIdymoOc0BvbHyOye4oS50xWwK4zWSEQ=="}
02198{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1679740491800062,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1679740491800062,"pkt":"rBWiWIrRJhEKmxQ6CABFAAUAz7FAADUGHMQj6lXawKgaFgG7yu2QLA6x3sfhBFAQAH6dXQAAaZnszOnuGa18jh\/9epnGmEYL5BV119LNVo5luWshvG\/kifk9mHjtkA8LzVdsOkvCrmHBpzpDo4qyPk2lDypq04IU48JUqhFrG4kvlPz+VO7sse0uxYXj81FdNb2qoJnvAjqV+Zj4Nii8PIcuNGqghDjzrs2PW\/gEhkaWDikhhSY7DjOLiQIDAQABo4ICjjCCAoowEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwgYkGCCsGAQUFBwEBBH0wezAwBggrBgEFBQcwAYYkaHR0cDovL2NvbW1lcmNpYWwub2NzcC5pZGVudHJ1c3QuY29tMEcGCCsGAQUFBzAChjtodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL3Jvb3RzL2NvbW1lcmNpYWxyb290Y2ExLnA3YzAfBgNVHSMEGDAWgBTtRBnA0\/AGi+6ke75C5yZUyI42djCCASsGA1UdIASCASIwggEeMIIBGgYEVR0gADCCARAwSgYIKwYBBQUHAgEWPmh0dHBzOi8vc2VjdXJlLmlkZW50cnVzdC5jb20vY2VydGlmaWNhdGVzL3BvbGljeS90cy9pbmRleC5odG1sMIHBBggrBgEFBQcCAjCBtAyBsVRoaXMgVHJ1c3RJRCBTZXJ2ZXIgQ2VydGlmaWNhdGUgaGFzIGJlZW4gaXNzdWVkIGluIGFjY29yZGFuY2Ugd2l0aCBJZGVuVHJ1c3QncyBUcnVzdElEIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL3NlY3VyZS5pZGVudHJ1c3QuY29tL2NlcnRpZmljYXRlcy9wb2xpY3kvdHMvaW5kZXguaHRtbDBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL2NybC9jb21tZXJjaWFscm9vdGNhMS5jcmwwHQYDVR0OBBYEFIm4m7ae7fuwxr0N7GdOPKOSnS35MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAgEAdMrY9RYwNyVgzeOqqcbdIxy5gHRQFbh3RTuIi0fsnbEh3v7BN+I3zmXJq71gyLOzG9wvqCulXtLQNAZnrlSacXichYDV5zdcnbBrFH\/CXt47oW4L+9yD5LPMKaSU5DP9DEu88ws+QAjzL6\/q+hP+CLQh0\/vr62HoEGS1+NyLfnJIN0RVcVDxBAwVqNF8MU5An98ZmHj4XaSPA6s2s+3794ULe6r2TzVXiLtun0JJ0kBZL3Mx0plhONvhq7jCsa6bYCF71DNs7VhrNUh+BZNdQvLqAdfQJtFY5EiWpExhiPC\/ZdtVYN5RfrOMCWgBbjnl5e2n5WYa7LM4HR+z7U+6JCBqaRjlbaNNLed\/qg+OMdpBJe16qJJT9E5Uzdc4PsUbL2a+9IUbuxx8nmrbQswe8p4yvcy9RLje07a4Y09otZ\/Aai3Gijup67jTCez1hd7VYIAuznqPos6SLponh2vVcHu9vQoT18OCL9janJ2Ilh3lJHUxv1kHD9IxZNpn0j\/QPzGFv2EzUXZVAECEQLS80qWh6zCXhXl6dVAeM84sSysIiY4Kv8oaXA=="}
01073{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1679740491800062,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":456,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":456,"pkt_l4_len":422,"thread_ts_usec":1679740491800062,"pkt":"rBWiWIrRJhEKmxQ6CABFAAG6z7JAADUGIAkj6lXawKgaFgG7yu2QLBOJ3sfhBFAYAH4d+AAAQXkC3KDQtxS4HojCCDcr9BRjdC6yeOsNyAZHKhafRm3neZ4wKLcLSGhD4WtDfMXj\/vC3EqcYYEfmEoFTbczZesoRkvlGYZmJ2lY\/pkFu8SzYypIPvNwW9hYDAwEsDAABKAMAHSC0MXhZC1eR2qDSDBY8B01l+mdFSJcUUl10IHfhF\/8kEAgEAQAQUdC8\/U4nys3JUQGs8TxvFSJbStpIbrbU939RaECvS5n4IOPPX8nXRI2EMqABJ0IvFCQCxap8M31MXwU+ZJcb\/1IT9BJWzj1\/lQ5QWXimUiht6Gz8LdTtX4wAZ6M+YO3i+BWuK\/wTi7nhnL51Nxe8wCQWUPSDZ5VF0L5CiEmhjQ0AX\/4WG73GQQiE6MxIIMYVG7QvLpEsbtZo7DxUCLHKxpyaoG0A+2IZBv3huGFCw\/2bzTlQN3xJ7H82KHHVTiHI9+OC\/xlUCBLzaufql4+bUEJXgTP9rJIztltFGS3VRf7ioZwc+TNQHLqT9s8yvEK5qapHXkXGRLkY+O\/ULLmeFgMDAAQOAAAA"}
01631{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1679740491797221,"flow_src_last_pkt_time":1679740491800062,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":402,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4122,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"35.234.85.218","dst_ip":"192.168.26.22","src_port":443,"dst_port":51949,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.RiotGames","proto_id":"91.302","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"","tls": {"version":"TLSv1.2","server_names":"embed.rgpub.io,sites.rgpub.io,*.embed.rgpub.io,*.sites.rgpub.io","notafter":"2024-01-07 19:51:14","ja3":"","ja3s":"827b71c134bd28975c2d605a06ef00ef","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=IdenTrust, OU=HydrantID Trusted Certificate Service, CN=HydrantID Server CA O1","subjectDN":"CN=embed.rgpub.io, O=Riot Games Inc, L=Los Angeles, ST=California, C=US","negotiated_alpn":"h2","fingerprint":"CE:85:16:DF:E3:42:05:16:39:97:1F:6B:7A:53:22:22:C8:DD:66:44"}}}
01057{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1679740451287612,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4080,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"52.41.135.135","dst_ip":"192.168.26.22","src_port":443,"dst_port":51817,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1679740451287612,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4080,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"52.41.135.135","dst_ip":"192.168.26.22","src_port":443,"dst_port":51817,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1679740491797221,"flow_src_last_pkt_time":1679740491800062,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":402,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4122,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"35.234.85.218","dst_ip":"192.168.26.22","src_port":443,"dst_port":51949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":8202,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1679740491800062}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 7/7
~~ skipped flows.............: 0
~~ total layer4 data length..: 8202 bytes
~~ total detected protocols..: 1
~~ total active/idle flows...: 2/2
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 11499109 bytes
~~ total memory freed........: 11499109 bytes
~~ total allocations/frees...: 216657/216657
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 567 chars
~~ json string max len.......: 2417 chars
~~ json string avg len.......: 1491 chars
Powered by cgit, Themed by Ted Yin.