1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
|
00611{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00832{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1569051245838268}
00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051245838268,"flow_src_last_pkt_time":1569051245838268,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051245838268,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569051245838268,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1569051245838268,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKS8AAP8RkXYAAAAA\/\/\/\/\/wBEAEMBNJxAAQEGACG6jqoAAQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051245838268,"flow_src_last_pkt_time":1569051245838268,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051245838268,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac","domainame":"lucas-imac","dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}}}
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051247593701,"flow_src_last_pkt_time":1569051247593701,"flow_dst_last_pkt_time":1569051247593701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247593701,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1569051247593701,"flow_dst_last_pkt_time":1569051247593701,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1569051247593701,"pkt":"xiwDYGpkxGGLNYKpCABFAABHd8wAAP8RvnbAqAIRwKgCAe15ADUAM\/YJyvgBAAABAAAAAAAABGU2NzMFZHNjZTkKYWthbWFpZWRnZQNuZXQAAAEAAQ=="}
01096{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051247593701,"flow_src_last_pkt_time":1569051247593701,"flow_dst_last_pkt_time":1569051247593701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247593701,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e673.dsce9.akamaiedge.net","domainame":"e673.dsce9.akamaiedge.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051247594090,"flow_src_last_pkt_time":1569051247594090,"flow_dst_last_pkt_time":1569051247594090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247594090,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1569051247594090,"flow_dst_last_pkt_time":1569051247594090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1569051247594090,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZHDAqAIRIuHwrcBKAbtArcPUAAAAALAC\/\/8kVgAAAgQFtAEDAwYBAQgKKFVNgQAAAAAEAgAA"}
00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051247599529,"flow_src_last_pkt_time":1569051247599529,"flow_dst_last_pkt_time":1569051247599529,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247599529,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1569051247599529,"flow_dst_last_pkt_time":1569051247599529,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1569051247599529,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGSLbAqAIRFzkYEN66AbtonqfVAAAAALAC\/\/\/ZywAAAgQFtAEDAwcBAQgKKFVR7gAAAAAEAgAA"}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051247600467,"flow_src_last_pkt_time":1569051247600467,"flow_dst_last_pkt_time":1569051247600467,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247600467,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1569051247600467,"flow_dst_last_pkt_time":1569051247600467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1569051247600467,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZHDAqAIRIuHwrd67AbuyrbdxAAAAALAC\/\/+b2AAAAgQFtAEDAwcBAQgKKFVR7wAAAAAEAgAA"}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051247601573,"flow_src_last_pkt_time":1569051247601573,"flow_dst_last_pkt_time":1569051247601573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247601573,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1569051247601573,"flow_dst_last_pkt_time":1569051247601573,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1569051247601573,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZHDAqAIRIuHwrd68AbvGwW2DAAAAALAC\/\/\/RsAAAAgQFtAEDAwcBAQgKKFVR8AAAAAAEAgAA"}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051247603797,"flow_src_last_pkt_time":1569051247603797,"flow_dst_last_pkt_time":1569051247603797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247603797,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1569051247603797,"flow_dst_last_pkt_time":1569051247603797,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1569051247603797,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZHDAqAIRIuHwrd69Abtt2McPAAAAALAC\/\/\/RCgAAAgQFtAEDAwcBAQgKKFVR8gAAAAAEAgAA"}
00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1569051247593701,"flow_dst_last_pkt_time":1569051247630078,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1569051247630078,"pkt":"xGGLNYKpxiwDYGpkCABFAABXR+wAAEARrUfAqAIBwKgCEQA17XkAQwp5yviBgAABAAEAAAAABGU2NzMFZHNjZTkKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAA8ABBc5GBA="}
01126{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569051247593701,"flow_src_last_pkt_time":1569051247593701,"flow_dst_last_pkt_time":1569051247630078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":59,"midstream":0,"thread_ts_usec":1569051247630078,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e673.dsce9.akamaiedge.net","domainame":"e673.dsce9.akamaiedge.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["23.57.24.16,ttl=15"]}}}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1569051247599529,"flow_dst_last_pkt_time":1569051247643687,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051247643687,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADQGlLoXORgQwKgCEQG73rrg+UqLaJ6n1qAScSCOEgAAAgQFrAQCCAqWTinBKFVR7gEDAwc="}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1569051247645554,"flow_dst_last_pkt_time":1569051247643687,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247645554,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN66AbtonqfW4PlKjIAQBAspvwAAAQEICihVUhuWTinB"}
01237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1569051247645675,"flow_dst_last_pkt_time":1569051247643687,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051247645675,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGRr3AqAIRFzkYEN66AbtonqfW4PlKjIAYBAt1eQAAAQEICihVUhuWTinBFgMBAgABAAH8AwORcncPsZ5qIVMCFuWgfAh6It7r+HS2ZZg+ldmkQzu5TCBZnL8ZiCuWJmLRaxcsIL0Nu9GPkgNG7xXFvEs6oR8pMAA0EwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABUAEwAAEGl0dW5lcy5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgWo6on7tfmVX9S3E+N7mNvysCblDKK8M25vsu0sA3gR4ALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVANEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247599529,"flow_src_last_pkt_time":1569051247645675,"flow_dst_last_pkt_time":1569051247643687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247645675,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com","domainame":"itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1569051247645675,"flow_dst_last_pkt_time":1569051247689292,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247689292,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0iWYAADQGC1wXORgQwKgCEQG73rrg+UqMaJ6p24AQAOsqrAAAAQEICpZOKe8oVVIb"}
01265{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247599529,"flow_src_last_pkt_time":1569051247645675,"flow_dst_last_pkt_time":1569051247690070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247690070,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com","domainame":"itunes.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1569051247594090,"flow_dst_last_pkt_time":1569051247704415,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051247704415,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG7wEr7fyfqQK3D1aASaN\/uCAAAAgQFrAQCCApkFVboKFVNgQEDAwg="}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1569051247706588,"flow_dst_last_pkt_time":1569051247704415,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247706588,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrcBKAbtArcPV+38n64AQCBZ9JQAAAQEICihVTfNkFVbo"}
00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247704415,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"thread_ts_usec":1569051247706645,"pkt":"xiwDYGpkxGGLNYKpCABFAAD5AABAAEAGY7fAqAIRIuHwrcBKAbtArcPV+38n64AYCBZZNQAAAQEICihVTfNkFVboFgMBAMABAAC8AwNdhdJvuXs\/d642PJRF7UI\/AdVwXtSGkzdnBwsA+gkrIgAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAZwAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
01316{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247594090,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247704415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247706645,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1569051247600467,"flow_dst_last_pkt_time":1569051247709413,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051247709413,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG73rtLEL7asq23cqASaN9\/CQAAAgQFrAQCCApkFVbqKFVR7wEDAwg="}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1569051247711067,"flow_dst_last_pkt_time":1569051247709413,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247711067,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd67AbuyrbdySxC+24AQBAsSOAAAAQEICihVUlpkFVbq"}
01237{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247709413,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051247711181,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGYnfAqAIRIuHwrd67AbuyrbdySxC+24AYBAsbUQAAAQEICihVUlpkFVbqFgMBAgABAAH8AwNvt088oc+wJ\/keps9Nd59wAmt0exXgkmLypgOxJ3yQxCADkYPnm5qJAc81bPMGd68mU3RC86F4komLht8jFwvJuwAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgDvSu5WvgGSyqdaiHWcjph88Rx8PSoGix+VWVEEqv9GkALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247600467,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247709413,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247711181,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1569051247603797,"flow_dst_last_pkt_time":1569051247714648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051247714648,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG73r1n96jrbdjHEKASaN+tQgAAAgQFrAQCCApkFVbrKFVR8gEDAwg="}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1569051247601573,"flow_dst_last_pkt_time":1569051247714775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051247714775,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G9nMi4fCtwKgCEQG73rwJHv1\/xsFthKASaN+4LQAAAgQFrAQCCApkFVbrKFVR8AEDAwg="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1569051247716291,"flow_dst_last_pkt_time":1569051247714648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247716291,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd69Abtt2McQZ\/eo7IAQBAtAbwAAAQEICihVUl9kFVbr"}
01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247714648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051247716407,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGYnfAqAIRIuHwrd69Abtt2McQZ\/eo7IAYBAtWzgAAAQEICihVUl9kFVbrFgMBAgABAAH8AwNt7hXbpLjXMRR\/bxdtzkjvB4xS1PwDQ6PxbRaUrO0qwSDVSMeS43dgzqJuDX9Nz7D77w9PJu+JEAZF32iZkikHGQAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAggkVxJnNxvx7yRJ3IWr6\/bePVPj3hLoE6hEcrUhAYuEMALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247603797,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247714648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247716407,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1569051247716684,"flow_dst_last_pkt_time":1569051247714775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247716684,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd68AbvGwW2ECR79gIAQBAtLWAAAAQEICihVUl9kFVbr"}
01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247714775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051247716836,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGYnfAqAIRIuHwrd68AbvGwW2ECR79gIAYBAtCawAAAQEICihVUl9kFVbrFgMBAgABAAH8AwMC\/iq\/29\/bfQmL3NywRdaHPxawxpN\/gjq67bcZmEul+iC0YvLniq6GFUwRgLKNIv\/K1BW3lLi2Y9hIO9HhpF3gJwAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAg4ti0IjmHHcY34Qh7EHKKwWM8SOIvozUrzGlVTZfDoB4ALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01257{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051247601573,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247714775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051247716836,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
02151{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1569051247599529,"flow_src_last_pkt_time":1569051247791544,"flow_dst_last_pkt_time":1569051247792234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":893,"flow_dst_tot_l4_payload_len":10648,"midstream":0,"thread_ts_usec":1569051247792234,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":12410.3,"max":52274,"stddev":19984.8,"var":399390400.0,"ent":3.2,"data": [44158,46025,121,45605,778,217,319,168,47796,18,50,46011,44670,7772,1684,58,381,118,52274,18,1127,18,42555,122,704,525,120,879,64,358,7]},"pktlen": {"min":52,"avg":413.3,"max":1492,"stddev":522.5,"var":272968.6,"ent":4.0,"data": [64,60,52,569,52,1492,1492,1268,1492,52,52,52,659,52,132,98,95,87,193,323,323,52,122,52,52,52,52,83,1098,1098,1492,413]},"bins": {"c_to_s": [10,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,1,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,0,1,1,1,1],"entropies": [4.496222496,5.260978699,5.115703106,4.449790955,5.154164791,7.842132568,7.877580166,7.812294483,7.873640060,5.077241421,5.115703106,5.032077789,7.623220921,5.154164791,6.284255981,5.843806267,5.875387192,5.767893314,6.860127449,7.271677971,7.350573063,5.115703106,6.393777370,5.115703106,5.062724113,5.024262428,5.038779736,5.628359795,7.828307152,7.836736202,7.865890980,7.503857136]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247816804,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247816804,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0cO8AAO0Ghowi4fCtwKgCEQG7wEr7fyfrQK3EmoAQAG6D7AAAAQEICmQVVwQoVU3z"}
01376{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247594090,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247818667,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247818667,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}}
01765{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051247594090,"flow_src_last_pkt_time":1569051247706645,"flow_dst_last_pkt_time":1569051247818679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":2469,"midstream":0,"thread_ts_usec":1569051247818679,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247820470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247820470,"pkt":"xGGLNYKpxiwDYGpkCABFAAA06d0AAO0GDZ4i4fCtwKgCEQG73rtLEL7bsq25d4AQAG4TtAAAAQEICmQVVwYoVVJa"}
01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247600467,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247822394,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247822394,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
01729{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051247600467,"flow_src_last_pkt_time":1569051247711181,"flow_dst_last_pkt_time":1569051247822421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051247822421,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247827539,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247827539,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0\/+sAAO0G948i4fCtwKgCEQG73r1n96jsbdjJFYAQAG5B6wAAAQEICmQVVwcoVVJf"}
01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247603797,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247830388,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247830388,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
01729{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051247603797,"flow_src_last_pkt_time":1569051247716407,"flow_dst_last_pkt_time":1569051247830426,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051247830426,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247830427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051247830427,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0qogAAO4GS\/Mi4fCtwKgCEQG73rwJHv2AxsFviYAQAG5M0wAAAQEICmQVVwgoVVJf"}
01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051247601573,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247832906,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051247832906,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
01729{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051247601573,"flow_src_last_pkt_time":1569051247716836,"flow_dst_last_pkt_time":1569051247832918,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051247832918,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}}
00925{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1569051248547165,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1569051248547165,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKTAAAP8RkXUAAAAA\/\/\/\/\/wBEAEMBNJw9AQEGACG6jqoABAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00925{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1569051253252519,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1569051253252519,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKTEAAP8RkXQAAAAA\/\/\/\/\/wBEAEMBNJw4AQEGACG6jqoACQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051255515841,"flow_src_last_pkt_time":1569051255515841,"flow_dst_last_pkt_time":1569051255515841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":46,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":46,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051255515841,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1569051255515841,"flow_dst_last_pkt_time":1569051255515841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1569051255515841,"pkt":"xiwDYGpkxGGLNYKpCABFAABiAABAAEAG01TAqAIREfiSkN6kAbu8mMGjrFDpOoAYBADERQAAAQEICihVb2TeKRePFwMDACkAAAAAAAAAByneD5KHf7LhXiN5Pdq3wP31zhE4MGciEgckOq75+f9F5w=="}
00915{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051255515841,"flow_src_last_pkt_time":1569051255515841,"flow_dst_last_pkt_time":1569051255515841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":46,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":46,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051255515841,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1569051255515860,"flow_dst_last_pkt_time":1569051255515841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1569051255515860,"pkt":"xiwDYGpkxGGLNYKpCABFAABTAABAAEAG02PAqAIREfiSkN6kAbu8mMHRrFDpOoAYBABt7AAAAQEICihVb2XeKRePFQMDABoAAAAAAAAACJW1v\/IhTp91V+O68DpoE88kag=="}
01048{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569051255515841,"flow_src_last_pkt_time":1569051255515860,"flow_dst_last_pkt_time":1569051255515841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":46,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051255515860,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1569051255515909,"flow_dst_last_pkt_time":1569051255515841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051255515909,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG04LAqAIREfiSkN6kAbu8mMHwrFDpOoARBACJkgAAAQEICihVb2XeKReP"}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1569051255515909,"flow_dst_last_pkt_time":1569051255539572,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051255539572,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0qAMAADEGen8R+JKQwKgCEQG73qSsUOk6vJjB0YAQBCu0hAAAAQEICt4q7JEoVW9k"}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1569051255515909,"flow_dst_last_pkt_time":1569051255539575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051255539575,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0qAQAADEGen4R+JKQwKgCEQG73qSsUOk6vJjB8IAQBCu0ZAAAAQEICt4q7JEoVW9l"}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051257169058,"flow_src_last_pkt_time":1569051257169058,"flow_dst_last_pkt_time":1569051257169058,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051257169058,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1569051257169058,"flow_dst_last_pkt_time":1569051257169058,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1569051257169058,"pkt":"xiwDYGpkxGGLNYKpCABFAABLAABAAEAGjWvAqAIRAhLodt65Absqy4Q4WMZypYAYBABE5AAAAQEICihVdq6vX9qZFQMDABKEOlUEciue5QZs7g3+sWQHUk8="}
00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051257169058,"flow_src_last_pkt_time":1569051257169058,"flow_dst_last_pkt_time":1569051257169058,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051257169058,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1569051257169426,"flow_dst_last_pkt_time":1569051257169058,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051257169426,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGjYLAqAIRAhLodt65Absqy4RPWMZypYARBABBggAAAQEICihVdq6vX9qZ"}
00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1569051257169426,"flow_dst_last_pkt_time":1569051257192060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1569051257192060,"pkt":"xGGLNYKpxiwDYGpkCABFAABL884AADUG5JwCEuh2wKgCEQG73rlYxnKlKsuET4AYAQIBNAAAAQEICq9gUAcoVXauFQMDABK6ebhIWf6gqCdSaZoYDdKf06A="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1569051257169426,"flow_dst_last_pkt_time":1569051257192085,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051257192085,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0888AADUG5LICEuh2wKgCEQG73rlYxnK8KsuET4ARAQLO+gAAAQEICq9gUAcoVXau"}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1569051257169426,"flow_dst_last_pkt_time":1569051257192407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051257192407,"pkt":"xGGLNYKpxiwDYGpkCABFAAA089AAADUG5LECEuh2wKgCEQG73rlYxnK9KsuEUIAQAQLO+AAAAQEICq9gUAgoVXau"}
00925{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1569051261595218,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1569051261595218,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKTIAAP8RkXMAAAAA\/\/\/\/\/wBEAEMBNJwwAQEGACG6jqoAEQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051264073974,"flow_src_last_pkt_time":1569051264073974,"flow_dst_last_pkt_time":1569051264073974,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264073974,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1569051264073974,"flow_dst_last_pkt_time":1569051264073974,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1569051264073974,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKMBLAbsF0WXIAAAAALAC\/\/9prAAAAgQFtAEDAwYBAQgKKFWN0AAAAAAEAgAA"}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051264078385,"flow_src_last_pkt_time":1569051264078385,"flow_dst_last_pkt_time":1569051264078385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264078385,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1569051264078385,"flow_dst_last_pkt_time":1569051264078385,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1569051264078385,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGSLbAqAIRFzkYEN6+AbvH3a+JAAAAALAC\/\/8ydQAAAgQFtAEDAwcBAQgKKFWSTQAAAAAEAgAA"}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051264088425,"flow_src_last_pkt_time":1569051264088425,"flow_dst_last_pkt_time":1569051264088425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264088425,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1569051264088425,"flow_dst_last_pkt_time":1569051264088425,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1569051264088425,"pkt":"xiwDYGpkxGGLNYKpCABFAABTylIAAP8Ra+TAqAIRwKgCAdvHADUAPyTGAMEBAAABAAAAAAAAEnRleHRzZWN1cmUtc2VydmljZQ53aGlzcGVyc3lzdGVtcwNvcmcAAAEAAQ=="}
01123{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051264088425,"flow_src_last_pkt_time":1569051264088425,"flow_dst_last_pkt_time":1569051264088425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264088425,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051264090815,"flow_src_last_pkt_time":1569051264090815,"flow_dst_last_pkt_time":1569051264090815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264090815,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1569051264090815,"flow_dst_last_pkt_time":1569051264090815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1569051264090815,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN6\/Abvpz5RJAAAAALAC\/\/80LQAAAgQFtAEDAwcBAQgKKFWSWgAAAAAEAgAA"}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051264091926,"flow_src_last_pkt_time":1569051264091926,"flow_dst_last_pkt_time":1569051264091926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264091926,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1569051264091926,"flow_dst_last_pkt_time":1569051264091926,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1569051264091926,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN7AAbuO10RdAAAAALAC\/\/\/fDwAAAgQFtAEDAwcBAQgKKFWSWwAAAAAEAgAA"}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051264093006,"flow_src_last_pkt_time":1569051264093006,"flow_dst_last_pkt_time":1569051264093006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264093006,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1569051264093006,"flow_dst_last_pkt_time":1569051264093006,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1569051264093006,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN7BAbuYIIuMAAAAALAC\/\/+OlgAAAgQFtAEDAwcBAQgKKFWSWwAAAAAEAgAA"}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1569051264078385,"flow_dst_last_pkt_time":1569051264113301,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051264113301,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADQGlLoXORgQwKgCEQG73r7gO6oYx92viqAScSBHlgAAAgQFrAQCCAqWTmoXKFWSTQEDAwc="}
00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1569051264088425,"flow_dst_last_pkt_time":1569051264113960,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":193,"pkt_l4_len":159,"thread_ts_usec":1569051264113960,"pkt":"xGGLNYKpxiwDYGpkCABFAACz4rsAAEAREhzAqAIBwKgCEQA128cAn9JUAMGBgAABAAYAAAAAEnRleHRzZWN1cmUtc2VydmljZQ53aGlzcGVyc3lzdGVtcwNvcmcAAAEAAcAMAAEAAQAAAB0ABDavL27ADAABAAEAAAAdAAQi4fCtwAwAAQABAAAAHQAEaxdHWcAMAAEAAQAAAB0ABCOpAyjADAABAAEAAAAdAAQ0zyk7wAwAAQABAAAAHQAENMjD8Q=="}
01224{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569051264088425,"flow_src_last_pkt_time":1569051264088425,"flow_dst_last_pkt_time":1569051264113960,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":151,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":151,"midstream":0,"thread_ts_usec":1569051264113960,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","dns": {"num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["54.175.47.110,ttl=29","34.225.240.173,ttl=29","107.23.71.89,ttl=29","35.169.3.40,ttl=29"]}}}
00744{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051264115004,"flow_src_last_pkt_time":1569051264115004,"flow_dst_last_pkt_time":1569051264115004,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264115004,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1569051264115004,"flow_dst_last_pkt_time":1569051264115004,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1569051264115004,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4YPoAAEABlGjAqAIRwKgCAQMDIGEAAAAARQAAs+K7AABAERIcwKgCAcCoAhEANdvHAJ8AAA=="}
00912{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051264115004,"flow_src_last_pkt_time":1569051264115004,"flow_dst_last_pkt_time":1569051264115004,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264115004,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":3.664498}}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1569051264116081,"flow_dst_last_pkt_time":1569051264113301,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264116081,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN6+AbvH3a+K4DuqGYAQBAvjSwAAAQEICihVknGWTmoX"}
01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1569051264116204,"flow_dst_last_pkt_time":1569051264113301,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051264116204,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGRr3AqAIRFzkYEN6+AbvH3a+K4DuqGYAYBAtznQAAAQEICihVknKWTmoXFgMBAgABAAH8AwPawK\/+wN1+Tx0CNiEAg+cUW3czvaCh\/qY5WXGzJz9xKSBQ\/3brog7H4kKz+Cr0Y+KAPc0Wuh7pzTw9CcTlpz8EzgA0EwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABUAEwAAEGl0dW5lcy5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgQjLeK9mUdDm2SPbON0\/yv\/211C08osOnnwisGWfkQjYALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVANEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264078385,"flow_src_last_pkt_time":1569051264116204,"flow_dst_last_pkt_time":1569051264113301,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264116204,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com","domainame":"itunes.apple.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1569051264116204,"flow_dst_last_pkt_time":1569051264150664,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264150664,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0riEAADQG5qAXORgQwKgCEQG73r7gO6oZx92xj4AQAOvkPwAAAQEICpZOaj0oVZJy"}
01267{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264078385,"flow_src_last_pkt_time":1569051264116204,"flow_dst_last_pkt_time":1569051264151436,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264151436,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com","domainame":"itunes.apple.com","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1569051264073974,"flow_dst_last_pkt_time":1569051264185629,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051264185629,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG7wEvNn9QhBdFlyaASaN\/LpgAAAgQFrAQCCApkFUBJKFWN0AEDAwg="}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1569051264186713,"flow_dst_last_pkt_time":1569051264185629,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264186713,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKMBLAbsF0WXJzZ\/UIoAQCBZawQAAAQEICihVjkRkFUBJ"}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1569051264090815,"flow_dst_last_pkt_time":1569051264198395,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051264198395,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73r+o1iHY6c+USqASaN9tOAAAAgQFrAQCCApkFUBMKFWSWgEDAwg="}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1569051264091926,"flow_dst_last_pkt_time":1569051264203333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051264203333,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sBFykuNjtdEXqASaN9RcQAAAgQFrAQCCApkFUBNKFWSWwEDAwg="}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1569051264093006,"flow_dst_last_pkt_time":1569051264203483,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051264203483,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sEV2c5FmCCLjaASaN+uMAAAAgQFrAQCCApkFUBNKFWSWwEDAwg="}
00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264185629,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"thread_ts_usec":1569051264229464,"pkt":"xiwDYGpkxGGLNYKpCABFAAD5AABAAEAGUHXAqAIRI6kDKMBLAbsF0WXJzZ\/UIoAYCBbVbwAAAQEICihVjm1kFUBJFgMBAMABAAC8AwNdhdKAFZvPd8KN3PrIuLJ+p3RN76tFaWi69JIAQQd9fgAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAZwAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
01315{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264073974,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264185629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264229464,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1569051264259275,"flow_dst_last_pkt_time":1569051264198395,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264259275,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN6\/Abvpz5RKqNYh2YAQBAsAMQAAAQEICihVkvtkFUBM"}
01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264198395,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051264259325,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGTzXAqAIRI6kDKN6\/Abvpz5RKqNYh2YAYBAufSQAAAQEICihVkvtkFUBMFgMBAgABAAH8AwN+5Ttf6YokHynLX4ecaPrHKATOoW12Tu+wzd9uDQspWSA1hUwuwgYjwI2sT5j3KinfN4lvjC3KseF9UMaW83tPxQAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgepTejFE5doby0DivzOsCuvXU1Qv8gn4J5BRpbhy8vDQALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264090815,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264198395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264259325,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1569051264259363,"flow_dst_last_pkt_time":1569051264203333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264259363,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7AAbuO10ReRcpLjoAQBAvkagAAAQEICihVkvtkFUBN"}
01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264203333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051264259470,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGTzXAqAIRI6kDKN7AAbuO10ReRcpLjoAYBAsKeAAAAQEICihVkvxkFUBNFgMBAgABAAH8AwNYXsKfONHmzDFwOYBHmMHWccv+TKZTGPJmOKuaWv\/yOCDtD78sld\/x8V+rzxyBuU3uWmdAA4D7yp8sPLtMpD+m1QAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAg1yEhEumbjcw84EpI\/aJKwlqb4nNO3GXKiR9CVTP9slYALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264091926,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264203333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264259470,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1569051264259507,"flow_dst_last_pkt_time":1569051264203483,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264259507,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7BAbuYIIuNFdnORoAQBAtBKQAAAQEICihVkvxkFUBN"}
01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264203483,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051264259677,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGTzXAqAIRI6kDKN7BAbuYIIuNFdnORoAYBAvQ5wAAAQEICihVkvxkFUBNFgMBAgABAAH8AwMBrKJ6lAeYyvz4VxhLDcDvBph9JELZn65LIOXEqYKG0yBO77oSw5+zVdfbslJwrAju9uKTARXrNL8JS7VTuLS\/cAAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgH0+fBZOWslk8wxPYbGM9RiS44cUzBW0Uf6uB5Vg5FGAALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264093006,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264203483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264259677,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1569051264078385,"flow_src_last_pkt_time":1569051264310199,"flow_dst_last_pkt_time":1569051264310869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":862,"flow_dst_tot_l4_payload_len":11255,"midstream":0,"thread_ts_usec":1569051264310869,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":14977.4,"max":100663,"stddev":25001.2,"var":625062336.0,"ent":3.3,"data": [34916,37696,123,37363,772,231,309,173,37044,153,34846,100663,83343,17640,1078,2531,59,427,91,36023,34,31611,467,2412,13,489,2231,1076,233,244,7]},"pktlen": {"min":52,"avg":431.7,"max":1492,"stddev":520.4,"var":270842.4,"ent":4.1,"data": [64,60,52,569,52,1492,1492,1268,1492,52,52,659,52,659,64,132,98,95,87,193,323,323,52,52,52,122,52,52,1098,1098,1492,413]},"bins": {"c_to_s": [9,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,1,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,1,0,1,0,0,0,0,0,0,1,1,0,0,1,1,1,0,1,1,1,1],"entropies": [4.496222496,5.227644920,5.115703106,4.414837837,5.154164791,7.853477478,7.870889187,7.817573071,7.876551151,5.115703106,5.062724590,7.664700031,5.077241421,7.657122135,4.978374004,6.355051041,5.966256618,5.935075283,5.821801186,6.831858158,7.289732933,7.287264824,5.154164791,5.115703106,5.154164791,6.311809540,5.115703106,5.115703106,7.817995071,7.817259789,7.852911472,7.453959465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming"}}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264341086,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264341086,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0lEcAAO4GTvIjqQMowKgCEQG7wEvNn9QiBdFmjoAQAG5hVAAAAQEICmQVQHAoVY5t"}
01375{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264073974,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264342899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264342899,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}}
01764{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264073974,"flow_src_last_pkt_time":1569051264229464,"flow_dst_last_pkt_time":1569051264343005,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":2469,"midstream":0,"thread_ts_usec":1569051264343005,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d220700_0d4ca5d4ec72_3304d8368043","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264367627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264367627,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0Ya4AAO4GgYsjqQMowKgCEQG73r+o1iHZ6c+WT4AQAG4BngAAAQEICmQVQHcoVZL7"}
01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264090815,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264369936,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264369936,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264090815,"flow_src_last_pkt_time":1569051264259325,"flow_dst_last_pkt_time":1569051264369938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051264369938,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264371125,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264371125,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0jjEAAO4GVQgjqQMowKgCEQG73sEV2c5GmCCNkoAQAG5ClwAAAQEICmQVQHcoVZL8"}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264371989,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264371989,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0C\/kAAO4G10AjqQMowKgCEQG73sBFykuOjtdGY4AQAG7l1wAAAQEICmQVQHcoVZL8"}
01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264093006,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264373131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264373131,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264093006,"flow_src_last_pkt_time":1569051264259677,"flow_dst_last_pkt_time":1569051264373258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051264373258,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}}
01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264091926,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264373882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264373882,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264091926,"flow_src_last_pkt_time":1569051264259470,"flow_dst_last_pkt_time":1569051264374011,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051264374011,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051264666082,"flow_dst_last_pkt_time":1569051264666082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264666082,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1569051264666082,"flow_dst_last_pkt_time":1569051264666082,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1569051264666082,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN7CAbvJrSrvAAAAALAC\/\/+7dwAAAgQFtAEDAwcBAQgKKFWUiQAAAAAEAgAA"}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1569051264666082,"flow_dst_last_pkt_time":1569051264775024,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051264775024,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sL5Zid4ya0q8KASaN+dwQAAAgQFrAQCCApkFUDdKFWUiQEDAwg="}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1569051264776703,"flow_dst_last_pkt_time":1569051264775024,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264776703,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7CAbvJrSrw+WYneYAQBAsw7wAAAQEICihVlPVkFUDd"}
01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264775024,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051264776825,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGTzXAqAIRI6kDKN7CAbvJrSrw+WYneYAYBAsKOgAAAQEICihVlPVkFUDdFgMBAgABAAH8AwPqnmHY+ky08QaEFpsYq0FGVLaxG+964Hq2icanaO7xlCBmz3takGKujlgk83\/DuHgM2oWMrAxFhkG7HMIkIEBMvgAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAg5cIrTlOOMEP5oixl5QwpN10lLFAYbdhRGOo98Zyw2T4ALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264775024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051264776825,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264885425,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051264885425,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0Z4EAAO4Ge7gjqQMowKgCEQG73sL5Zid5ya0s9YAQAG4ybAAAAQEICmQVQPgoVZT1"}
01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264887563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051264887563,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
01728{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051264776825,"flow_dst_last_pkt_time":1569051264887591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2478,"midstream":0,"thread_ts_usec":1569051264887591,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org","domainame":"textsecure-service.whispersystems.org","tls": {"version":"TLSv1.2","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B","blocks":0}}}
02173{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051265118031,"flow_dst_last_pkt_time":1569051265227415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":12293,"flow_dst_tot_l4_payload_len":2636,"midstream":0,"thread_ts_usec":1569051265227415,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":32686.5,"max":114919,"stddev":49905.0,"var":2490513152.0,"ent":3.3,"data": [108942,110621,122,110401,2138,28,112445,4951,114919,23,109553,1892,17,11,122,779,118,231,116,111402,211,108448,1776,614,1715,181,200,291,136,109394,1485]},"pktlen": {"min":52,"avg":519.2,"max":1492,"stddev":606.2,"var":367455.8,"ent":4.1,"data": [64,60,52,569,52,1492,1090,52,178,103,121,52,105,102,94,298,1492,1492,1492,364,52,90,834,52,52,1492,1492,1492,1492,137,52,52]},"bins": {"c_to_s": [4,3,1,1,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0],"s_to_c": [7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,1,1],"entropies": [4.390677452,5.215063572,5.101185799,4.568855762,5.154164791,7.123593330,7.686298847,5.024262428,6.455136299,5.824676991,6.354698181,5.077241421,5.747490406,5.596203804,5.551773548,7.089583874,7.859809875,7.887398720,7.860632420,7.352869511,5.192626476,5.919520855,7.736015797,5.115703106,5.115703106,7.850556374,7.899875164,7.874493599,7.879738331,6.114603519,5.154164791,4.993616104]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051266396342,"flow_src_last_pkt_time":1569051266396342,"flow_dst_last_pkt_time":1569051266396342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051266396342,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1569051266396342,"flow_dst_last_pkt_time":1569051266396342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1569051266396342,"pkt":"xGGLNYKpxiwDYGpkCABFAABMyV0AADQGy0wXORgQwKgCEQG73rjhiC89LB07wYAYAQKY+AAAAQEICpZOcwIoVP9fFwMDABNN53WS+HQ+OdIkNGbGHI++PaTs"}
00913{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051266396342,"flow_src_last_pkt_time":1569051266396342,"flow_dst_last_pkt_time":1569051266396342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051266396342,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1569051266396673,"flow_dst_last_pkt_time":1569051266396342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051266396673,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0yV4AADQGy2MXORgQwKgCEQG73rjhiC9VLB07wYARAQL5ggAAAQEICpZOcwIoVP9f"}
01045{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569051266396342,"flow_src_last_pkt_time":1569051266396673,"flow_dst_last_pkt_time":1569051266396342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051266396673,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1569051266743731,"flow_dst_last_pkt_time":1569051266396342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1569051266743731,"pkt":"xGGLNYKpxiwDYGpkCABFAABMyV8AADQGy0oXORgQwKgCEQG73rjhiC89LB07wYAYAQKXnQAAAQEICpZOdF0oVP9fFwMDABNN53WS+HQ+OdIkNGbGHI++PaTs"}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1569051266743731,"flow_dst_last_pkt_time":1569051266980874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051266980874,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN64AbssHTvB4YgvVYAQA\/9Y6QAAAQEICihVnPyWTnMC"}
00920{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051266396342,"flow_src_last_pkt_time":1569051266743731,"flow_dst_last_pkt_time":1569051266980874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051266980874,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1569051266743731,"flow_dst_last_pkt_time":1569051266980893,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051266980893,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN64AbssHTvB4YgvVoAQA\/9Y6AAAAQEICihVnPyWTnMC"}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267121677,"flow_dst_last_pkt_time":1569051267121677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051267121677,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1569051267121677,"flow_dst_last_pkt_time":1569051267121677,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1569051267121677,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGbbHAqAIRDSP9Kt7DAbsjR8rsAAAAALAC\/\/\/U1AAAAgQFtAEDAwcBAQgKKFWeFwAAAAAEAgAA"}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1569051267121677,"flow_dst_last_pkt_time":1569051267154562,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1569051267154562,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAPEG\/LQNI\/0qwKgCEQG73sO\/wI8zI0fK7aAScSCWtAAAAgQFrAQCCAqvNN\/RKFWeFwEDAwg="}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1569051267161440,"flow_dst_last_pkt_time":1569051267154562,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051267161440,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGbb3AqAIRDSP9Kt7DAbsjR8rtv8CPNIAQBAsybAAAAQEICihVnjqvNN\/R"}
01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267154562,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1569051267161538,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGa7jAqAIRDSP9Kt7DAbsjR8rtv8CPNIAYBAvKhwAAAQEICihVnj6vNN\/RFgMBAgABAAH8AwOed0BRRXhHmhS2o0Rd7s+quzaOqPDOekK9aAMPsTMIOSC1IZE3ylyuwin+a6TID60OpC6k\/IyX7sen4PPIFu25JAAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAABMAEQAADmNkbi5zaWduYWwub3JnABcAAAANABgAFgQDCAQEAQUDAgMIBQgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIKiOhVxjy4KSaZXVIZPgxwuPZSXAvfjlA0iNSRIg7yBrAC0AAgEBACsABQQDBAMDAAoACgAIAB0AFwAYABkAFQDlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01211{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267154562,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051267161538,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cdn.signal.org","domainame":"cdn.signal.org","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267194585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569051267194585,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0UOEAAPEGq9sNI\/0qwKgCEQG73sO\/wI80I0fM8oAQAHYz9AAAAQEICq8039UoVZ4+"}
01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267197332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1569051267197332,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cdn.signal.org","domainame":"cdn.signal.org","tls": {"version":"TLSv1.2","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
01618{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267161538,"flow_dst_last_pkt_time":1569051267197345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2383,"midstream":0,"thread_ts_usec":1569051267197345,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cdn.signal.org","domainame":"cdn.signal.org","tls": {"version":"TLSv1.2","server_names":"cdn.signal.org","ja3s":"c4b2785a87896e19d37eee932070cb22","ja4":"t13d1713h2_0633f72d41ca_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12","blocks":0}}}
02158{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267296344,"flow_dst_last_pkt_time":1569051267317465,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":11716,"flow_dst_tot_l4_payload_len":2541,"midstream":0,"thread_ts_usec":1569051267317465,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":11950.2,"max":43365,"stddev":16041.8,"var":257340416.0,"ent":3.7,"data": [32885,39763,98,40023,2747,13,39382,7752,43365,416,22,34673,57,7463,493,19,81,373,5900,119,379,42152,16,471,26781,7559,10672,123,259,280,26119]},"pktlen": {"min":52,"avg":498.2,"max":1492,"stddev":608.0,"var":369644.2,"ent":4.0,"data": [64,60,52,569,52,1492,995,52,178,52,103,121,52,52,105,102,94,243,90,1492,1492,1492,52,90,52,671,52,1492,1492,1492,1492,52]},"bins": {"c_to_s": [5,4,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0],"s_to_c": [7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,0,0,1],"entropies": [4.433722496,5.194311619,5.024262428,4.269306660,5.062724590,7.102223873,7.698739052,5.077241421,6.281415939,5.115703106,5.989915848,6.360937119,5.077241421,5.077241421,5.716584206,5.596204281,5.530496597,6.966745853,5.422244072,7.874898434,7.862365246,7.863490105,4.937912464,5.888910294,5.077241421,7.631612301,5.077241421,7.861750603,7.881488323,7.873866558,7.857449532,5.115703106]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1569051245838268,"flow_src_last_pkt_time":1569051261595218,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac"}}
01077{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1569051255515841,"flow_src_last_pkt_time":1569051255541412,"flow_dst_last_pkt_time":1569051255539776,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":46,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":12,"flow_first_seen":1569051264073974,"flow_src_last_pkt_time":1569051267100183,"flow_dst_last_pkt_time":1569051267098946,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":938,"flow_dst_tot_l4_payload_len":3555,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
00952{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1569051257169058,"flow_src_last_pkt_time":1569051257194834,"flow_dst_last_pkt_time":1569051257192407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":23,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":23,"midstream":1,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01009{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":170,"flow_dst_packets_processed":95,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267569935,"flow_dst_last_pkt_time":1569051267601717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":195730,"flow_dst_tot_l4_payload_len":3003,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"cdn.signal.org"}}
01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569051264088425,"flow_src_last_pkt_time":1569051264088425,"flow_dst_last_pkt_time":1569051264113960,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":151,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":151,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"textsecure-service.whispersystems.org"}}
00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":11,"flow_first_seen":1569051264090815,"flow_src_last_pkt_time":1569051264669892,"flow_dst_last_pkt_time":1569051264664676,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1047,"flow_dst_tot_l4_payload_len":2828,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":11,"flow_first_seen":1569051264091926,"flow_src_last_pkt_time":1569051264679871,"flow_dst_last_pkt_time":1569051264678301,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":3041,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":11,"flow_first_seen":1569051264093006,"flow_src_last_pkt_time":1569051264674713,"flow_dst_last_pkt_time":1569051264673423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1039,"flow_dst_tot_l4_payload_len":2793,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":16,"flow_first_seen":1569051264666082,"flow_src_last_pkt_time":1569051265237202,"flow_dst_last_pkt_time":1569051265235427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":12293,"flow_dst_tot_l4_payload_len":5429,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"textsecure-service.whispersystems.org"}}
01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569051247593701,"flow_src_last_pkt_time":1569051247593701,"flow_dst_last_pkt_time":1569051247630078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":59,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e673.dsce9.akamaiedge.net"}}
00948{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1569051266396342,"flow_src_last_pkt_time":1569051267048829,"flow_dst_last_pkt_time":1569051267005795,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":39,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":63,"midstream":1,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01012{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":20,"flow_first_seen":1569051247599529,"flow_src_last_pkt_time":1569051247843054,"flow_dst_last_pkt_time":1569051247841181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":956,"flow_dst_tot_l4_payload_len":10672,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com"}}
01013{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":21,"flow_first_seen":1569051264078385,"flow_src_last_pkt_time":1569051264482482,"flow_dst_last_pkt_time":1569051264481174,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":956,"flow_dst_tot_l4_payload_len":11279,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AppleiTunes","proto_id":"91.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"itunes.apple.com"}}
01108{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1569051247594090,"flow_src_last_pkt_time":1569051257495298,"flow_dst_last_pkt_time":1569051257493175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":818,"flow_dst_tot_l4_payload_len":2835,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
00932{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051264115004,"flow_src_last_pkt_time":1569051264115004,"flow_dst_last_pkt_time":1569051264115004,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00973{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":11,"flow_first_seen":1569051247600467,"flow_src_last_pkt_time":1569051261087134,"flow_dst_last_pkt_time":1569051248058195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1039,"flow_dst_tot_l4_payload_len":2793,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
00973{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":11,"flow_first_seen":1569051247601573,"flow_src_last_pkt_time":1569051261087155,"flow_dst_last_pkt_time":1569051248073795,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1047,"flow_dst_tot_l4_payload_len":2828,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
00973{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":10,"flow_first_seen":1569051247603797,"flow_src_last_pkt_time":1569051261087166,"flow_dst_last_pkt_time":1569051248067523,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":3041,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}}
00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":637,"packets-processed":637,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":273842,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":27,"total-updates":0,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":175,"global_ts_usec":1569051267601717}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 637/637
~~ skipped flows.............: 0
~~ total layer4 data length..: 273842 bytes
~~ total detected protocols..: 19
~~ total active/idle flows...: 19/19
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 8808523 bytes
~~ total memory freed........: 8808523 bytes
~~ total allocations/frees...: 145720/145720
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 545 chars
~~ json message max len.......: 2178 chars
~~ json message avg len.......: 1360 chars
|