1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
|
00629{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00850{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1626168074745096}
00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168074745096,"flow_src_last_pkt_time":1626168074745096,"flow_dst_last_pkt_time":1626168074745096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168074745096,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1626168074745096,"flow_dst_last_pkt_time":1626168074745096,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168074745096,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoYkwAAEAGDJLAqAF5NJUVPM4KAbsrlJN\/t5VLK1AQEAACSAAA"}
00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168074926313,"flow_src_last_pkt_time":1626168074926313,"flow_dst_last_pkt_time":1626168074926313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":394,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":394,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168074926313,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01096{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1626168074926313,"flow_dst_last_pkt_time":1626168074926313,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_usec":1626168074926313,"pkt":"6qnehSPO8BiYFWV8CABFAAG+AABAAEAGtOXAqAF5wKgBi83x2EdC5Xfzale+TIAYCAB\/6QAAAQEICj3R7oXM25T9CAABhld\/rqUKPhy+Qdwsnn\/388U2j8HvqfZt7NKn2y6gWIcL98SaPzBZIwnSs72oLTvvlguqUQlKWlLufOGjngWKIhcWUeQoSkpLjQvNSSv7gYi1QDJcZ1YgY8f+7jRqbAl+a\/BPH77qdzC4CNO+ZTGhDrsBC1e4j+Om2CDF7lIs20rukyDxPakgZrQyR46qumvSZQK+8Ppus7xBRLVTFZ\/FLMsl9PGCAEbWgCbmE+w3QXxCCveq9PGBZhO0SuogOJTbCwQu9OkRw87OZldYZJp97qFOjNzQCbVznEIqCLtpav3x8Ag0jVTZabHaayJ+x1z+e8rrZGIX7\/xkSnTBSKyCqMjx2NYF\/5qZhXz4yht89P+8mINNVQ551w864eTaFTcnaSMT0rXqSgtRPoy81ZDM+FmYMt0yLvMJCWWLMV4kGp8LOoIV+I4ULnhXqgmK8DvlRJvF4FU+NKoY88FXQH9DXPUqmsZnrKy4vytUEpb2L3gzXD\/pZCo9RlP7UlcWSVAiGiSkdeXqHQ=="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1626168074745096,"flow_dst_last_pkt_time":1626168074928929,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168074928929,"pkt":"8BiYFWV8WNVuaKQACABFAAAohXJAAGYGg2s0lRU8wKgBeQG7zgq3lUsrK5STgFAQCAUKQgAA"}
01095{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1626168075218986,"flow_dst_last_pkt_time":1626168074926313,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"thread_ts_usec":1626168075218986,"pkt":"6qnehSPO8BiYFWV8CABFAAG+AABAAEAGtOXAqAF5wKgBi83x2EdC5Xfzale+TIAYCAB+xwAAAQEICj3R76fM25T9CAABhld\/rqUKPhy+Qdwsnn\/388U2j8HvqfZt7NKn2y6gWIcL98SaPzBZIwnSs72oLTvvlguqUQlKWlLufOGjngWKIhcWUeQoSkpLjQvNSSv7gYi1QDJcZ1YgY8f+7jRqbAl+a\/BPH77qdzC4CNO+ZTGhDrsBC1e4j+Om2CDF7lIs20rukyDxPakgZrQyR46qumvSZQK+8Ppus7xBRLVTFZ\/FLMsl9PGCAEbWgCbmE+w3QXxCCveq9PGBZhO0SuogOJTbCwQu9OkRw87OZldYZJp97qFOjNzQCbVznEIqCLtpav3x8Ag0jVTZabHaayJ+x1z+e8rrZGIX7\/xkSnTBSKyCqMjx2NYF\/5qZhXz4yht89P+8mINNVQ551w864eTaFTcnaSMT0rXqSgtRPoy81ZDM+FmYMt0yLvMJCWWLMV4kGp8LOoIV+I4ULnhXqgmK8DvlRJvF4FU+NKoY88FXQH9DXPUqmsZnrKy4vytUEpb2L3gzXD\/pZCo9RlP7UlcWSVAiGiSkdeXqHQ=="}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1626168075218986,"flow_dst_last_pkt_time":1626168075586934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168075586934,"pkt":"8BiYFWV86qnehSPOCABFAAA0AABAAEAGtm\/AqAGLwKgBedhHzfFqV75MQuV5fYAQD\/PHGQAAAQEICszblug90e6F"}
00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1626168075218986,"flow_dst_last_pkt_time":1626168075586940,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168075586940,"pkt":"8BiYFWV86qnehSPOCABFAABAAABAAEAGtmPAqAGLwKgBedhHzfFqV75MQuV5fbAQD\/MYpQAAAQEICszblug90e+nAQEFCkLld\/NC5Xl9"}
02524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1626168075218986,"flow_dst_last_pkt_time":1626168075654777,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1626168075654777,"pkt":"8BiYFWV86qnehSPOCABFAAXcAABAAEAGsMfAqAGLwKgBedhHzfFqV75MQuV5fYAQEAA\/LwAAAQEICszbl6I90e+nCAAMK86QfDKwdx3jUejPj7qRT9AoB7skOEmdttykMBDn2eBudNswfW9a84jtv\/bpr0M7pyCnpzhNjw6qufA\/VqBV8ffV\/iNMNL42r5vN6Lo9T2Jizujo7AQWz6KjMnOP9Y2dEsV\/Z+WO8PRCdloaIQnZWW6Kr\/rxIg85ujC6ZH52UI2c+VNrkzpIDibZaEN1LkKZIA\/DaQ\/38MGPYBaCk3J7jSIElgWAt8Bjp+6pufpiZSmn6qDZd0poq7QeSRwdrMJ8bTUGzkBWlf0Rj1zKS0aiSg4HCyTpz\/9ResVEhHDWWT+YP8aiLvwwzUrWU1DQmHcKBrNtQb15wZFp7N0z20jft3l4k9PTz0O+xugl8b310UhDitMSUgYVcjsYcKAcM6cCdHhhlScVlvWwjbJY5kaRh2OpU0qoLDdDHTKl58K20QJIzECsjb9rL+oRt\/jpqvRZhRSgxb9F9ug4UcFoc0BrIwHFHW6L5g5k+AfdFUUVuQ6op4p\/5+qrNf04Id78Kh5LV5nqZG5wvP3jvbJPc\/B7X2mNJq9aioOle1F\/It6r8FZbSIafvcvcFRyj93zir4BQA8ZOoRL2fDOnA3bmDctAwNBE5\/DmFZf+PQEIAQTCBsCt2EmRKwZD1Ddks3i0rlMFQg7semsaS+ttg9HSkY8u0s+LvTHxiNd9QObuFLvfD0N03XK1rbY0Re0s4O1t6uwaTzcXOxRNOcTr2BMzwMxqtGuj8bbdavAn+yrE2ZVeAfreeh3307DykIeqfD+N3aAV5vWZpP\/vZYRMw1pfJqbK4BFuDb9tUmB+FtgafoAPI5X+UhXsXhbpcw33w4MehEiI2P0sbyV8NcW7j119M0UaJ\/rdBxsd0By+qCOECMyfb6kT8MQ7samPNssh1EzwuH9WljxWO7WDuSmWHhTEl3AOwHaeyTXvvCg5GyRrpLbRb0fU5Uf7VoI\/fhqg0Qmh8R6ocjNjsKkpbMIP9b8g4hBNx7sUgD3I31mbsFXwk37meJOFX5UyS3tLo4Y4mSCRSbo1f+y8QBJK7Hb89+jgi6hbmNIKq80vfllSmBYoKGDEbBfpHN3OoU1nvA9mLDPaErZwXvCS6UMBu\/Jxur7wM6Dk5S5KzyUBeCayfCvKXWcm6t6lebRrrkmWwGyiKfv0361OW7g+QNgG85U7r60coUQAhmhbXYDa0Ne5hiDnnfqtIJ\/+0DtD4u21iFupIvfW56mnXB7hTyajylBIEkSC+hmeSWgzLLy+tPTEju6sQOw+2yZfRfemSAUkC4Wei8wbu1Di+bqx4BRu10WFlpqUyOAOqhN3nGSN0XcFBCdfHLufDu4gzy7CGRkB0NIQBImBOWrYabPB+03XcZtDt4h2j5a5nI9SmrdNVfQgGXnS5qZRQWcItE4nbK2Yi6Xuak6zJzix0ah4I42R4\/nIxAbdWN\/K\/BJyN\/W2BNa0gkXT8WdiZRbNSkrB8AeQ0oYBJWCmPmgUpbJ9WQ1kZjRQtUacVYbaQYsQORfKpxvqAfO8sA2KQ68TJHWvJLaXfPk+1IWRaHyOhK2FCY52TCuVRHd9LwHfUmKSgITpfeJZfzauJAKp1STT\/kTQJ9CoBTyCcrLDbOXgpnKCtuSKITrmTaFYtBiQ9395\/hMI7llyyqGu6cDaDg9rlWyLwWhwhnaiXC9tipZLd0DR9gj9nmApj2Q6U9p7UNCQiU6cBnKltcrlSn7D1mtlILT0TjOGEuKe9e0e+H5MwFaGAvQurGkVEMVXlLxguxIO4SUco7LZKviPvgcDZdaIoItTgpelqdSm5pMW3Qt8UVh\/JtLLJLJhGKZBIKJp\/XOwQxQS5E6ftS4s0EFpigkwfmM+rFwCE2IYsEod996b\/7LO3fzXc1VoTtD63F6KiXraxzgRLg1kv3qVkJUwwssHSibRjZ87otaG\/HX7PoRSJHU9xOg="}
00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168075664939,"flow_src_last_pkt_time":1626168075664939,"flow_dst_last_pkt_time":1626168075664939,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168075664939,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1626168075664939,"flow_dst_last_pkt_time":1626168075664939,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1626168075664939,"pkt":"WNVuaKQA8BiYFWV8CABFAABI5dsAAEARwpjAqAF5CAgICMwbADUANLpX5f8BAAABAAAAAAAAAzEyMQExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="}
01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168075664939,"flow_src_last_pkt_time":1626168075664939,"flow_dst_last_pkt_time":1626168075664939,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168075664939,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"121.1.168.192.in-addr.arpa","domainame":"121.1.168.192.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr": []}}}
00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1626168075665060,"flow_dst_last_pkt_time":1626168075664939,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1626168075665060,"pkt":"WNVuaKQA8BiYFWV8CABFAABHYLwAAEARR7nAqAF5CAgICMwbADUAM5mdqksBAAABAAAAAAAAAjYwAjIxAzE0OQI1Mgdpbi1hZGRyBGFycGEAAAwAAQ=="}
01247{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1626168075664939,"flow_src_last_pkt_time":1626168075665060,"flow_dst_last_pkt_time":1626168075664939,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":87,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168075665060,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"60.21.149.52.in-addr.arpa","domainame":"60.21.149.52.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr": []}}}
00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1626168075665140,"flow_dst_last_pkt_time":1626168075664939,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1626168075665140,"pkt":"WNVuaKQA8BiYFWV8CABFAABIJLIAAEARg8LAqAF5CAgICMwbADUANFbmSGkBAAABAAAAAAAAAzEzOQExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="}
01250{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1626168075664939,"flow_src_last_pkt_time":1626168075665140,"flow_dst_last_pkt_time":1626168075664939,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":131,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168075665140,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"139.1.168.192.in-addr.arpa","domainame":"139.1.168.192.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr": []}}}
00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1626168075665140,"flow_dst_last_pkt_time":1626168075675917,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1626168075675917,"pkt":"8BiYFWV8WNVuaKQACABFAABI\/DUAAHkRcz4ICAgIwKgBeQA1zBsANNZiSGmBgwABAAAAAAAAAzEzOQExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="}
01240{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168075664939,"flow_src_last_pkt_time":1626168075665140,"flow_dst_last_pkt_time":1626168075675917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":131,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1626168075675917,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"139.1.168.192.in-addr.arpa","domainame":"139.1.168.192.in-addr.arpa","dns": {"num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr": []}}}
00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1626168075665140,"flow_dst_last_pkt_time":1626168075681009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"thread_ts_usec":1626168075681009,"pkt":"8BiYFWV8WNVuaKQACABFAACRrTMAAHkRwfcICAgIwKgBeQA1zBsAfYPZqkuBgwABAAAAAQAAAjYwAjIxAzE0OQI1Mgdpbi1hZGRyBGFycGEAAAwAAcAPAAYAAQAAAB8APgduczEtMjAxCWF6dXJlLWRucwNjb20ABm1zbmhzdAltaWNyb3NvZnTASQAAAAEAAAOEAAABLAAJOoAAAAA8"}
01240{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1626168075664939,"flow_src_last_pkt_time":1626168075665140,"flow_dst_last_pkt_time":1626168075681009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":131,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1626168075681009,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"60.21.149.52.in-addr.arpa","domainame":"60.21.149.52.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr": []}}}
00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168075993609,"flow_src_last_pkt_time":1626168075993609,"flow_dst_last_pkt_time":1626168075993609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168075993609,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1626168075993609,"flow_dst_last_pkt_time":1626168075993609,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1626168075993609,"pkt":"AQBeAAD76qnehSPOCABFAAB0G+EAAP8R\/GjAqAGL4AAA+xTpFOkAYH4FAAAAAAACAAAAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEAACkFoAAAEZQAEgAEAA4Aumq\/a01YO+qp3oUjzg=="}
01032{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168075993609,"flow_src_last_pkt_time":1626168075993609,"flow_dst_last_pkt_time":1626168075993609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168075993609,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_companion-link._tcp.local","domainame":"_companion-link._tcp.local","mdns": {}}}
00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168075993721,"flow_src_last_pkt_time":1626168075993721,"flow_dst_last_pkt_time":1626168075993721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168075993721,"l3_proto":"ip6","src_ip":"fe80::1059:a858:f9e7:cf94","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1626168075993721,"flow_dst_last_pkt_time":1626168075993721,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":150,"pkt_l4_len":96,"thread_ts_usec":1626168075993721,"pkt":"MzMAAAD76qnehSPOht1gCggAAGAR\/\/6AAAAAAAAAEFmoWPnnz5T\/AgAAAAAAAAAAAAAAAAD7FOkU6QBgoIcAAAAAAAIAAAAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQAAKQWgAAARlAASAAQADgC6ar9rTVg76qnehSPO"}
01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168075993721,"flow_src_last_pkt_time":1626168075993721,"flow_dst_last_pkt_time":1626168075993721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168075993721,"l3_proto":"ip6","src_ip":"fe80::1059:a858:f9e7:cf94","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_companion-link._tcp.local","domainame":"_companion-link._tcp.local","mdns": {}}}
00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168076015959,"flow_src_last_pkt_time":1626168076015959,"flow_dst_last_pkt_time":1626168076015959,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":341,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":341,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168076015959,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00986{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1626168076015959,"flow_dst_last_pkt_time":1626168076015959,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_usec":1626168076015959,"pkt":"6qnehSPO8BiYFWV8CABFAAFxqZwAAP8RjIrAqAF5wKgBixTpFOkBXfEmAACEAAAAAAEAAAAFD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUAAgFTUJQcm\/ADMAyACGAAQAAAHgADgAAAADN8QVNQlByb8AhwDIAEIABAAARlAB3EXJwSE49ZWYzZjBmMDE0OThlDHJwRmw9MHgyMDAwMApycFZyPTIxMC40EXJwSEE9NjM4Y2VmMTVmYTJiEXJwQUQ9YzJlYTRjNWFjZmVlEXJwSEk9MmRiM2M5NTVjZDgyFnJwQkE9NTM6REQ6Qjk6MDY6QjU6MDAFTUJQcm8MX2RldmljZS1pbmZvwBwAEAABAAARlAAzFG1vZGVsPU1hY0Jvb2tQcm8xNCwxCm9zeHZlcnM9MjASZWNvbG9yPTIyNSwyMjUsMjIzwEwAHIABAAAAeAAQ\/oAAAAAAAAAIKbjnNzdtvsBMAAGAAQAAAHgABMCoAXk="}
01037{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168076015959,"flow_src_last_pkt_time":1626168076015959,"flow_dst_last_pkt_time":1626168076015959,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":341,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":341,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168076015959,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_companion-link._tcp.local","domainame":"_companion-link._tcp.local","mdns": {}}}
00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168076607950,"flow_src_last_pkt_time":1626168076607950,"flow_dst_last_pkt_time":1626168076607950,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168076607950,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":5}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1626168076607950,"flow_dst_last_pkt_time":1626168076607950,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_usec":1626168076607950,"pkt":"AQBeAAAC6qnehSPOCABGAAAgeZkAAAECCQnAqAGL4AAAApQEAAAXAAgE4AAA+w=="}
00900{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168076607950,"flow_src_last_pkt_time":1626168076607950,"flow_dst_last_pkt_time":1626168076607950,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168076607950,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168076607953,"flow_src_last_pkt_time":1626168076607953,"flow_dst_last_pkt_time":1626168076607953,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168076607953,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":5}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1626168076607953,"flow_dst_last_pkt_time":1626168076607953,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_usec":1626168076607953,"pkt":"AQBeAAD76qnehSPOCABGAAAgaRwAAAECGI3AqAGL4AAA+5QEAAAWAAkE4AAA+w=="}
00902{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168076607953,"flow_src_last_pkt_time":1626168076607953,"flow_dst_last_pkt_time":1626168076607953,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168076607953,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077017501,"flow_dst_last_pkt_time":1626168075993609,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1626168077017501,"pkt":"AQBeAAD76qnehSPOCABFAACI8IoAAP8RJ6vAqAGL4AAA+xTpFOkAdC8RAAAAAAACAAEAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEIX2hvbWVraXTAHAAMAAHADAAMAAEAABGUAAgFTUJQcm\/ADAAAKQWgAAARlAASAAQADgC6ar9rTVg76qnehSPO"}
00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077017862,"flow_dst_last_pkt_time":1626168075993721,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":170,"pkt_l4_len":116,"thread_ts_usec":1626168077017862,"pkt":"MzMAAAD76qnehSPOht1gCggAAHQR\/\/6AAAAAAAAAEFmoWPnnz5T\/AgAAAAAAAAAAAAAAAAD7FOkU6QB0UZMAAAAAAAIAAQAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAwAAQhfaG9tZWtpdMAcAAwAAcAMAAwAAQAAEZQACAVNQlByb8AMAAApBaAAABGUABIABAAOALpqv2tNWDvqqd6FI84="}
00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077413785,"flow_src_last_pkt_time":1626168077413785,"flow_dst_last_pkt_time":1626168077413785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077413785,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077413785,"flow_dst_last_pkt_time":1626168077413785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168077413785,"pkt":"WNVuaKQA8BiYFWV8CABFAABAe7EAAEARLMvAqAF5CAgICNkPADUALCfrXeUBAAABAAAAAAAABHdkY3AJbWljcm9zb2Z0A2NvbQAAQQAB"}
01100{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077413785,"flow_src_last_pkt_time":1626168077413785,"flow_dst_last_pkt_time":1626168077413785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077413785,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr": []}}}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077415370,"flow_src_last_pkt_time":1626168077415370,"flow_dst_last_pkt_time":1626168077415370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077415370,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077415370,"flow_dst_last_pkt_time":1626168077415370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168077415370,"pkt":"WNVuaKQA8BiYFWV8CABFAABA7DEAAEARvErAqAF5CAgICNJ8ADUALMmVww0BAAABAAAAAAAABHdkY3AJbWljcm9zb2Z0A2NvbQAAAQAB"}
01100{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077415370,"flow_src_last_pkt_time":1626168077415370,"flow_dst_last_pkt_time":1626168077415370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077415370,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077415370,"flow_dst_last_pkt_time":1626168077439746,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1626168077439746,"pkt":"8BiYFWV8WNVuaKQACABFAAC9hRIAAHgR6uwICAgIwKgBeQA10nwAqSezww2BgAABAAMAAAAABHdkY3AJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAANmgAfCndkLXByb2QtY3AOdHJhZmZpY21hbmFnZXIDbmV0AMAwAAUAAQAAARUANhh3ZC1wcm9kLWNwLWV1LW5vcnRoLTItZmULbm9ydGhldXJvcGUIY2xvdWRhcHAFYXp1cmXAG8BbAAEAAQAAAAQABChxCi8="}
01132{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077415370,"flow_src_last_pkt_time":1626168077415370,"flow_dst_last_pkt_time":1626168077439746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1626168077439746,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["40.113.10.47,ttl=4"]}}}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077441399,"flow_src_last_pkt_time":1626168077441399,"flow_dst_last_pkt_time":1626168077441399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077441399,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077441399,"flow_dst_last_pkt_time":1626168077441399,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"thread_ts_usec":1626168077441399,"pkt":"WNVuaKQA8BiYFWV8CABFAABlf9gAAEARKH\/AqAF5CAgICP\/UADUAUcNfVk0BAAABAAAAAAAAGHdkLXByb2QtY3AtZXUtbm9ydGgtMi1mZQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AAEEAAQ=="}
01175{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077441399,"flow_src_last_pkt_time":1626168077441399,"flow_dst_last_pkt_time":1626168077441399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077441399,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","domainame":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr": []}}}
00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077469097,"flow_src_last_pkt_time":1626168077469097,"flow_dst_last_pkt_time":1626168077469097,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077469097,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077469097,"flow_dst_last_pkt_time":1626168077469097,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168077469097,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KWAbtjvPcwAAAAALAC\/\/\/cwgAAAgQFtAEDAwYBAQgKPdH4ZwAAAAAEAgAA"}
00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077413785,"flow_dst_last_pkt_time":1626168077486637,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_usec":1626168077486637,"pkt":"8BiYFWV8WNVuaKQACABFAADs3EYAAHkRkokICAgIwKgBeQA12Q8A2KuGXeWBgAABAAIAAQAABHdkY3AJbWljcm9zb2Z0A2NvbQAAQQABwAwABQABAAAN4AAfCndkLXByb2QtY3AOdHJhZmZpY21hbmFnZXIDbmV0AMAwAAUAAQAAAG0ANhh3ZC1wcm9kLWNwLWV1LW5vcnRoLTEtZmULbm9ydGhldXJvcGUIY2xvdWRhcHAFYXp1cmXAG8B0AAYAAQAAADsAMwRwcmQxDmF6dXJlZG5zLWNsb3VkwEoGbXNuaHN0wBEAACcRAAADhAAAASwACTqAAAAAPA=="}
01112{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077413785,"flow_src_last_pkt_time":1626168077413785,"flow_dst_last_pkt_time":1626168077486637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":208,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1626168077486637,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":65,"rsp_type":5,"rsp_addr": []}}}
00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077506382,"flow_src_last_pkt_time":1626168077506382,"flow_dst_last_pkt_time":1626168077506382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077506382,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077506382,"flow_dst_last_pkt_time":1626168077506382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168077506382,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KXAbtENsV0AAAAALAC\/\/8t3wAAAgQFtAEDAwYBAQgKPdH4jAAAAAAEAgAA"}
00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077441399,"flow_dst_last_pkt_time":1626168077507825,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_usec":1626168077507825,"pkt":"8BiYFWV8WNVuaKQACABFAACx7P0AAHkRgg0ICAgIwKgBeQA1\/9QAnZiFVk2BgAABAAAAAQAAGHdkLXByb2QtY3AtZXUtbm9ydGgtMi1mZQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AAEEAAcAlAAYAAQAAADsAQARwcmQxDmF6dXJlZG5zLWNsb3VkA25ldAAGbXNuaHN0CW1pY3Jvc29mdMBAAAAnEQAAA4QAAAEsAAk6gAAAADw="}
01187{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077441399,"flow_src_last_pkt_time":1626168077441399,"flow_dst_last_pkt_time":1626168077507825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1626168077507825,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","domainame":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr": []}}}
00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077469097,"flow_dst_last_pkt_time":1626168077517315,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077517315,"pkt":"8BiYFWV8WNVuaKQACABFAAA0QHFAAG0G2JEocQovwKgBeQG70pbavX69Y7z3MYAS\/\/\/xlwAAAgQFoAEDAwgBAQQC"}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1626168077517411,"flow_dst_last_pkt_time":1626168077517315,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168077517411,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KWAbtjvPcx2r1+vlAQEAAiVwAA"}
01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1626168077517977,"flow_dst_last_pkt_time":1626168077517315,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168077517977,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KWAbtjvPcx2r1+vlAYEAD30wAAFgMBAgABAAH8AwNkegAS3SJdh+Ps6UKG9MyXAf0SRqbWmWVBhQp\/VOVADSDgVOCn66tcEgqkfLL0mp6O7VxhxdDeiMyDL+q388p15AA2uroTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfVpaAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAAqqqgAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACmqqgABAAAdACAJu3qSxuQsxDbpNVWddZpTF2zJ6kWp8q3j+IxIhWZeHwAtAAIBAQArAAsKGhoDBAMDAwIDASoqAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077469097,"flow_src_last_pkt_time":1626168077517977,"flow_dst_last_pkt_time":1626168077517315,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077517977,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077506382,"flow_dst_last_pkt_time":1626168077557557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077557557,"pkt":"8BiYFWV8WNVuaKQACABFAAA0ihJAAG0GjvAocQovwKgBeQG70pd9bt1TRDbFdYAS\/\/9BkgAAAgQFoAEDAwgBAQQC"}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1626168077557625,"flow_dst_last_pkt_time":1626168077557557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168077557625,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KXAbtENsV1fW7dVFAQEAByUQAA"}
01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1626168077557905,"flow_dst_last_pkt_time":1626168077557557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168077557905,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KXAbtENsV1fW7dVFAYEAAkCwAAFgMBAgABAAH8AwNPLclcNOiYyKfkFUFX9CBTeYItyA+K1YMdY+Waaxu8GiAZcvK6JMhkcMeFF\/bogwVRv4DlHl2J+vNEetT4N0HCDAA2amoTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfdraAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAAqKigAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACmKigABAAAdACDwwbzb63uhezmRq24dKuSGOD4717wf5fUd\/9x8ZXG6RQAtAAIBAQArAAsKWloDBAMDAwIDAbq6AAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077506382,"flow_src_last_pkt_time":1626168077557905,"flow_dst_last_pkt_time":1626168077557557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077557905,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}}
02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1626168077517977,"flow_dst_last_pkt_time":1626168077565896,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168077565896,"pkt":"8BiYFWV8WNVuaKQACABFAAXQQHJAAG0G0vQocQovwKgBeQG70pbavX6+Y7z5NlAQCANxtAAAFgMDDxACAABaAwNg7VsNiz+wizixR9j60nU5wQVw\/OZ309c5RX1hR6XMSyDtDwAAQdTTz2ltKh+JWyvmjp8TN3AFuIHXs68A2pPeOsAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="}
01906{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168077469097,"flow_src_last_pkt_time":1626168077517977,"flow_dst_last_pkt_time":1626168077565902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168077565902,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077590364,"flow_src_last_pkt_time":1626168077590364,"flow_dst_last_pkt_time":1626168077590364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077590364,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077590364,"flow_dst_last_pkt_time":1626168077590364,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1626168077590364,"pkt":"WNVuaKQA8BiYFWV8CABFAAA\/efAAAEARLo3AqAF5CAgICMikADUAK6rjycUBAAABAAAAAAAAA3d3dwltaWNyb3NvZnQDY29tAABBAAE="}
01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077590364,"flow_src_last_pkt_time":1626168077590364,"flow_dst_last_pkt_time":1626168077590364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077590364,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.microsoft.com","domainame":"www.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr": []}}}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077590442,"flow_src_last_pkt_time":1626168077590442,"flow_dst_last_pkt_time":1626168077590442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077590442,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077590442,"flow_dst_last_pkt_time":1626168077590442,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1626168077590442,"pkt":"WNVuaKQA8BiYFWV8CABFAAA\/el4AAEARLh\/AqAF5CAgICOMxADUAK47tCy8BAAABAAAAAAAAA3d3dwltaWNyb3NvZnQDY29tAAABAAE="}
01098{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077590442,"flow_src_last_pkt_time":1626168077590442,"flow_dst_last_pkt_time":1626168077590442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077590442,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.microsoft.com","domainame":"www.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00862{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077590364,"flow_dst_last_pkt_time":1626168077604344,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_usec":1626168077604344,"pkt":"8BiYFWV8WNVuaKQACABFAAETO6UAAHgRNAQICAgIwKgBeQA1yKQA\/zFnycWBgAABAAMAAQAAA3d3dwltaWNyb3NvZnQDY29tAABBAAHADAAFAAEAAAelACMDd3d3CW1pY3Jvc29mdAdjb20tYy0zB2VkZ2VrZXkDbmV0AMAvAAUAAQAAAHAANwN3d3cJbWljcm9zb2Z0B2NvbS1jLTMHZWRnZWtleQNuZXQLZ2xvYmFscmVkaXIGYWthZG5zwE3AXgAFAAEAAAAZABkGZTEzNjc4BGRzY2IKYWthbWFpZWRnZcBNwKgABgABAAAAMgAxBm4wZHNjYsCtCmhvc3RtYXN0ZXIGYWthbWFpwBpg7VdYAAAD6AAAA+gAAAPoAAAHCA=="}
01111{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077590364,"flow_src_last_pkt_time":1626168077590364,"flow_dst_last_pkt_time":1626168077604344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":247,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":247,"midstream":0,"thread_ts_usec":1626168077604344,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.microsoft.com","domainame":"www.microsoft.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":65,"rsp_type":5,"rsp_addr": []}}}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077604858,"flow_src_last_pkt_time":1626168077604858,"flow_dst_last_pkt_time":1626168077604858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077604858,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077604858,"flow_dst_last_pkt_time":1626168077604858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1626168077604858,"pkt":"WNVuaKQA8BiYFWV8CABFAABIwDAAAEAR6EPAqAF5CAgICNkaADUANI8rXZMBAAABAAAAAAAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AABBAAE="}
01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077604858,"flow_src_last_pkt_time":1626168077604858,"flow_dst_last_pkt_time":1626168077604858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077604858,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e13678.dscb.akamaiedge.net","domainame":"e13678.dscb.akamaiedge.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr": []}}}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077604997,"flow_src_last_pkt_time":1626168077604997,"flow_dst_last_pkt_time":1626168077604997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077604997,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077604997,"flow_dst_last_pkt_time":1626168077604997,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1626168077604997,"pkt":"WNVuaKQA8BiYFWV8CABFAABIJH8AAEARg\/XAqAF5CAgICNUhADUANLCIQG8BAAABAAAAAAAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AAABAAE="}
01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077604997,"flow_src_last_pkt_time":1626168077604997,"flow_dst_last_pkt_time":1626168077604997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077604997,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e13678.dscb.akamaiedge.net","domainame":"e13678.dscb.akamaiedge.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1626168077557905,"flow_dst_last_pkt_time":1626168077607577,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168077607577,"pkt":"8BiYFWV8WNVuaKQACABFAAXQihNAAG0GiVMocQovwKgBeQG70pd9bt1URDbHelAQCAMVNQAAFgMDDxACAABaAwNg7VsNrUHv7aK8m51exLCgb9UXgehWdrwaasjq\/kZHuSBKRQAAJAFMO\/\/9EucIis19X6Ej2yC9TNEzZ7sX6gMxycAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="}
01906{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168077506382,"flow_src_last_pkt_time":1626168077557905,"flow_dst_last_pkt_time":1626168077607612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168077607612,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077604858,"flow_dst_last_pkt_time":1626168077619979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1626168077619979,"pkt":"8BiYFWV8WNVuaKQACABFAACITIkAAHkRIqsICAgIwKgBeQA12RoAdB3yXZOBgAABAAAAAQAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AABBAAHAEwAGAAEAAAKpADQGbjBkc2NiwBgKaG9zdG1hc3RlcgZha2FtYWkDY29tAGDtWc8AAAPoAAAD6AAAA+gAAAcI"}
01129{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077604858,"flow_src_last_pkt_time":1626168077604858,"flow_dst_last_pkt_time":1626168077619979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":108,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":108,"midstream":0,"thread_ts_usec":1626168077619979,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e13678.dscb.akamaiedge.net","domainame":"e13678.dscb.akamaiedge.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":65,"rsp_type":0,"rsp_addr": []}}}
00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077620854,"flow_dst_last_pkt_time":1626168077620854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077620854,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077620854,"flow_dst_last_pkt_time":1626168077620854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168077620854,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGVJbAqAF5AhYh69KYAFDHEa2yAAAAALAC\/\/\/SXgAAAgQFtAEDAwYBAQgKPdH4\/AAAAAAEAgAA"}
00801{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077590442,"flow_dst_last_pkt_time":1626168077622136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_usec":1626168077622136,"pkt":"8BiYFWV8WNVuaKQACABFAADmBoMAAHgRaVMICAgIwKgBeQA14zEA0sNDCy+BgAABAAQAAAAAA3d3dwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAosACMDd3d3CW1pY3Jvc29mdAdjb20tYy0zB2VkZ2VrZXkDbmV0AMAvAAUAAQAAAyUANwN3d3cJbWljcm9zb2Z0B2NvbS1jLTMHZWRnZWtleQNuZXQLZ2xvYmFscmVkaXIGYWthZG5zwE3AXgAFAAEAAAMDABkGZTEzNjc4BGRzY2IKYWthbWFpZWRnZcBNwKEAAQABAAAAEwAEAhYh6w=="}
01130{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077590442,"flow_src_last_pkt_time":1626168077590442,"flow_dst_last_pkt_time":1626168077622136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":202,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":202,"midstream":0,"thread_ts_usec":1626168077622136,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.microsoft.com","domainame":"www.microsoft.com","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["2.22.33.235,ttl=19"]}}}
00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077620854,"flow_dst_last_pkt_time":1626168077632344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1626168077632344,"pkt":"8BiYFWV8WNVuaKQACABFAAA8AABAADkGW5oCFiHrwKgBeQBQ0pgVbXIGxxGts6AS\/oilegAAAgQFtAQCCAqgBBfWPdH4\/AEDAwc="}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1626168077632420,"flow_dst_last_pkt_time":1626168077632344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077632420,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGVKLAqAF5AhYh69KYAFDHEa2zFW1yB4AQCArKugAAAQEICj3R+QegBBfW"}
00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1626168077632855,"flow_dst_last_pkt_time":1626168077632344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"thread_ts_usec":1626168077632855,"pkt":"WNVuaKQA8BiYFWV8CABFAAEHAABAAEAGU8\/AqAF5AhYh69KYAFDHEa2zFW1yB4AYCAp9hQAAAQEICj3R+QegBBfWR0VUIC9wa2kvY2VydHMvTWljUm9vQ2VyQXV0MjAxMV8yMDExXzAzXzIyLmNydCBIVFRQLzEuMQ0KSG9zdDogd3d3Lm1pY3Jvc29mdC5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGl0LWl0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IGNvbS5hcHBsZS50cnVzdGQvMi4wDQoNCg=="}
01162{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077632855,"flow_dst_last_pkt_time":1626168077632344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077632855,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft365","proto_id":"7.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.microsoft.com","domainame":"www.microsoft.com","http": {"url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}}}
00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077604997,"flow_dst_last_pkt_time":1626168077633946,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1626168077633946,"pkt":"8BiYFWV8WNVuaKQACABFAABYGXsAAHgRVukICAgIwKgBeQA11SEAREvAQG+BgAABAAEAAAAABmUxMzY3OARkc2NiCmFrYW1haWVkZ2UDbmV0AAABAAHADAABAAEAAAATAAQCFiHr"}
01146{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077604997,"flow_src_last_pkt_time":1626168077604997,"flow_dst_last_pkt_time":1626168077633946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":1626168077633946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e13678.dscb.akamaiedge.net","domainame":"e13678.dscb.akamaiedge.net","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["2.22.33.235,ttl=19"]}}}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1626168077632855,"flow_dst_last_pkt_time":1626168077643688,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077643688,"pkt":"8BiYFWV8WNVuaKQACABFAAA0bRxAADkG7oUCFiHrwKgBeQBQ0pgVbXIHxxGuhoAQAfzP6QAAAQEICqAEF+I90fkH"}
01456{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077632855,"flow_dst_last_pkt_time":1626168077654666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":1436,"midstream":0,"thread_ts_usec":1626168077654666,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft365","proto_id":"7.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"www.microsoft.com","domainame":"www.microsoft.com","http": {"url":"www.microsoft.com\/pki\/certs\/MicRooCerAut2011_2011_03_22.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}}}
00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077660456,"flow_dst_last_pkt_time":1626168077660456,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077660456,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077660456,"flow_dst_last_pkt_time":1626168077660456,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168077660456,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGVJbAqAF5AhYh69KZAFBWi1SkAAAAALAC\/\/+bzgAAAgQFtAEDAwYBAQgKPdH5IAAAAAAEAgAA"}
00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077660456,"flow_dst_last_pkt_time":1626168077670653,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1626168077670653,"pkt":"8BiYFWV8WNVuaKQACABFAAA8AABAADkGW5oCFiHrwKgBeQBQ0pnFRlw1VotUpaAS\/ohpIwAAAgQFtAQCCAqAXqM6PdH5IAEDAwc="}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1626168077670728,"flow_dst_last_pkt_time":1626168077670653,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077670728,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGVKLAqAF5AhYh69KZAFBWi1SlxUZcNoAQCAqOZAAAAQEICj3R+SqAXqM6"}
00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077670653,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"thread_ts_usec":1626168077671150,"pkt":"WNVuaKQA8BiYFWV8CABFAAEJAABAAEAGU83AqAF5AhYh69KZAFBWi1SlxUZcNoAYCAqtegAAAQEICj3R+SqAXqM6R0VUIC9wa2lvcHMvY2VydHMvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3J0IEhUVFAvMS4xDQpIb3N0OiB3d3cubWljcm9zb2Z0LmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogaXQtaXQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogY29tLmFwcGxlLnRydXN0ZC8yLjANCg0K"}
01164{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077670653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077671150,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft365","proto_id":"7.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.microsoft.com","domainame":"www.microsoft.com","http": {"url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":0,"content_type":"","user_agent":"com.apple.trustd\/2.0"}}}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077680554,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077680554,"pkt":"8BiYFWV8WNVuaKQACABFAAA0kqtAADkGyPYCFiHrwKgBeQBQ0pnFRlw2VotVeoAQAfyTkwAAAQEICoBeo0Q90fkq"}
01458{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077671150,"flow_dst_last_pkt_time":1626168077691567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":1436,"midstream":0,"thread_ts_usec":1626168077691567,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft365","proto_id":"7.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"www.microsoft.com","domainame":"www.microsoft.com","http": {"url":"www.microsoft.com\/pkiops\/certs\/MicSecSerCA2011_2011-10-18.crt","code":200,"content_type":"application\/octet-stream","user_agent":"com.apple.trustd\/2.0"}}}
00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077734028,"flow_src_last_pkt_time":1626168077734028,"flow_dst_last_pkt_time":1626168077734028,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168077734028,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077734028,"flow_dst_last_pkt_time":1626168077734028,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077734028,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAGezbAqAF5jFJxGtKRAbvAP+ze5D7DE4ARCAAudQAAAQEICj3R+WZAyN\/6"}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077735142,"flow_src_last_pkt_time":1626168077735142,"flow_dst_last_pkt_time":1626168077735142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077735142,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077735142,"flow_dst_last_pkt_time":1626168077735142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1626168077735142,"pkt":"WNVuaKQA8BiYFWV8CABFAABCGz0AAEARjT3AqAF5CAgICP69ADUALrrFTnABAAABAAAAAAAACnRpbWUtbWFjb3MFYXBwbGUDY29tAAABAAE="}
01104{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077735142,"flow_src_last_pkt_time":1626168077735142,"flow_dst_last_pkt_time":1626168077735142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077735142,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"time-macos.apple.com","domainame":"time-macos.apple.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077735142,"flow_dst_last_pkt_time":1626168077749239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":193,"pkt_l4_len":159,"thread_ts_usec":1626168077749239,"pkt":"8BiYFWV8WNVuaKQACABFAACzStAAAHkRJDkICAgIwKgBeQA1\/r0An7qJTnCBgAABAAYAAAAACnRpbWUtbWFjb3MFYXBwbGUDY29tAAABAAHADAAFAAEAAAR8ABUIdGltZS1vc3gBZwdhYXBsaW1nwB3AMgABAAEAAANFAAQR\/Tb7wDIAAQABAAADRQAEEf1s\/cAyAAEAAQAAA0UABBH9bH3AMgABAAEAAANFAAQR\/TZ7wDIAAQABAAADRQAEEf02fQ=="}
01213{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077735142,"flow_src_last_pkt_time":1626168077735142,"flow_dst_last_pkt_time":1626168077749239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":151,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":151,"midstream":0,"thread_ts_usec":1626168077749239,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"time-macos.apple.com","domainame":"time-macos.apple.com","dns": {"num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["17.253.54.251,ttl=837","17.253.108.253,ttl=837","17.253.108.125,ttl=837","17.253.54.123,ttl=837"]}}}
00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077750362,"flow_src_last_pkt_time":1626168077750362,"flow_dst_last_pkt_time":1626168077750362,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077750362,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1626168077750362,"flow_dst_last_pkt_time":1626168077750362,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1626168077750362,"pkt":"WNVuaKQA8BiYFWV8CABFAABMdJwAAEAR+uvAqAF5Ef02+8BAAHsAOBCpIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00971{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168077750362,"flow_src_last_pkt_time":1626168077750362,"flow_dst_last_pkt_time":1626168077750362,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168077750362,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"version":4,"mode":3}}}
00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077750362,"flow_dst_last_pkt_time":1626168077780464,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1626168077780464,"pkt":"8BiYFWV8WNVuaKQACABFAABMU7FAADcR5NYR\/Tb7wKgBeQB7wEAAOB9pJAED6wAAAAAAAAALU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mN1Ssd5+SX2Y3VLRfJ"}
00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1626168077734028,"flow_dst_last_pkt_time":1626168077848613,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1626168077848613,"pkt":"8BiYFWV8WNVuaKQACABFAABTEkpAADAGeM2MUnEawKgBeQG70pHkPsMTwD\/s34AYAEWx6wAAAQEICkDJEb890flmFQMDABpqQiSe8lZWsEgoTupah5UnGMUqJn8V431Q+A=="}
00934{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077734028,"flow_src_last_pkt_time":1626168077734028,"flow_dst_last_pkt_time":1626168077848613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":31,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":31,"midstream":1,"thread_ts_usec":1626168077848613,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1626168077734028,"flow_dst_last_pkt_time":1626168077848617,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168077848617,"pkt":"8BiYFWV8WNVuaKQACABFAAA0EktAADAGeOuMUnEawKgBeQG70pHkPsMywD\/s34ARAEUESgAAAQEICkDJEcA90flm"}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1626168077848703,"flow_dst_last_pkt_time":1626168077848617,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168077848703,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGe0LAqAF5jFJxGtKRAbvAP+zfAAAAAFAEAABu5gAA"}
00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168078653044,"flow_src_last_pkt_time":1626168078653044,"flow_dst_last_pkt_time":1626168078653044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168078653044,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1626168078653044,"flow_dst_last_pkt_time":1626168078653044,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1626168078653044,"pkt":"WNVuaKQA8BiYFWV8CABFAABGLVcAAEARex\/AqAF5CAgICMseADUAMgvmotEBAAABAAAAAAAAAzIzNQIzMwIyMgEyB2luLWFkZHIEYXJwYQAADAAB"}
01114{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168078653044,"flow_src_last_pkt_time":1626168078653044,"flow_dst_last_pkt_time":1626168078653044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168078653044,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"235.33.22.2.in-addr.arpa","domainame":"235.33.22.2.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr": []}}}
00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1626168078654016,"flow_dst_last_pkt_time":1626168078653044,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1626168078654016,"pkt":"WNVuaKQA8BiYFWV8CABFAABITn4AAEARWfbAqAF5CAgICMseADUANKzYlN8BAAABAAAAAAAAAjI2AzExMwI4MgMxNDAHaW4tYWRkcgRhcnBhAAAMAAE="}
01251{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1626168078653044,"flow_src_last_pkt_time":1626168078654016,"flow_dst_last_pkt_time":1626168078653044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168078654016,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"26.113.82.140.in-addr.arpa","domainame":"26.113.82.140.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr": []}}}
00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168078673569,"flow_src_last_pkt_time":1626168078673569,"flow_dst_last_pkt_time":1626168078673569,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1448,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1448,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168078673569,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
02508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1626168078673569,"flow_dst_last_pkt_time":1626168078673569,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168078673569,"pkt":"WNVuaKQA8BiYFWV8CABFAgXQAABAAEAGm5DAqAF5NGKjEtC1Absg2aa\/F4bv+FAQEACuIgAAFwMDCRUAAAAAAAAAWfKHBs70qmO4BAxw\/KH76VJthsd+JmhEdw9LbrjkTjI9b3XfM0DMNLKHxmQFc1wZ9+v47IezDEajRVIeCS0iuwLsGsA3YBgKp65J4M20GnYw3QEoWxPt99213+KI1CclXQzaueofFw\/qIILvmneWSh5sBJstqbtZLD2cDfq2tFoUseLZtuSKYL5M6qSNwvarEAmysHZgT7Udi\/a0Qp07Np4WgFkq\/a9MQH22ift7VaKutQa0mJmP19SdWXTILAVbvhO3J6cdL9EqjePIeIkXKca0uVG2cDnC+ogcIBgWiBVq1pQlzG6pgHKD3PRA0vNoda3MJ0atx621R\/WKvfMZJYbQztqn6MP4oCdEaJloUS59wJjijiLCZEHV1oirlnS2nC0LRIMkV0xOr2eStcvbZVXw4nOKDQS6H4Zgv11KltQC1JnlZF3H2hfUzks7VZJ1piCl7JLEyNiXPboWZlWGmZoEaDAEUa\/zJI4IEULQtYV9J4jBVG0LIyT8dLpi5cgu5HSsaKdQTef+rQO01UnLW77pUjM2FuWnb+vOmbNg9vroOAp08oUd4WURirzl+3HYtCcfBI3wOCJwEWivMjawTzc9kqNg6MLXXDVodJ+9u6ySbjGo8wdF8Ujzicfc0DHPbSwSWwzi48Lx1Xv3zlCdNcfYFQi2USvaYTxC82pbJFTcLcjA75y5d4uDzJFLRDQQPcLYiW1zyuRecgn4v\/HoR\/nQn8q3KO2aunXtZjN2Sgwqa9bCj+P70uuLOr7LdCSf95Yuvv83BVkjI8LO\/K2GelZusfiw+ph2AM5v3nVCVFtVClMHt5LBbn90AGigLyLssV8usgvMte9WY2YO5RbaLrRuaQaZXq7xKP6I9rbLNl04xmGTkSwgMCnsYgpwvWgoxVEJKIK81LOzdRyjEIzviQKsdu5zYpaTUYn0gMWLbk8gisL6HsaNyyzZRZny4WG9c8rHaQ0AVF7OZHAfugm1G0Ya+4uTEO06lH0Y0luTPeZbk6BzWyTQN4kkdYJgzbQ\/H4fL96wAxDKYsoN4xb\/dNiL+rBxozbwW3E3YDpgsLBHEYXx\/9T+ZZByNcVhoanUoyeZR4La0nznczRNl0BSSAwop3ffF\/3weBpuyebCHd3nQY06YIOyKfw5o\/8+DIvbWrrftOtndpCOAfM8xK0ncs0qGgNDeHWSGhfqOCu4xsd1D6TNFpi+SoFxZbO162qCP1uQZqSIk3sB4T700Vag3Fmr5zAc2+Cy2sdC\/A9S2zr73WQ2tNqbvUTsm7mAOCy6fHXiJfrCMOm070Q3x\/hDA1F\/ri24teJTcz681Tpyzz98or8aBXhC1tirmfRKLeb1za5S0A5FpvCOErLaYZ7JnA2Hcnep7W9VvnkzVZD\/eh5PJxQTtMHNN3t73y3SocpYzsv4jecsMhINyJMQzKIZyFN7BeOFn3Icd72v79IVYW+OEMLTFGr\/z0a3l6KHAUNHg5OrTZy63kxeuj2oqpuTuGGW5OGR1vga0lB9LeT5DNs1fw4ET+3+xHSDQYEpIQCm73rmKpEzHnGvP6PaZFc3upw\/YvkfAML3GBWjg6BeNxYGhLgBq1U7bw1AAqe3KjEtHWznkCRp0j2b1yA1x473SNIk\/Tl0OU2uF4V2zDlzbygL3UGekyceZ9TOivgWvNEFgm3JDyB1JsgPkE1UA9Mb3RcUv6IS4oUKckZLMvYCqsp6JNk+hSM2SSYrjCpjVhAAYR\/Tw9J3qPbVuQ\/+0boJNNW9SXU3FXb1mu6\/UjowIaOU5yd1Ruw2HgKAG+TcnMQdTBDCV1Fn1s2Gos7GgJFmic+wrwQmUwvry3qcM4QfQn+KkqL+DVzAfZpY3UE5kKkQw09tvvvCnUub+fKLuuHs2xshp8SgWsVHUpe\/eGalaURu9E5+S5ef5NZPTZU4="}
01743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1626168078673569,"flow_dst_last_pkt_time":1626168078673569,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":936,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":936,"pkt_l4_len":902,"thread_ts_usec":1626168078673569,"pkt":"WNVuaKQA8BiYFWV8CABFAgOaAABAAEAGncbAqAF5NGKjEtC1Absg2axnF4bv+FAYEAByKgAA8hiRnjTuMaDQEL+CLYj0enfAkHVnXO7nV5IzKiak6sLS6qxgDE4htK9g2bjk3R484+O\/m3LR4RiopAnWolcjfbrpfWVb1lMjRimj35IfoR0InDQcTV+lqM1hnbaRsbPul7kk7yp40mdnMbGeSdokyNlVd+Gc2o9y\/kRGCp\/RqZF8PhlnvFvIilO8yiVaTaBmaNQ2c5Ph9+sPKU5aFL1uQpdr\/lZqIfEq2kVgCrdBeDo4qNeeQzKtJNsLVSSXJNaa5EbU9xA4Gcwa59FEb+z5l5k6kMngz8ZNuAlqyaHzifpWW3O+gJvTHlQKGmobQMi8ii1K+B8azR0rME7gHuYp8j9KIa090V1eZVPAqukxBBhYGnGZkUnr+FDlf1ZK\/6jjt\/FM8rQ\/lbeUUBqVgsa+O\/WxUto3U7xUvYDA5nlmX+JiSIl7TX4qI+Ru0aN0Akmto\/YQCR\/ts7jv1DeYAK5L5Yy2Vh6PLRQ4c+Pa\/92Jj4DNdt3iyKVflpKtt14Zke3huw2c2HHz1srDVPgqGpJqA\/eD7864eDOp49Ft0Yeo1yo62XnCO2MSq34SmUewekOqz3llMeY3SFHNG\/SCIEenKOH+ZLswKCtHaL23XWktzPIAvtiPaUe8OQwJHr\/lbrWuPFkD\/U0II2V8NaPz4AVb17oDlmuZOeHOf8JZ5gjU14hPhQ0t944FAWUouPhqgHpug4J7fVHUyJ1W0HeNumJ7723SardKLRg5P7i3J2r6\/9HqflhjXWWoqO31j\/pyOLWOUftD3uTRP8P11Cr3jlNVHTXBld4hude0v33CDpTR\/mf09FhR1Yz1vcA7zHJhk+Hem4vzglb2dTx3BT6MRYPvgUON2zk99ErenQrEGfd6PyJWO5iWwsY0xU8meKY2Jp0LdAk9BxGhy3LU4uTxR4t614VXg7Le3F2XXuKmjbJsQgbVMUYhVkJ6JBcddg15aCLR+YYoWrYgjp+WThS8gLNpJaxaihLqA77pNdcaI187nN+luEpN2fsVBRr1v588oPOg6ugZIMvvQGM\/932ci9FWgh+Egtrp9jWvgwN6C+x\/6Ul9gPKwr35MQ2L88mYUnXuuDGVnTkJ6VTWgAawJ1AxcwiThWo3unPbjvr6pM+jswTV6XOO7V8+41tsMKM1s8WPQI+YtWq8fuv3wgnLtmndqFCNp"}
01064{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1626168078673569,"flow_src_last_pkt_time":1626168078673569,"flow_dst_last_pkt_time":1626168078673569,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":882,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2330,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168078673569,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168078673880,"flow_src_last_pkt_time":1626168078673880,"flow_dst_last_pkt_time":1626168078673880,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1448,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1448,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168078673880,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
02503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1626168078673880,"flow_dst_last_pkt_time":1626168078673880,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168078673880,"pkt":"WNVuaKQA8BiYFWV8CABFAgXQAABAAEAGm5DAqAF5NGKjEtC0AbvnBlzSyo5yyVAQEADxegAAFwMDCRUAAAAAAAAA26eDpJKN0BUxQmpzIi5g3ucuMMDrMgecHX\/CXiINnB6nf8RfrEh6QYh8SapIE51Wk64JXAUrOVrpUS79nUGqzqypD0Bb3GpnKslW+hVNJEAhzXjXlIms0Mdvn6rZf1ZDryhGsMaJdsIsDeqTE7cSjb\/AwDHg30Dyx\/033m2orYnQp+ZJ5N9NWzfNjr1H+vEJ2aGglmYbAeu\/eTtxNNfcP8qqdaUykL6lGIGhgLgYGMo5CMVqPKpBBKbvbUNBzJadRi9LHo18AgSCwBMZ6bHVYJDpuFL7e4MT+bXzL18TYFQOTCQfRi5j7DT1as0nLD6cQ0jKomb4NNz1M1ClcV55CitfGm0nMZU3GHOq9xlAFFOdfaUNUR+\/9UjqZ44ylRWAqJ6YHxWCQdtqMTvizXKZS4+o82xV4TJVbLkhSRuiz2uTEwwVxekQB2DDmh3GiR9Ye6GPUgczN\/oCVDwpIkKENeQcP\/6Pokh8HMAvZ2RSwo+VUg00wRguVh\/w3achjv22jf5I9GRZwEow5WUpfCf8lVnHG9wLFCzsLG1I8WMaT0TDTKmn7QoYLtSk2V04tAybQOMHVVI0hNhlfUXhSh+SCshPM17AY0UkKtRYcOa2eStGarsU2t5cfO840a2F+oCsIGDj3tvdR13INFmb7pHkKy+Q2V+4uyAMl+Ox8g+B18vuMUBFtZgxt4DO0uuOzFmplvXLtxD3fbrKuxl\/6k\/eCJsGdMUgzkQC\/tUwe4V3D4jZHwwQSFFI+17aKc3J7x1BEo6ekzNTJS1+B4LNLTfv+T0lK8gzRlr5u7\/zaM8tfLPPN37K2o1mRMRjA5iIukpvT8U5wOf5x\/TVVVdMA8FAaqdY6hLNRSvAFVtu5XaBHOcfP3sb1XSB1z4GRcUCgiJxv+lQFekTDU9BS5oGQCQcC+WphKRrfjCRy8ZZhWK9J\/fFGeUgxNdNGEWCyhtCDvzCtVbUxSi2WZ66rDdU3aSKcEOMnDfpPuQ3aNkoqkdkwbdMewaWAPifWpjrrxg90ieLTE7FgbcxFjvhr5lFLSoRBF\/iPJs6lHTLDkWB5y15f1r\/8ZLDb4IhW9FIX\/CLiZ6rpS0mHTHUE9vn\/9hAsmx46xOm3J34VvMgqFYNluvzn3dUGnNnv4rW9ETLU5nx9MjAInMLEQZjDDkNtlaMy4FrKcYLZYQdYzERpfoBvKuaTJfKsWfO7jgAn1v6gbrSWphH3cXzQjxw802J0V4QeazmBVGA0E6lG79pCNEO0uh2dgwktSmtwiCBclBc5tjf6nl4O1l4nqizShQRxCCIPprqlc5ewvpot0KzGllydHXYVwvl3NqOGVnDVbcYW6rsr9cNQcgn1WFKVBGaaHM+XgnvZNhqKSKSS\/JwnHZ96JaxzHCfl4G5C2cceJe1cA34Dat1FKEtweJ9xvHyrHpcm5q9Vkp7cv2o7Ygb+hipT+4C1cSkXBVesDC0+tvSXpCsG73FkouarVtpL+0PQKkzAR1yJgDVrUYv9JCem0QTLOVmTHZ+lN3HGmtyIJYoBu1J4ll241iHn4yj6vQ701Nb8mVXZ6EpF\/5V+Ojw4OShpQ9K4JNfmRah1H4u1+tm5sdLnJXJCnxd1z1bP35y0tiPSMOaFD7D36ftgNesfeblmbdO3QvYo5sZjH2g\/rkgDvWctEdVPFefeneKNa6YJtDm2B1tmPiPBA9Oq0w39UHoupp7PhIxW8KMg8k6pOGMjzQ6Lk23qZ2phXBaaIaaOL394fc7c7DxLl8DqdGBlLveqkkwCREFnxvKjAePN1cC1XOtq0lnaYt1kQ27UguJ0fER9DAfYowgtFCNAKFVeNA3gSi1AQ+OtFaANU7+ThFzU9jKVufQm+9414vvr6INHdHhMJCKTXzk4z8zZd0u+NZ05MVhtrOOr5TlUY0TGx+kJE8="}
01732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1626168078673881,"flow_dst_last_pkt_time":1626168078673880,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":936,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":936,"pkt_l4_len":902,"thread_ts_usec":1626168078673881,"pkt":"WNVuaKQA8BiYFWV8CABFAgOaAABAAEAGncbAqAF5NGKjEtC0AbvnBmJ6yo5yyVAYEADQ3AAA8smVcb3q7jInDMp6iu2tmr5Z01S6ktfb24g2DVivJvFFx18svOuqK0sgnY23ZGcWDPabxfRHCA4+gQkog41eD9Q+jY8o9PdPxSEJPwKKiq97+swgykYZPYYGmASILHqMJuZfByhEv3xViLnOQSEMlZhcFWZRFTusxMYced9WKWA0fc6Tz6HTt2Slu4vTvwt52pLlywDQ+moDsDqD4uzlqRKVGfUL\/ch1qgzh1ik3fV6dkbtg2JStfj9+0gWhw\/1tpp41Yq3ViTYYlVWsBAlK9383UtTU6832bkiivRikzvg6xlr6cUoD8pfbv255mX4wGzTGlmpvD4zQbPqZWm+dyGHA4KTjyuOM3iUOXvN2EIc4hSFWRtZSWhTg95jPk2WAmsedaTcdmQKZ2viJIrwprKiA8pqElIbad4UayJEEQ2rLEHe+6Rkn7weFiJ9Cf4UMQ6av+K70+Y96itdD4PDv0OKsC6tZfU\/tfc4I3DNLWON4dS6I+6zur216gRLFptPxg8nJaKRiptY9M7sohpWI5akHqMg98N8hf2hc0wH9zfT\/L5fz7Z9CQdyywynd2mPmUEW9OWFeYn4wEC\/gdxA80M9Zzf7uv0KAn+8LelSJkvdI3pBiv4FC333GGWS6fic1Zy4pYfk+L8GFZinANnaiXdJr7xAtMQ1GYOBWAHKoH+GJ8tU2xACRvM36EvIAH0I2RrIzXjHRnEOXkSC+CLSu8xyz6ePYQHWJqTeOV24udwyFiAkzDPh7H2SHxmU7LHZwkam8rX9zgmZLxdYHlhAD2yJRjuwO6msg2yZjsqwSwxdSZJhRunBsHb4p7DEvQLMPjpsbatjtgVN9T+qsCyHCJEkFmMU3QsxkCGtossZlWOQrLODqkaHoKbAV0ZeWnv1dwukSAWvNXFgALrC\/LDs9Yk\/0HHogbwj5gGNEDtJS+nkfi7bA8yoN5eCDO2Vffn4zk+ciDVKaCLhgHHzVMIfIKVrI1fMzRQLNYRDWjxKcqdipYwYp0PAI+b3Yx\/DzTVijfHkaedZRCvCw9VPw+QLgF0VkIyTaHhWJgvUO1Zj1YHqbkkNGKFdwVWPQGrGrq1LqA0g1BITMzZ35AcyWNuoGr66LZrtpjF+wDWVoz964kvXYU00tfXiJSAYozGe62YqD95apGcA76\/XZl5+SMB+fuqPf"}
01064{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1626168078673880,"flow_src_last_pkt_time":1626168078673881,"flow_dst_last_pkt_time":1626168078673880,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":882,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2330,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168078673881,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
02516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1626168078674837,"flow_dst_last_pkt_time":1626168078673569,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168078674837,"pkt":"WNVuaKQA8BiYFWV8CABFAgXQAABAAEAGm5DAqAF5NGKjEtC1Absg2a\/ZF4bv+FAQEAAXNQAAFwMDDxEAAAAAAAAAWp5GeZKPSB7w816DdrEEqHX9aC+YviuGDPWPZX1hWzeJO56tAdFAhHB2CxgaqBUmTp67G7NpRBSOlgFCk7Rz2PSU2RjHkzQN9DEZnqJDnpBJTPsDp7SajTr4PwFG5UIWqi9zReh9EtkjrIng35h3QjPy5pgRGIggIUa\/zHocLpnIHnx2NID0uKUJhEdZqWE4pcslJgdX4YfRKdEPTj3+9rZ3sLr++gXqMzrFGQr9EQgG6\/tRgaivaU0aW0ztmvO3\/qkvcrzeXMhBZCC0bJVz2bEiKKLd+7L5\/eHqmfs1xGLoIVjqoCMrClOzLnCDeSqZPqsY8tiTWubYavu9O8jG+ez+5Hkdw5Zqb5fD9oP0Ibcl2RZkNVM95HmLc4YD76gl\/z1R4Pv\/X+\/YqfzUCuKlbPSA2rgZ1AV5JLooIc7Be\/pYYpsCuIChG0LSB3wA5uDyqmIr57tSP8OI\/758hiFPERZ62qSkcVdehrui9bd5qubE0mTze86LYcawTdiQmMEKmQRBM4+o\/tLRLdTTAHx+8vIwh6AzvixYQvN8Ez8hb+phV92bD5q6hI7M8\/JGEZPjzNU+xKD+ISfZsgEkV2kgA1pedlTeMVuH\/BZclBXFLL5qRfhqeOdjAoZ73FOd8rYWzIde9ssd7E5A+tydX+O9p3kJTnLjhtup7pO1JKqLG8qs7kj4hnoO0t81p9EOSvl36UbBJ\/\/ta9Ym0CAwPBXdG+wAoJE7kndX2G2xUen+Ixk8fIsE2mGGvoV1Us4DqJZlvb5kJ5nWps2iI9sPEuDCreKTajgn6cDATXaCOavuKfFgCBU7JO2xOSJglSq7B7a6Rdhau\/3b0GgchjkVWsL6KTcuabDbsB3hgBi88ZjqfwCY2Nb9XY\/bt2EvOKRb8ymRF+9JboUUDmnm0q\/gX\/KH1nOauqAmFBE3aLfeWKAmW\/ItfqIuivKY+YDdWjc0HTcG1YGSfVrjr6aDU6y2TemMpnTIWRCWpvy7K5WBLe5V6MFlmxWmTIqOmq2cAefJgEppNDtGK3uWqgpEtHWR7rX\/TY7ljVAdLTNKRs1CNLO9YQxubR3nk57cLpnXbrfj+v+Lj4KuWOQnGZWe\/F\/8TM6cKx8vWkZgNLvg7fWbclvvuNbfQRKs6H63c6ZScHSu30WlwdJca10PuaOw6kUS8+8NgGoTM6EEL\/iGpUGKZDRPOSrSaO1EzIgUat4tPz1jNP77yXzl++\/KXlg43EyAlQZOnRr\/NFgfM4gzLfr7lDMDA3E0lRT+v95g78gwDuwXQ7BBPnvAls+NQwZbP7V0m0BvQjEB6p0fzqeSFPDpYbzQ0ZX6GjzMOnlKuf61RRwzVqCy8gfKQUs3skC1gvLgCV41uMUPTEfGnxmlKSMMVedbAmX+sTsKmnVgrA25Xxx44Rnz4aF\/zFkDRBzvExZFLH6OXGMRXTSfsHLF31OKw0QjcHdXKZOHlLQlo\/rph7r52bcX5wKB3t7XosUhaCCO8kIb3nCkluBB+sXwJFoKumEHcqAVe9Z4M3C6DXD1eVQo5daa5wFvH9M6HZwbTveh7JVbvVN9W+ACJJ82iXxyheKmXUZCNDVrtQaESdZ59LGHrlE2HGCg9gGl6VFzZLygZFAEjriuVbNilai2NxLiYx9gUajnBWGV8FEvryyeJFk\/CE6DTkT5\/Kza\/2Cu73O0Rb9icER0MPyduoWRXyUIUkVQogDMSeWnU3q93wChqd9rGdeB4XXoIzzAE+R\/SRKrrCLHUwPWEq20rYRcseqENqusBQFpiEpsgV0CsZ5TY3+f7Z7A3Y\/FdWIGrpWpaXY666wWyBIvkxWFWygO7Vx3zPMA3tnlzCspk3L3LaW0mn2EnnX30PeY5vR3upafUEAXSo6G6QdKCFC0FARyFx\/T+JPasg5u4ToWCOaORH2gHwo="}
02506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1626168078674837,"flow_dst_last_pkt_time":1626168078673569,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168078674837,"pkt":"WNVuaKQA8BiYFWV8CABFAgXQAABAAEAGm5DAqAF5NGKjEtC1Absg2bWBF4bv+FAQEACQnAAABg3Zzi4vggcNtytBsa\/y8W09C94YMblGKIH6NGyxuw9AhR\/6a9h6iFULfEIL8f2wPFX8vQ1FhCQS9faxVejy82v+\/Y24pBSHLz0fpHcVQj47twKhv4o4e9J6LTMMwebwih73nj93eEE4OkuULY+Zba3mrHbJ\/b9WSfR9fzyF1ZjzdCNXgENYLSbHO5FfR3SSslJArrUhQcg0YDcpCPhiSLw+9eprXrL3pGMqitgsf+ybJAUow5In1lrNS7ModA9a508HJ1q+4bOvtCVDFVt+m6dQbAPTrvNpA8ZMc9dfhrLXusMeCrhUKLHQtLA+El\/OtpzERg2ZBD1oHIF9BE7L3XPj9\/wGHGPxF8LM6BB4XhO3ScTbDO3YX95BRK8oxXIcV6gc3MpgOttR1aowMZkUyXRFPegMD1p2B6igix1NfZjg59NahUpMK2X6LPSabtLpBsae5RPE2unNZCv7ChHhGmKXH6YBTyagzXhnnNsg\/V3WTKQJbGJsBgkjL39RWkdEWJD9m4ThkY98gR8dR+l7914R3nF21KLz9Y9Z92hu8WjIMk9WcblucomcRzHx038fsGO15oLTa8tIVRE9VGvYBDfBPLLO4vJ+ERreO3oIA+doJpSlt+Yaf9CBY8UMsPodzBz08fFo2GjZbFNWXp\/HAFogqiKIsv1nbJJdJVzeZ48PMmCGIqbA4f9OQ4kdpZaXbFeq4SeRD0rpPwHfjJihV3U9rikum2RoTbYdwkjuXFvaInSF6sKDoc1nvHfJsJhMpWg9sqRpQ\/5lonG38yPyCIBXvxAafCuXVJPACq+3J0Aisx66GQI2n5F6L7Z+kXjT3wZa0QCRCkplKbSsVaMhYiU8DwxaVwpNGHQW1C1GKxzuWf7jX8WTX+Q4cn89p8NXixxKc8ZoXP9HG8gk4kkyL067h2inFvnQowdib1a9xFDPNE5VlVgT7QXln9Qb3gRd5zIlDCH5XPu6AqQjUHWur6U\/C+Fdl6bzHDTCg5no91HtpZcetgEh9a8i1Nv\/KOQoxpMQyL3jiUihFhwvkr+mRuH3nidd0VRcR+jDlpMphos1c06ArJ42M51VXieeZGEsGBB8Epf\/CM5AL9TvOpZM9\/DWo5nG\/ZonL8SvTlOtLFay48MBsZht0lTGyrer36anRH3EbYE5epQYlFcXP2qjIgpmdouwyvjj+0weU+x5mJ267qlPMofyXUPZchLjJ1ykPjiTtOZfvWBEe7YV+gkY7rLRct\/j3LJBAIiF3Bm7uQ+7ZpkNfn6OQoaaDkTe4pb6F2coCrpVkENsDRD6qTfvgoU50yhZlYNth+nQRsOo\/p7Ii585gonSQCree0gdI1lf9ftC7hE46R6sfuCFynZ5rw+L+LdYXuy2FgUGyxLKwhjN2q8zh5SAb8dcBqZC7Fy25jkd9Hav1mNDwpye7KUqu4nv2fDVg8ncfWK8p2P5aVmRnPPLwyilh\/PzIEYXHHasS7VZUWCm2Xd1PhLqAj8I+EuVPfQaXa3dyW\/n4sG9ysqubc\/VhRm6KUIVittW2zT3gN9tDrUPutEnt7MZQKXTyzhlt9dutKPQ3AuYISq26FJXzaOBVVQcVknM8yNJ3uwOFP2ig8RpcNnoScTFFVWohKXZgKb7bnw70RvvEGpZQeRTrx2b5zVTc6OALsLoQo7uGIVXAaIFZDg83Vug\/qC8iBW8zYlncXpaX\/xfZ84JKGy5swgvIFn9bOs\/vcvRhvnTMYUUuUAArRgJlfPZmQXQwdAv0qu8zDVVh5LBgqEZ+LYybJIS35AAO3Fm+v+Iy723FHW6sl2EMlQBLN1ufUe07nbHiP9KC+gySTORRcN8n7NHH9McATLYzA8yKw\/GejTdY5+2YueymjpOZmgpS5j6GKBWoQxNkn6T\/e8STp+13HQe1O3UTDah8oMkN+d9iTxLSmLGccKvnXU="}
01859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1626168078674838,"flow_dst_last_pkt_time":1626168078673569,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1020,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1020,"pkt_l4_len":986,"thread_ts_usec":1626168078674838,"pkt":"WNVuaKQA8BiYFWV8CABFAgPuAABAAEAGnXLAqAF5NGKjEtC1Absg2bspF4bv+FAYEAChSgAA6zcFvjg39T7v6aU1oTrKOOK8XYwaCjnmPDN0aOw1fle0DN6vR8B+q3ZkAOmbHwGdbxUoAQ9WMAp+FThMCpaHfk+ven4+X74D9wq1\/R34VRGr9IMAK12qG0a6P4WEIBME29rbb09zoaFEXWsVyXglojA9uxPNRWOK+UZACqlOgrCTkqqvC0TutLKCrtdn7fQFre1stAatYLtW0J4BDk3N420vbKfZr99juKfaNShiQ5SrStungvotBCEft8t9kYa07Jj\/3dJcuuIJ149oTjaWka8IMh6ZEJN66\/UL9xdAoCvCaIvJuzPFDZpH8dhfZD7gIaxOi2kp8VNWrg3yxbYlEuNhyT4HUXnGpiybtg56dyIYW4k7IpBnm+WU59wD0HW4TuSl63f7rzYVtr7H\/JKy3VsaXCSccwPPrSjWAKSV6Rmqvn1vhKZRhVTsPnN7cx\/Oe+XNbwfRdDhctn74jYkyX5AoV\/tIXf\/FLAG+t8YbwDcn1boj+wGcJLnDM9jh6r75b13HgpI1DMO0Ek8bQtmUm8vSBjnyLJUen7OKZPXd1BynfnrRJizhv5qaNDgjh0x6CmLkMqz55oK2eTl6DysjJ1aHVRzguJLnMvUK2+4hr\/E1SJ0rZZZ2TVhniP7N1fiE3azi19jat\/PH\/x1r6M8BkkehdOksceoDjE+LcQxFB1DqscEhcgk\/Ox6dnVYejL7XRVDN6BGMef2PR1Eq1FQMVXi3J1qR5e\/9EbMC8V18lpazYJtaMycV5i6QgqOKq4sMs3DKtciweoy8Z\/zOlsU2nWL6HdNmkZNQzC2a5tpofRxzPaenR0Qtl8LJZTItcKWKKpjNIJkySGrbWvaKVkwLwE\/Klf5NKPQAZARj0+loIUOT6okycBzU881ulDZfhzLW8tXtHZ653dCRvQkHcwJDTNZQdiW6lh1KE84ZSXUOqYwiK8ljP23V\/djh+kmociGPGdARTbcbGby+FUBOvsSnukfGyZ4lK7Yfx6wvYbFb4vajblXPHXbrVBJvm\/oZ1jUu1xKjmUU84x7egq9wrkSReJrlt2BItkynye7ygQ9jMVKTDDcui1rzFntQ9Sv1CI+X\/Auutg75uQ+XJX9Y5h4zSA6WoZ7qz48mUmCb1c4a5Cv\/fgork6lhjSSBR7FDYP8gD4\/KBFZYAeeH1EhgIxc3vRUdL3YRNy+V4ya7t0GGZhNxpuzEsmtMQOK2GP6obfYSSQcvIvd\/wW+Ji\/ATL0Jds1cRLAc43fVJ25KWkYDq6kYiNuSabHLPcHDd9OOLHM8uqE7m86M\/"}
02222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1626168078674936,"flow_dst_last_pkt_time":1626168078673880,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1626168078674936,"pkt":"WNVuaKQA8BiYFWV8CABFAgT+AABAAEAGnGLAqAF5NGKjEtC0AbvnBmXsyo5yyVAYEACH9AAAFwMDBNEAAAAAAAAA3P9mE\/WxzRlzhJVvrME7arSt4cc4b80\/fLZ45lg2jTLN+h8OznVOp0v0YJHlvGb6zo1R0y0127nCMLhWICtDPy2FtY028GLgaBdr\/YLaP88jpPC2wcimHwfty2x4WKI+LPeYoEPRAYicmmTAxPlFzZuaf1iKs+Yu1pMdI4311+rTrqclcjjttiygU+MPtoh4rbcQQi4hllQZ9bpYWoVqJ+iSt2BigYH05vsyHmu879GAhVkohrBF89b4NLKyNAMo0\/QxqgG1rqZTGisx7FjNs8y8uxtw5iKWrSpnhwqsK8HdkzdODGF90yeLdn3CCNJgdm3aNHt1MWZ4JOUy5GzAb47y2cy051il96yYxnPjPoqHZ+sb8GqydD+Wdtw8hwTtkDW7xa7mACJTwuWOIU79l2oDnl63ylL8+JOFMkvCyqpvRSJQTp84k5efBKX3KzQjur4Xu79lO0LFF2NRDD6HkdNIzdZ6GrjQ6cfeKSx84X\/NzyeoBGfExOO\/4zYWpKYV5emN2qK2WwFz9V6yUT4FYCEpMENn4zKRUt2gX3+QJ3UggRDfQ8Atlul6XoqofW\/JfCf+PszhgtXLpc9QxVs3UVfeC+BCBsI\/evJsy+X2zvUBACJp1Cao7EAa\/un53A8cu1w+QQ\/3\/qpgFcwuebDk+bTd2XwEmQcRY5ntXb11cm+t6EgiuWMc8LtkZLW4g6Qk7C3exETENqr8qaKtA57iz69EbEaWfUTp590Cm1yhdVWnzQVccpyZRGULka\/D5PTiR6o3UCqpNAg8I43q9sRPGdaOzmk6LqC8kGMMj1N8P2DVYvcwJb3HB14BO5Blfb4kQNaSZCX81P5eekubMcrCkaYeLnnSigA4c2KBCJI0\/apWCuj0F93qKZChgzKT77EQe9PNeEwH9qa2yEnfxe42M9M\/dR+ZqezhwWXFtPpr0H\/z1rdkNoyBVAssfrasWrQx8flrDgnBIYD1460XCzVYLXxrhZgLoJb3EnAJ7vXCxsY0pXppBEZDDdim91oHmoHdPCYl0He7JYRSbPjtQSoUoTzcJp7PxKyOdGVLYBgNJz7zY+ZgHgZgGwjl0V0nqegEjC35a9y8SnKE63ljmDCyN8pWus5ViXGLvQ2Q\/1YgRAjjfufkIFVVjlXa01yHVzB76HDZ1tJk9CCm9ap34gzfAiHToNIXmogCeGqn2CdKyBeaiMSGkpYWcPn2x5217jPoRlFNQrlxxA+bM2VQvFdzsWSjAthvEYT8M0NKxSkvF5fH3eNJZYaUGLIiBrgIGbm4pAM\/x0xPOGKmtUmoLltnDzmkCbUcHYiWy3Y7nJHL865N2SK80a9Zp+7VINzLRf\/Ervx7NR7ytI7hPsERS2gR+t5ngZO4VMBVWlnWrW+Q0k4Q1KqCHh7RRwRxv5sH62zb+RmG6I1XbjkIiH\/fDv5F+LoUplAhBWHtQdc4gcY6R330O9wWahGV3oVm2bRxt8RZJJruLD1DYhwwT99J89GgAfYqHkYbcpYCi6LHqYqrQ6UmOTNERlSpwcXx4Ujj\/ftQuU3MAdSrHpDwvlJG8V3434OyaQQ78dblNHDOqOcIm3UL5vFVeeu11Ar10lwqpNk+NFgn+2DriZe1BIfTkQZAL4Pitnn2QjlLKFQ="}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1626168078654016,"flow_dst_last_pkt_time":1626168078676716,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_usec":1626168078676716,"pkt":"8BiYFWV8WNVuaKQACABFAACFmUUAAHgR1vEICAgIwKgBeQA1yx4AcZEiotGBgAABAAEAAAAAAzIzNQIzMwIyMgEyB2luLWFkZHIEYXJwYQAADAABwAwADAABAABT5QAzDGEyLTIyLTMzLTIzNQZkZXBsb3kGc3RhdGljEmFrYW1haXRlY2hub2xvZ2llcwNjb20A"}
01127{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1626168078653044,"flow_src_last_pkt_time":1626168078654016,"flow_dst_last_pkt_time":1626168078676716,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":105,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":105,"midstream":0,"thread_ts_usec":1626168078676716,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"235.33.22.2.in-addr.arpa","domainame":"235.33.22.2.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr": []}}}
00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1626168078654016,"flow_dst_last_pkt_time":1626168078677309,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_usec":1626168078677309,"pkt":"8BiYFWV8WNVuaKQACABFAAB1fEAAAHgR9AYICAgIwKgBeQA1yx4AYfqwlN+BgAABAAEAAAAAAjI2AzExMwI4MgMxNDAHaW4tYWRkcgRhcnBhAAAMAAHADAAMAAEAAA20ACEUbGItMTQwLTgyLTExMy0yNi1pYWQGZ2l0aHViA2NvbQA="}
00947{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1626168078673569,"flow_src_last_pkt_time":1626168078674838,"flow_dst_last_pkt_time":1626168078696281,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":882,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6192,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168078696281,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1626168078674936,"flow_dst_last_pkt_time":1626168078697090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168078697090,"pkt":"8BiYFWV8WNVuaKQACABFAAAopbxAAPEGSn00YqMSwKgBeQG70LTKjnLJ5wZl7FAQCAWxfgAA"}
00947{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168078673880,"flow_src_last_pkt_time":1626168078674936,"flow_dst_last_pkt_time":1626168078697090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":882,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3568,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168078697090,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
02222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1626168078722553,"flow_dst_last_pkt_time":1626168078697090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1626168078722553,"pkt":"WNVuaKQA8BiYFWV8CABFAAT+AABAAEAGnGTAqAF5NGKjEtC0AbvnBmXsyo5yyVAYEACH9AAAFwMDBNEAAAAAAAAA3P9mE\/WxzRlzhJVvrME7arSt4cc4b80\/fLZ45lg2jTLN+h8OznVOp0v0YJHlvGb6zo1R0y0127nCMLhWICtDPy2FtY028GLgaBdr\/YLaP88jpPC2wcimHwfty2x4WKI+LPeYoEPRAYicmmTAxPlFzZuaf1iKs+Yu1pMdI4311+rTrqclcjjttiygU+MPtoh4rbcQQi4hllQZ9bpYWoVqJ+iSt2BigYH05vsyHmu879GAhVkohrBF89b4NLKyNAMo0\/QxqgG1rqZTGisx7FjNs8y8uxtw5iKWrSpnhwqsK8HdkzdODGF90yeLdn3CCNJgdm3aNHt1MWZ4JOUy5GzAb47y2cy051il96yYxnPjPoqHZ+sb8GqydD+Wdtw8hwTtkDW7xa7mACJTwuWOIU79l2oDnl63ylL8+JOFMkvCyqpvRSJQTp84k5efBKX3KzQjur4Xu79lO0LFF2NRDD6HkdNIzdZ6GrjQ6cfeKSx84X\/NzyeoBGfExOO\/4zYWpKYV5emN2qK2WwFz9V6yUT4FYCEpMENn4zKRUt2gX3+QJ3UggRDfQ8Atlul6XoqofW\/JfCf+PszhgtXLpc9QxVs3UVfeC+BCBsI\/evJsy+X2zvUBACJp1Cao7EAa\/un53A8cu1w+QQ\/3\/qpgFcwuebDk+bTd2XwEmQcRY5ntXb11cm+t6EgiuWMc8LtkZLW4g6Qk7C3exETENqr8qaKtA57iz69EbEaWfUTp590Cm1yhdVWnzQVccpyZRGULka\/D5PTiR6o3UCqpNAg8I43q9sRPGdaOzmk6LqC8kGMMj1N8P2DVYvcwJb3HB14BO5Blfb4kQNaSZCX81P5eekubMcrCkaYeLnnSigA4c2KBCJI0\/apWCuj0F93qKZChgzKT77EQe9PNeEwH9qa2yEnfxe42M9M\/dR+ZqezhwWXFtPpr0H\/z1rdkNoyBVAssfrasWrQx8flrDgnBIYD1460XCzVYLXxrhZgLoJb3EnAJ7vXCxsY0pXppBEZDDdim91oHmoHdPCYl0He7JYRSbPjtQSoUoTzcJp7PxKyOdGVLYBgNJz7zY+ZgHgZgGwjl0V0nqegEjC35a9y8SnKE63ljmDCyN8pWus5ViXGLvQ2Q\/1YgRAjjfufkIFVVjlXa01yHVzB76HDZ1tJk9CCm9ap34gzfAiHToNIXmogCeGqn2CdKyBeaiMSGkpYWcPn2x5217jPoRlFNQrlxxA+bM2VQvFdzsWSjAthvEYT8M0NKxSkvF5fH3eNJZYaUGLIiBrgIGbm4pAM\/x0xPOGKmtUmoLltnDzmkCbUcHYiWy3Y7nJHL865N2SK80a9Zp+7VINzLRf\/Ervx7NR7ytI7hPsERS2gR+t5ngZO4VMBVWlnWrW+Q0k4Q1KqCHh7RRwRxv5sH62zb+RmG6I1XbjkIiH\/fDv5F+LoUplAhBWHtQdc4gcY6R330O9wWahGV3oVm2bRxt8RZJJruLD1DYhwwT99J89GgAfYqHkYbcpYCi6LHqYqrQ6UmOTNERlSpwcXx4Ujj\/ftQuU3MAdSrHpDwvlJG8V3434OyaQQ78dblNHDOqOcIm3UL5vFVeeu11Ar10lwqpNk+NFgn+2DriZe1BIfTkQZAL4Pitnn2QjlLKFQ="}
02111{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":25,"flow_first_seen":1626168078673569,"flow_src_last_pkt_time":1626168078741395,"flow_dst_last_pkt_time":1626168078741532,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1318,"flow_src_tot_l4_payload_len":6192,"flow_dst_tot_l4_payload_len":5635,"midstream":1,"thread_ts_usec":1626168078741532,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":4380.3,"max":66556,"stddev":14076.5,"var":198149200.0,"ent":1.7,"data": [0,1268,0,1,22712,2791,42219,7,1,1,2,1,1,3,1,2,0,1,1,1,1,2,1,1,1,66556,1,207,4,1,1]},"pktlen": {"min":40,"avg":409.6,"max":1488,"stddev":443.8,"var":196953.1,"ent":4.3,"data": [1488,922,1488,1488,1006,40,40,1358,152,98,255,267,271,267,253,259,273,259,261,261,257,267,259,269,259,100,40,40,240,261,327,82]},"bins": {"c_to_s": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0],"s_to_c": [2,3,0,1,0,0,11,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]},"directions": [0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1],"entropies": [7.844867706,7.768162727,7.838919640,7.877963066,7.801912785,4.931687355,4.931687355,7.872855663,6.611027718,5.917587280,7.063786030,7.077864647,7.070313454,7.063032150,7.077404976,7.132514954,7.133229256,7.145859718,7.155868053,7.036940575,7.138390064,7.124177456,7.128092766,7.045049191,6.969915390,5.878566742,4.680641174,4.680641174,7.009124756,7.071732044,7.305675030,5.664766788]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
02138{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1626168078673880,"flow_src_last_pkt_time":1626168078802752,"flow_dst_last_pkt_time":1626168078815501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1312,"flow_src_tot_l4_payload_len":8443,"flow_dst_tot_l4_payload_len":4308,"midstream":1,"thread_ts_usec":1626168078815501,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":8725.6,"max":48024,"stddev":14356.9,"var":206121952.0,"ent":3.3,"data": [1,1055,23210,47617,37039,8,1,2,1,1,11720,448,454,9939,10211,1,619,25332,48024,32224,8,8662,433,9,3,3,2,1,2,508,12955]},"pktlen": {"min":40,"avg":439.2,"max":1488,"stddev":490.6,"var":240677.5,"ent":4.2,"data": [1488,922,1278,40,1278,1352,175,259,438,82,85,40,74,40,52,1488,921,694,40,694,989,431,40,179,239,281,123,82,85,74,40,52]},"bins": {"c_to_s": [4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0],"s_to_c": [4,6,1,0,2,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0]},"directions": [0,0,0,1,0,1,1,1,1,1,1,0,1,0,1,0,0,0,1,0,1,1,0,1,1,1,1,1,1,1,0,1],"entropies": [7.851675034,7.762215614,7.854618549,4.931687355,7.853376865,7.847486019,6.592478275,7.073016644,7.479730606,5.652988434,5.603165150,4.680641174,5.374660492,4.680641174,4.887658596,7.882281303,7.798806667,7.618238926,4.862814903,7.611861229,7.774961472,7.463752747,4.630641460,6.593664169,7.007197857,7.177185059,6.230616570,5.640376568,5.764585972,5.533047199,4.680641174,4.962661743]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168079158693,"flow_src_last_pkt_time":1626168079158693,"flow_dst_last_pkt_time":1626168079158693,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079158693,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1626168079158693,"flow_dst_last_pkt_time":1626168079158693,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168079158693,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KaAbvsuitsAAAAALAC\/\/8ZDgAAAgQFtAEDAwYBAQgKPdH+3gAAAAAEAgAA"}
00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168079191811,"flow_src_last_pkt_time":1626168079191811,"flow_dst_last_pkt_time":1626168079191811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079191811,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1626168079191811,"flow_dst_last_pkt_time":1626168079191811,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168079191811,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KbAbvR3yLxAAAAALAC\/\/88QgAAAgQFtAEDAwYBAQgKPdH+\/wAAAAAEAgAA"}
00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1626168079158693,"flow_dst_last_pkt_time":1626168079206860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168079206860,"pkt":"8BiYFWV8WNVuaKQACABFAAA0JA1AAG0G9PUocQovwKgBeQG70ppkHrV27LorbYAS\/\/90QAAAAgQFoAEDAwgBAQQC"}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1626168079207008,"flow_dst_last_pkt_time":1626168079206860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168079207008,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KaAbvsuittZB61d1AQEACk\/wAA"}
01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1626168079207901,"flow_dst_last_pkt_time":1626168079206860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168079207901,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KaAbvsuittZB61d1AYEACJCgAAFgMBAgABAAH8AwMDKPIIMryvI0pEIYfkwpdZziP1ocCKGJOQqDIxBQeYkCDt7fbkdmYliTmJGei2O++fHAfoNoC5YkkDcTx0aHwyCgA26uoTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfYqKAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAAoKCgAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACkKCgABAAAdACBRl1S9svmUTgvrEZzkNMujiVqHzc70acKshZGFVJo2UAAtAAIBAQArAAsK6uoDBAMDAwIDAWpqAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168079158693,"flow_src_last_pkt_time":1626168079207901,"flow_dst_last_pkt_time":1626168079206860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079207901,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1626168079191811,"flow_dst_last_pkt_time":1626168079243524,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168079243524,"pkt":"8BiYFWV8WNVuaKQACABFAAA0S\/NAAG0GzQ8ocQovwKgBeQG70pvEiS5w0d8i8oAS\/\/++MAAAAgQFoAEDAwgBAQQC"}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1626168079243607,"flow_dst_last_pkt_time":1626168079243524,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168079243607,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KbAbvR3yLyxIkucVAQEADu7wAA"}
01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1626168079243987,"flow_dst_last_pkt_time":1626168079243524,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168079243987,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KbAbvR3yLyxIkucVAYEABrKgAAFgMBAgABAAH8AwO1hBGpy3+S+rRxjgLBoJRVX7qoCeE+Ka2HorEpSKj6nCDqF1HdOAmp+O3EFYLMuwKar2f6dybtNo9WKAZ2qmv1OQA2KioTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfdraAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAAqamgAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACmamgABAAAdACAOdhFnUVLJQSE5jPczjbh5JY+1ipK3sAvXRLyv18O4ewAtAAIBAQArAAsKenoDBAMDAwIDAQoKAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168079191811,"flow_src_last_pkt_time":1626168079243987,"flow_dst_last_pkt_time":1626168079243524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079243987,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}}
02491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1626168079207901,"flow_dst_last_pkt_time":1626168079255800,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168079255800,"pkt":"8BiYFWV8WNVuaKQACABFAAXQJA5AAG0G71gocQovwKgBeQG70ppkHrV37LotclAQCAMYcQAAFgMDDxACAABaAwNg7VsPNbhpFtTs7XlFPY0F\/axpZerVj9YBcE+6IZbpaCDaJAAAnEXh\/2sue2V5EkUlKI\/sfD0TnXJr82bTBEVV7cAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="}
01907{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168079158693,"flow_src_last_pkt_time":1626168079207901,"flow_dst_last_pkt_time":1626168079255807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168079255807,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}}
02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1626168079243987,"flow_dst_last_pkt_time":1626168079296976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168079296976,"pkt":"8BiYFWV8WNVuaKQACABFAAXQS\/RAAG0Gx3IocQovwKgBeQG70pvEiS5x0d8k91AQCANyPQAAFgMDDxACAABaAwNg7VsP3ihfIbejS7d9r9O+Hbrzpqz3vHyWDIaorK6SRyBlFwAAe5OeINT99eUZefJSf4c9dr\/N0A1TNqki1Z9hoMAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="}
01907{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1626168079191811,"flow_src_last_pkt_time":1626168079297042,"flow_dst_last_pkt_time":1626168079297122,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168079297122,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}}
00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168079361941,"flow_src_last_pkt_time":1626168079361941,"flow_dst_last_pkt_time":1626168079361941,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079361941,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1626168079361941,"flow_dst_last_pkt_time":1626168079361941,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1626168079361941,"pkt":"WNVuaKQA8BiYFWV8CABFAABM2zIAAEARlFXAqAF5Ef02+8RwAHsAOAx5IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00972{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168079361941,"flow_src_last_pkt_time":1626168079361941,"flow_dst_last_pkt_time":1626168079361941,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079361941,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"version":4,"mode":3}}}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1626168079361941,"flow_dst_last_pkt_time":1626168079391889,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1626168079391889,"pkt":"8BiYFWV8WNVuaKQACABFAABMVlxAADcR4isR\/Tb7wKgBeQB7xHAAOKCnJAED6wAAAAAAAAAMU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mPcazl\/+SX2Y9xr5E6"}
00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1626168079653752,"flow_dst_last_pkt_time":1626168078677309,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1626168079653752,"pkt":"WNVuaKQA8BiYFWV8CABFAABHgX8AAEARJvbAqAF5CAgICMseADUAM5vfbTUBAAABAAAAAAAAAjE4AzE2MwI5OAI1Mgdpbi1hZGRyBGFycGEAAAwAAQ=="}
00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168079905490,"flow_src_last_pkt_time":1626168079905490,"flow_dst_last_pkt_time":1626168079905490,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079905490,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1626168079905490,"flow_dst_last_pkt_time":1626168079905490,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168079905490,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KcAbuMyd8CAAAAALAC\/\/\/ChQAAAgQFtAEDAwYBAQgKPdIBvwAAAAAEAgAA"}
00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168079937697,"flow_src_last_pkt_time":1626168079937697,"flow_dst_last_pkt_time":1626168079937697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079937697,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1626168079937697,"flow_dst_last_pkt_time":1626168079937697,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168079937697,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KdAbvq1sJRAAAAALAC\/\/+BCAAAAgQFtAEDAwYBAQgKPdIB3wAAAAAEAgAA"}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1626168079905490,"flow_dst_last_pkt_time":1626168079957007,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168079957007,"pkt":"8BiYFWV8WNVuaKQACABFAAA0g1dAAG0GlasocQovwKgBeQG70pxuzvrNjMnfA4AS\/\/\/QkQAAAgQFoAEDAwgBAQQC"}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1626168079957076,"flow_dst_last_pkt_time":1626168079957007,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168079957076,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KcAbuMyd8Dbs76zlAQEAABUQAA"}
01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1626168079957351,"flow_dst_last_pkt_time":1626168079957007,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168079957351,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KcAbuMyd8Dbs76zlAYEABDlgAAFgMBAgABAAH8AwMgbPK9I4TzFoyQdXNftSqLtc4HmFOyqsEZQJHzzYzlriAqNEHSztqcrM\/D+veI5\/m+1rARfQ5p00F5SiZjrJVo+AA2uroTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfUpKAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAApaWgAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArAClaWgABAAAdACB6JGjBUt+g7AvFg+oGELCVd0olZyOpZz8HyaRohlR6AwAtAAIBAQArAAsK2toDBAMDAwIDAVpaAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168079905490,"flow_src_last_pkt_time":1626168079957351,"flow_dst_last_pkt_time":1626168079957007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079957351,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1626168079937697,"flow_dst_last_pkt_time":1626168079986558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168079986558,"pkt":"8BiYFWV8WNVuaKQACABFAAA0TOVAAG0GzB0ocQovwKgBeQG70p13uqY86tbCUoAS\/\/\/a2QAAAgQFoAEDAwgBAQQC"}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1626168079986635,"flow_dst_last_pkt_time":1626168079986558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168079986635,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KdAbvq1sJSd7qmPVAQEAALmQAA"}
01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1626168079986894,"flow_dst_last_pkt_time":1626168079986558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168079986894,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KdAbvq1sJSd7qmPVAYEACgHwAAFgMBAgABAAH8AwOafk3P0X6QUcg58fAxSEB8O5EwTuSV\/5piw2ufBOQSYCDrIYHGunI6VpocdN6m2fIsEnR2dW7f2uA5iXmzb9sA0AA26uoTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfYqKAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAArq6gAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACnq6gABAAAdACCtOcDu7VvNq8oOkM1M85JEhe8H5v1SSt5Ji5AGSpEzHgAtAAIBAQArAAsKuroDBAMDAwIDASoqAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168079937697,"flow_src_last_pkt_time":1626168079986894,"flow_dst_last_pkt_time":1626168079986558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168079986894,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}}
02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1626168079957351,"flow_dst_last_pkt_time":1626168080007051,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168080007051,"pkt":"8BiYFWV8WNVuaKQACABFAAXQg1hAAG0GkA4ocQovwKgBeQG70pxuzvrOjMnhCFAQCANf0wAAFgMDDxACAABaAwNg7VsQ1pfr38OYTI5xjO1At1qrE0i1jUK28rRezGoaCyDGBwAAykBbzWGIy8rqbcJLhgaZ3hDQ5FOt+EPYGhMNVsAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="}
01907{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1626168079905490,"flow_src_last_pkt_time":1626168080007157,"flow_dst_last_pkt_time":1626168080007331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168080007331,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}}
02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1626168079986894,"flow_dst_last_pkt_time":1626168080036867,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168080036867,"pkt":"8BiYFWV8WNVuaKQACABFAAXQTOZAAG0GxoAocQovwKgBeQG70p13uqY96tbEV1AQCAPSSgAAFgMDDxACAABaAwNg7VsQPRGFUXV4NTK5nbpfGxvlr4YbH3NCue852uw1MyDiJQAAknLiqu\/0vHjzbE6U5Wh7dwDBQ2qUtxPCs6ZnSsAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="}
01907{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168079937697,"flow_src_last_pkt_time":1626168079986894,"flow_dst_last_pkt_time":1626168080036872,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168080036872,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}}
00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168080092272,"flow_src_last_pkt_time":1626168080092272,"flow_dst_last_pkt_time":1626168080092272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080092272,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1626168080092272,"flow_dst_last_pkt_time":1626168080092272,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1626168080092272,"pkt":"WNVuaKQA8BiYFWV8CABFAABMx3MAAEARqBTAqAF5Ef02+\/5LAHsAONKdIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00972{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168080092272,"flow_src_last_pkt_time":1626168080092272,"flow_dst_last_pkt_time":1626168080092272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080092272,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"version":4,"mode":3}}}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1626168080092272,"flow_dst_last_pkt_time":1626168080122102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1626168080122102,"pkt":"8BiYFWV8WNVuaKQACABFAABMV31AADcR4QoR\/Tb7wKgBeQB7\/ksAOLQqJAED6wAAAAAAAAANU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mQLKsA6OSX2ZAsrLL1"}
00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168080539548,"flow_src_last_pkt_time":1626168080539548,"flow_dst_last_pkt_time":1626168080539548,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080539548,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1626168080539548,"flow_dst_last_pkt_time":1626168080539548,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168080539548,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KeAbvRcN5sAAAAALAC\/\/97\/QAAAgQFtAEDAwYBAQgKPdIENAAAAAAEAgAA"}
00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168080569908,"flow_src_last_pkt_time":1626168080569908,"flow_dst_last_pkt_time":1626168080569908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080569908,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1626168080569908,"flow_dst_last_pkt_time":1626168080569908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1626168080569908,"pkt":"WNVuaKQA8BiYFWV8CABFAABAAABAAEAGRffAqAF5KHEKL9KfAbtYRRqJAAAAALAC\/\/+47QAAAgQFtAEDAwYBAQgKPdIEUgAAAAAEAgAA"}
00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1626168080539548,"flow_dst_last_pkt_time":1626168080587652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168080587652,"pkt":"8BiYFWV8WNVuaKQACABFAAA0frdAAG0GmksocQovwKgBeQG70p4gI5AJ0XDebYAS\/\/9F7gAAAgQFoAEDAwgBAQQC"}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1626168080587719,"flow_dst_last_pkt_time":1626168080587652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168080587719,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KeAbvRcN5tICOQClAQEAB2rQAA"}
01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1626168080587994,"flow_dst_last_pkt_time":1626168080587652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168080587994,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KeAbvRcN5tICOQClAYEAAMdQAAFgMBAgABAAH8AwPMjYIsgAQp6pn3ZtQXAiaGKm\/rmXKTkqMv3ljJ+5MIayAtgt8PaC6+AbFrQYAXJm2rRzFyWGNBrmBWTNsT5nam3wA2KioTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfYqKAAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAAra2gAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACna2gABAAAdACBerNIBvIcNw8LE\/PhOJJ1NcP0K+YPLbp6TK\/l72MTiJQAtAAIBAQArAAsKuroDBAMDAwIDAerqAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168080539548,"flow_src_last_pkt_time":1626168080587994,"flow_dst_last_pkt_time":1626168080587652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080587994,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1626168080569908,"flow_dst_last_pkt_time":1626168080617186,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168080617186,"pkt":"8BiYFWV8WNVuaKQACABFAAA0hXNAAG0Gk48ocQovwKgBeQG70p8W6XtBWEUaioAS\/\/+g\/gAAAgQFoAEDAwgBAQQC"}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1626168080617265,"flow_dst_last_pkt_time":1626168080617186,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168080617265,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoAABAAEAGRg\/AqAF5KHEKL9KfAbtYRRqKFul7QlAQEADRvQAA"}
01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1626168080617623,"flow_dst_last_pkt_time":1626168080617186,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1626168080617623,"pkt":"WNVuaKQA8BiYFWV8CABFAAItAABAAEAGRArAqAF5KHEKL9KfAbtYRRqKFul7QlAYEACyQgAAFgMBAgABAAH8AwM03dkqNEVfsVa2AthcA+pbUsijyUyY2d64e5OAJVmG1SAeuh8Osv1FCBNVAHQS7imShqcMBm8Zp+TsRBclD8tdEQA2KioTARMCEwPALMArzKnAMMAvzKjAJMAjwArACcAowCfAFMATAJ0AnAA9ADwANQAvwAjAEgAKAQABfbq6AAAAAAAXABUAABJ3ZGNwLm1pY3Jvc29mdC5jb20AFwAA\/wEAAQAACgAMAAq6ugAdABcAGAAZAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQASAAAAMwArACm6ugABAAAdACDlACMA3\/CIa29aVDTicFGCShqJK7VgcOuJMJ73UOtPegAtAAIBAQArAAsKKioDBAMDAwIDAcrKAAEAABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1626168080569908,"flow_src_last_pkt_time":1626168080617623,"flow_dst_last_pkt_time":1626168080617186,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080617623,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}}
02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1626168080587994,"flow_dst_last_pkt_time":1626168080639024,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168080639024,"pkt":"8BiYFWV8WNVuaKQACABFAAXQfrhAAG0GlK4ocQovwKgBeQG70p4gI5AK0XDgclAQCAN8ogAAFgMDDxACAABaAwNg7VsQq\/CAoDwacZtQhsI4Gak5tQl3Guhn7+5+Dn36YCDBRwAAHWtVq2hn1QPrjqQsaKVRhJJvFksZnJMqyuj60cAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="}
01907{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168080539548,"flow_src_last_pkt_time":1626168080587994,"flow_dst_last_pkt_time":1626168080639030,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168080639030,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}}
02491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1626168080617623,"flow_dst_last_pkt_time":1626168080666081,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"thread_ts_usec":1626168080666081,"pkt":"8BiYFWV8WNVuaKQACABFAAXQhXRAAG0GjfIocQovwKgBeQG70p8W6XtCWEUcj1AQCAMG0QAAFgMDDxACAABaAwNg7VsQnrej6hQdjxxCIt\/S3WS6bxuZx\/7n5fuTboeL2yDYPgAAtMdAptxolJXPN3G6KdiJmQf+ymwgaiqIU\/n4ycAwAAASABAABQADAmgyABcAAP8BAAEACwANPQANOgAGWDCCBlQwggQ8oAMCAQICEzMAAAGhFNmi4Bj2ZNgAAAAAAaEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQ0EgMjAxMTAeFw0yMDEyMTAxOTM4MjhaFw0yMjAzMTAxOTM4MjhaMIGRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xGzAZBgNVBAMTEndkY3AubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOkHJlgWrSzAFrX83Oz7Jff3NVg96hCQZ69IexHupj0GkzwiXhQIO71fKkr7Kqm1WcisY8\/bPESCERxoecnjrEXP5xC+nWwBZ2xAGcS2xf2lDfb3ojPscL8POiFAqZZHABHMJ137xSezEsjP3\/UVK7+29gP5pREnxjAcWJZP4M25mntCxwsCvqSwGZrxvbDvqzdpS8cMBeBr6IH3l1N47f0imyWivnhNqNTnm+gnvVEut9DQRYxoyCQoNRX0BwihLn7XKkqygwZL6XOqyBR8PWUxgOmNRZtuaf+EKlzHoVXFjB0qaH9zcfdePgLSLwQhUC7d4Qx9E37IA1bqchuQinUCAwEAAaOCAbUwggGxMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJhmJRLgkv+EPJFz2j2U5PsBrhq6MHsGA1UdEQR0MHKCEndkY3AubWljcm9zb2Z0LmNvbYIVc3B5bmV0Mi5taWNyb3NvZnQuY29tghV3ZGNwYWx0Lm1pY3Jvc29mdC5jb22CF3NweW5ldGFsdC5taWNyb3NvZnQuY29tghUqLmNwLndkLm1pY3Jvc29mdC5jb20wHwYDVR0jBBgwFoAUNlaJZUnLW5svPKxCFlBNkbkz15EwUwYDVR0fBEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljU2VjU2VyQ0EyMDExXzIwMTEtMTAtMTguY3JsMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNTZWNTZXJDQTIwMTFfMjAxMS0xMC0xOC5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAgBy+4NyiXz17HWRiy7gptQ5HtKjDP9KLLYVjGOPcJJhg1+n2OLEmCWQE9cmg0oxQe+atZtwwoZf0GNRNfFaUZvqXO9QDINhw9ZHhfxfryK1ED0sZ9\/czli9iT7uENPgHhTHiroOYjXEdXArbmFhfRIqebyjKi1ij7OhMO1av44zaxLOUH52BuINsUXniP4tgPfsAdMOtnq4za+7ktu7gsO7KPjDKKs4Su3dOdvJMwlLM96MXgS10+Z3CDPXxRWowfiwsc77b8cHqJTArExduL\/wfGJ2fIqo0nhAxVl5PmForgsE="}
01907{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1626168080569908,"flow_src_last_pkt_time":1626168080617623,"flow_dst_last_pkt_time":1626168080666086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168080666086,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wdcp.microsoft.com","domainame":"wdcp.microsoft.com","tls": {"version":"TLSv1.2","server_names":"wdcp.microsoft.com,spynet2.microsoft.com,wdcpalt.microsoft.com,spynetalt.microsoft.com,*.cp.wd.microsoft.com","ja3s":"17e97216fa7f4ec8c43090c6eed97c25","ja4":"t13d2613h2_2802a3db6c62_845d286b0d67","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wdcp.microsoft.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"81:41:67:66:7E:A9:1B:AA:61:3D:DE:D1:41:E7:17:13:CE:C4:3B:22","blocks":0}}}
00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168080732598,"flow_src_last_pkt_time":1626168080732598,"flow_dst_last_pkt_time":1626168080732598,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080732598,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1626168080732598,"flow_dst_last_pkt_time":1626168080732598,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1626168080732598,"pkt":"WNVuaKQA8BiYFWV8CABFAABMaD0AAEARB0vAqAF5Ef02+94hAHsAOPLHIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00972{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168080732598,"flow_src_last_pkt_time":1626168080732598,"flow_dst_last_pkt_time":1626168080732598,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168080732598,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"version":4,"mode":3}}}
00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1626168080732598,"flow_dst_last_pkt_time":1626168080762577,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1626168080762577,"pkt":"8BiYFWV8WNVuaKQACABFAABMWKVAADcR3+IR\/Tb7wKgBeQB73iEAOEmOJAED6wAAAAAAAAAOU0hNAOSX2YmMm6TtAAAAAAAAAADkl9mQ0KMdvOSX2ZDQo9j2"}
00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168081935817,"flow_src_last_pkt_time":1626168081935817,"flow_dst_last_pkt_time":1626168081935817,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168081935817,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1626168081935817,"flow_dst_last_pkt_time":1626168081935817,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1626168081935817,"pkt":"8BiYFWV8WNVuaKQACABFAgBT\/jUAADoGG+iC0yGRwKgBeQG70LhXNR5OnF8A9oAYAQrx0QAAAQEICrTFhOw90eMiFwMDABoAAAAAAAAALjbyzjKtkrWGo0S+7wFfhufrwQ=="}
00941{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168081935817,"flow_src_last_pkt_time":1626168081935817,"flow_dst_last_pkt_time":1626168081935817,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168081935817,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1626168081935817,"flow_dst_last_pkt_time":1626168081936024,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168081936024,"pkt":"WNVuaKQA8BiYFWV8CABFAAA0AABAAEAG1D7AqAF5gtMhkdC4AbucXwD2VzUebYAQCAChqQAAAQEICj3SCZ60xYTs"}
00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1626168081935817,"flow_dst_last_pkt_time":1626168081936349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1626168081936349,"pkt":"WNVuaKQA8BiYFWV8CABFAgBXAABAAEAG1BnAqAF5gtMhkdC4AbucXwD2VzUebYAYCABxCwAAAQEICj3SCZ60xYTsFwMDAB6jdVHReZkUes0n0uJUluEta6fWXjhtBJq5oBbOx1I="}
00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1626168081946770,"flow_dst_last_pkt_time":1626168081936349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1626168081946770,"pkt":"8BiYFWV8WNVuaKQACABFAAA0\/kAAADoGG\/6C0yGRwKgBeQG70LhXNR5tnF8BGYAQAQqoaAAAAQEICrTFhQA90gme"}
01012{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077415370,"flow_src_last_pkt_time":1626168077415370,"flow_dst_last_pkt_time":1626168077439746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":53884,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wdcp.microsoft.com"}}
00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168080732598,"flow_src_last_pkt_time":1626168080732598,"flow_dst_last_pkt_time":1626168080762577,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":56865,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077604997,"flow_src_last_pkt_time":1626168077604997,"flow_dst_last_pkt_time":1626168077633946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":54561,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e13678.dscb.akamaiedge.net"}}
00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1626168075993721,"flow_src_last_pkt_time":1626168077017862,"flow_dst_last_pkt_time":1626168075993721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip6","src_ip":"fe80::1059:a858:f9e7:cf94","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077413785,"flow_src_last_pkt_time":1626168077413785,"flow_dst_last_pkt_time":1626168077486637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":208,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wdcp.microsoft.com"}}
01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077604858,"flow_src_last_pkt_time":1626168077604858,"flow_dst_last_pkt_time":1626168077619979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":108,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":108,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":55578,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e13678.dscb.akamaiedge.net"}}
00938{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168074745096,"flow_src_last_pkt_time":1626168074745096,"flow_dst_last_pkt_time":1626168074928929,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168074745096,"flow_src_last_pkt_time":1626168074745096,"flow_dst_last_pkt_time":1626168074928929,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01283{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168077620854,"flow_src_last_pkt_time":1626168077673300,"flow_dst_last_pkt_time":1626168077673225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":1944,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft365","proto_id":"7.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"www.microsoft.com"}}
01283{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168077660456,"flow_src_last_pkt_time":1626168077704270,"flow_dst_last_pkt_time":1626168077704176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":2179,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"2.22.33.235","src_port":53913,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP.Microsoft365","proto_id":"7.219","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"www.microsoft.com"}}
01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077590442,"flow_src_last_pkt_time":1626168077590442,"flow_dst_last_pkt_time":1626168077622136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":202,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":202,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":58161,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.microsoft.com"}}
00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168080092272,"flow_src_last_pkt_time":1626168080092272,"flow_dst_last_pkt_time":1626168080122102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":65099,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168076607953,"flow_src_last_pkt_time":1626168076607953,"flow_dst_last_pkt_time":1626168076607953,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00940{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168076607950,"flow_src_last_pkt_time":1626168076607950,"flow_dst_last_pkt_time":1626168076607950,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077735142,"flow_src_last_pkt_time":1626168077735142,"flow_dst_last_pkt_time":1626168077749239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":151,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":151,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"time-macos.apple.com"}}
01049{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077441399,"flow_src_last_pkt_time":1626168077441399,"flow_dst_last_pkt_time":1626168077507825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65492,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com"}}
00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1626168081935817,"flow_src_last_pkt_time":1626168081946770,"flow_dst_last_pkt_time":1626168081936349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":35,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":35,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"130.211.33.145","dst_ip":"192.168.1.121","src_port":443,"dst_port":53432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1626168077734028,"flow_src_last_pkt_time":1626168077848703,"flow_dst_last_pkt_time":1626168077848617,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":31,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":31,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"140.82.113.26","src_port":53905,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1626168075993609,"flow_src_last_pkt_time":1626168077017501,"flow_dst_last_pkt_time":1626168075993609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.139","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":43,"flow_first_seen":1626168078673880,"flow_src_last_pkt_time":1626168079052494,"flow_dst_last_pkt_time":1626168079052362,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1312,"flow_src_tot_l4_payload_len":19952,"flow_dst_tot_l4_payload_len":9356,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53428,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":38,"flow_first_seen":1626168078673569,"flow_src_last_pkt_time":1626168078822590,"flow_dst_last_pkt_time":1626168078826328,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1318,"flow_src_tot_l4_payload_len":9829,"flow_dst_tot_l4_payload_len":7799,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.98.163.18","src_port":53429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077750362,"flow_src_last_pkt_time":1626168077750362,"flow_dst_last_pkt_time":1626168077780464,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":49216,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168079361941,"flow_src_last_pkt_time":1626168079361941,"flow_dst_last_pkt_time":1626168079391889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":48,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":48,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"17.253.54.251","src_port":50288,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
01127{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168077469097,"flow_src_last_pkt_time":1626168077704327,"flow_dst_last_pkt_time":1626168077750960,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
01127{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1626168077506382,"flow_src_last_pkt_time":1626168077704386,"flow_dst_last_pkt_time":1626168077753728,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53911,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
01127{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168079158693,"flow_src_last_pkt_time":1626168079264240,"flow_dst_last_pkt_time":1626168079311305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
01127{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1626168079191811,"flow_src_last_pkt_time":1626168079302510,"flow_dst_last_pkt_time":1626168079355098,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
01127{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1626168079905490,"flow_src_last_pkt_time":1626168080050576,"flow_dst_last_pkt_time":1626168080098887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53916,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
01127{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168079937697,"flow_src_last_pkt_time":1626168080051297,"flow_dst_last_pkt_time":1626168080098602,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53917,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
01127{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168080539548,"flow_src_last_pkt_time":1626168080646797,"flow_dst_last_pkt_time":1626168080694014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
01127{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1626168080569908,"flow_src_last_pkt_time":1626168080682572,"flow_dst_last_pkt_time":1626168080730590,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3861,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"40.113.10.47","src_port":53919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft365","proto_id":"91.219","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
01009{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1626168074926313,"flow_src_last_pkt_time":1626168076790343,"flow_dst_last_pkt_time":1626168076790262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1182,"flow_dst_tot_l4_payload_len":3530,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1626168074926313,"flow_src_last_pkt_time":1626168076790343,"flow_dst_last_pkt_time":1626168076790262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1182,"flow_dst_tot_l4_payload_len":3530,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01011{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077590364,"flow_src_last_pkt_time":1626168077590364,"flow_dst_last_pkt_time":1626168077604344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":247,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":247,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.microsoft.com"}}
01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168076015959,"flow_src_last_pkt_time":1626168076015959,"flow_dst_last_pkt_time":1626168076015959,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":341,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":341,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_companion-link._tcp.local"}}
01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1626168078653044,"flow_src_last_pkt_time":1626168079653752,"flow_dst_last_pkt_time":1626168079674037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":323,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":51998,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"235.33.22.2.in-addr.arpa"}}
01132{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1626168075664939,"flow_src_last_pkt_time":1626168076655532,"flow_dst_last_pkt_time":1626168076674265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":90,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":431,"flow_dst_tot_l4_payload_len":749,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":52251,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"60.21.149.52.in-addr.arpa"}}
00868{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":315,"packets-processed":315,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":95708,"total-not-detected-flows":1,"total-guessed-flows":1,"total-detected-flows":33,"total-detection-updates":26,"total-updates":0,"current-active-flows":0,"total-active-flows":35,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":252,"global_ts_usec":1626168081946770}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 315/315
~~ skipped flows.............: 0
~~ total layer4 data length..: 95708 bytes
~~ total detected protocols..: 33
~~ total active/idle flows...: 35/35
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 8632891 bytes
~~ total memory freed........: 8632891 bytes
~~ total allocations/frees...: 145576/145576
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 537 chars
~~ json message max len.......: 2529 chars
~~ json message avg len.......: 1533 chars
|