1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
00630{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00851{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725132050807636}
00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050807636,"flow_src_last_pkt_time":1725132050807636,"flow_dst_last_pkt_time":1725132050807636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050807636,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40136,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050807636,"flow_dst_last_pkt_time":1725132050807636,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050807636,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwowkAAQAYT+H8AAAF\/AAABnMgEOHy9vSYAAAAAoAL68P4wAAACBAW0BAIICoRbnDUAAAAAAQMDBw=="}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050807636,"flow_dst_last_pkt_time":1725132050807653,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050807653,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDicyAJPxIx8vb0noBL+iP4wAAACBAW0BAIICoRbnDWEW5w1AQMDBw=="}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1725132050807667,"flow_dst_last_pkt_time":1725132050807653,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725132050807667,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADQow0AAQAYT\/38AAAF\/AAABnMgEOHy9vScCT8SNgBAB9v4oAAABAQgKhFucNYRbnDU="}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1725132050807747,"flow_dst_last_pkt_time":1725132050807653,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":72,"pkt_l4_len":36,"thread_ts_usec":1725132050807747,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADgoxEAAQAYT+n8AAAF\/AAABnMgEOHy9vScCT8SNgBgB9v4sAAABAQgKhFucNYRbnDUFAgAB"}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1725132050807747,"flow_dst_last_pkt_time":1725132050807759,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725132050807759,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADT8tUAAQAZADH8AAAF\/AAABBDicyAJPxI18vb0rgBAB\/v4oAAABAQgKhFucNYRbnDU="}
00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725132050807636,"flow_src_last_pkt_time":1725132050807747,"flow_dst_last_pkt_time":1725132050808089,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1725132050808089,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40136,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050809269,"flow_src_last_pkt_time":1725132050809269,"flow_dst_last_pkt_time":1725132050809269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050809269,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":46548,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050809269,"flow_dst_last_pkt_time":1725132050809269,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725132050809269,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEg2zUAAQBEFon8AAAF\/AAA1tdQANQA0\/nvt0QEgAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAABAAEAACkEsAAAAAAAAA=="}
01096{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050809269,"flow_src_last_pkt_time":1725132050809269,"flow_dst_last_pkt_time":1725132050809269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050809269,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":46548,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050809288,"flow_dst_last_pkt_time":1725132050809269,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725132050809288,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEg2zkAAQBEFoX8AAAF\/AAA1tdQANQA0\/ntG1QEgAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAEAACkEsAAAAAAAAA=="}
01230{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1725132050809269,"flow_src_last_pkt_time":1725132050809288,"flow_dst_last_pkt_time":1725132050809269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050809288,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":46548,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}}
00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050809501,"flow_src_last_pkt_time":1725132050809501,"flow_dst_last_pkt_time":1725132050809501,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050809501,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":49817,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050809501,"flow_dst_last_pkt_time":1725132050809501,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725132050809501,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAAEhwxQAAQBGE28CoAbfAqAH9wpkANQA0hUrEigEAAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAABAAEAACkFwAAAAAAAAA=="}
01104{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050809501,"flow_src_last_pkt_time":1725132050809501,"flow_dst_last_pkt_time":1725132050809501,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050809501,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":49817,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050809672,"flow_src_last_pkt_time":1725132050809672,"flow_dst_last_pkt_time":1725132050809672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050809672,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":41933,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050809672,"flow_dst_last_pkt_time":1725132050809672,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725132050809672,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAAEhbqgAAQBGZ9sCoAbfAqAH9o80ANQA0hUqLXAEAAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAEAACkFwAAAAAAAAA=="}
01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050809672,"flow_src_last_pkt_time":1725132050809672,"flow_dst_last_pkt_time":1725132050809672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050809672,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":41933,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}}
00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050809501,"flow_dst_last_pkt_time":1725132050810429,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":253,"pkt_l4_len":217,"thread_ts_usec":1725132050810429,"pkt":"AAAAAQAG3KYyW3JVAAAIAEUAAO1doUAAQBFXWsCoAf3AqAG3ADXCmQDZ+UbEioGAAAEACQAAAAEDd3d3B3lvdXR1YmUDY29tAAABAAHADAAFAAEAAADaABkKeW91dHViZS11aQFsBmdvb2dsZQNjb20AwC0AAQABAAAAvQAE2DrMjsAtAAEAAQAAAL0ABNg6zO7ALQABAAEAAAC9AATYOs0uwC0AAQABAAAAvQAEjvq0rsAtAAEAAQAAAL0ABNg60S7ALQABAAEAAAC9AASO+9EuwC0AAQABAAAAvQAEjvvRDsAtAAEAAQAAAL0ABI76tI4AACkE0AAAAAAAAA=="}
01216{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809501,"flow_src_last_pkt_time":1725132050809501,"flow_dst_last_pkt_time":1725132050810429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":209,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":209,"midstream":0,"thread_ts_usec":1725132050810429,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":49817,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["216.58.204.142,ttl=189","216.58.204.238,ttl=189","216.58.205.46,ttl=189","142.250.180.174,ttl=189"]}}}
00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050809672,"flow_dst_last_pkt_time":1725132050810814,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":237,"pkt_l4_len":201,"thread_ts_usec":1725132050810814,"pkt":"AAAAAQAG3KYyW3JVAAAIAEUAAN1dokAAQBFXacCoAf3AqAG3ADWjzQDJi4WLXIGAAAEABQAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAHADAAFAAEAAADaABkKeW91dHViZS11aQFsBmdvb2dsZQNjb20AwC0AHAABAAAA2gAQKgAUUEACBBAAAAAAAAAgDsAtABwAAQAAANoAECoAFFBAAgQRAAAAAAAAIA7ALQAcAAEAAADaABAqABRQQAIEFAAAAAAAACAOwC0AHAABAAAA2gAQKgAUUEACCAkAAAAAAAAgDgAAKQTQAAAAAAAA"}
01257{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809672,"flow_src_last_pkt_time":1725132050809672,"flow_dst_last_pkt_time":1725132050810814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":193,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":193,"midstream":0,"thread_ts_usec":1725132050810814,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":41933,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":6,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr": ["2a00:1450:4002:410::200e,ttl=218","2a00:1450:4002:411::200e,ttl=218","2a00:1450:4002:414::200e,ttl=218","2a00:1450:4002:809::200e,ttl=218"]}}}
00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1725132050809288,"flow_dst_last_pkt_time":1725132050810818,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":250,"pkt_l4_len":214,"thread_ts_usec":1725132050810818,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAOr\/ZEAAARF7aH8AADV\/AAABADW11ADW\/x3t0YGAAAEACQAAAAEDd3d3B3lvdXR1YmUDY29tAAABAAHADAAFAAEAAADaABYKeW91dHViZS11aQFsBmdvb2dsZcAYwC0AAQABAAAAvQAE2DrMjsAtAAEAAQAAAL0ABNg6zO7ALQABAAEAAAC9AATYOs0uwC0AAQABAAAAvQAEjvq0rsAtAAEAAQAAAL0ABNg60S7ALQABAAEAAAC9AASO+9EuwC0AAQABAAAAvQAEjvvRDsAtAAEAAQAAAL0ABI76tI4AACn\/1gAAAAAAAA=="}
01210{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809269,"flow_src_last_pkt_time":1725132050809288,"flow_dst_last_pkt_time":1725132050810818,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1725132050810818,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":46548,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr": ["216.58.204.142,ttl=189","216.58.204.238,ttl=189","216.58.205.46,ttl=189","142.250.180.174,ttl=189"]}}}
00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1725132050809288,"flow_dst_last_pkt_time":1725132050810967,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":234,"pkt_l4_len":198,"thread_ts_usec":1725132050810967,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAANr\/ZUAAARF7d38AADV\/AAABADW11ADG\/w1G1YGAAAEABQAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAHADAAFAAEAAADaABYKeW91dHViZS11aQFsBmdvb2dsZcAYwC0AHAABAAAA2gAQKgAUUEACBBAAAAAAAAAgDsAtABwAAQAAANoAECoAFFBAAgQRAAAAAAAAIA7ALQAcAAEAAADaABAqABRQQAIEFAAAAAAAACAOwC0AHAABAAAA2gAQKgAUUEACCAkAAAAAAAAgDgAAKf\/WAAAAAAAA"}
00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050813050,"flow_src_last_pkt_time":1725132050813050,"flow_dst_last_pkt_time":1725132050813050,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050813050,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":50125,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050813050,"flow_dst_last_pkt_time":1725132050813050,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_usec":1725132050813050,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEF6yEAAQBHBrX8AAAF\/AAA1w80ANQAt\/nTqbwEgAAEAAAAAAAEEdGVzdANsYW4AABwAAQAAKQTQAAAAAAAA"}
01079{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050813050,"flow_src_last_pkt_time":1725132050813050,"flow_dst_last_pkt_time":1725132050813050,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050813050,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":50125,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan","domainame":"test.lan","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}}
00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050813192,"flow_src_last_pkt_time":1725132050813192,"flow_dst_last_pkt_time":1725132050813192,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050813192,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":45262,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050813192,"flow_dst_last_pkt_time":1725132050813192,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_usec":1725132050813192,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEG1P0AAQBGHNn8AAAF\/AAA1sM4ANQAt\/nT9XAEgAAEAAAAAAAEEdGVzdANsYW4AAAEAAQAAKQTQAAAAAAAA"}
01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050813192,"flow_src_last_pkt_time":1725132050813192,"flow_dst_last_pkt_time":1725132050813192,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050813192,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":45262,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan","domainame":"test.lan","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050813406,"flow_src_last_pkt_time":1725132050813406,"flow_dst_last_pkt_time":1725132050813406,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050813406,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":58009,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050813406,"flow_dst_last_pkt_time":1725132050813406,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_usec":1725132050813406,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAAEH\/CQAAQBH2ncCoAbfAqAH94pkANQAthUNDAwEAAAEAAAAAAAEEdGVzdANsYW4AABwAAQAAKQXAAAAAAAAA"}
01086{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050813406,"flow_src_last_pkt_time":1725132050813406,"flow_dst_last_pkt_time":1725132050813406,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050813406,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":58009,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan","domainame":"test.lan","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}}
00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050813503,"flow_src_last_pkt_time":1725132050813503,"flow_dst_last_pkt_time":1725132050813503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050813503,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":42485,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050813503,"flow_dst_last_pkt_time":1725132050813503,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_usec":1725132050813503,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAAEHBgwAAQBE0JMCoAbfAqAH9pfUANQAthUPBnQEAAAEAAAAAAAEEdGVzdANsYW4AAAEAAQAAKQXAAAAAAAAA"}
01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050813503,"flow_src_last_pkt_time":1725132050813503,"flow_dst_last_pkt_time":1725132050813503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050813503,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":42485,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan","domainame":"test.lan","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050813406,"flow_dst_last_pkt_time":1725132050813923,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_usec":1725132050813923,"pkt":"AAAAAQAG3KYyW3JVAAAIAEUAAEFdo0AAQBFYBMCoAf3AqAG3ADXimQAtIcxDA4GAAAEAAAAAAAEEdGVzdANsYW4AABwAAQAAKQTQAAAAAAAA"}
01096{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050813406,"flow_src_last_pkt_time":1725132050813406,"flow_dst_last_pkt_time":1725132050813923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":37,"midstream":0,"thread_ts_usec":1725132050813923,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":58009,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan","domainame":"test.lan","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}}
00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050813503,"flow_dst_last_pkt_time":1725132050814218,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":97,"pkt_l4_len":61,"thread_ts_usec":1725132050814218,"pkt":"AAAAAQAG3KYyW3JVAAAIAEUAAFFdpEAAQBFX88CoAf3AqAG3ADWl9QA9nLvBnYWAAAEAAQAAAAEEdGVzdANsYW4AAAEAAcAMAAEAAQAAAAAABH8AAAEAACkE0AAAAAAAAA=="}
01228{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050813503,"flow_src_last_pkt_time":1725132050813503,"flow_dst_last_pkt_time":1725132050814218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1725132050814218,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":42485,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan","domainame":"test.lan","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["127.0.0.1,ttl=0"]}}}
00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050813050,"flow_dst_last_pkt_time":1725132050816698,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_usec":1725132050816698,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEH\/aEAAARF8DX8AADV\/AAABADXDzQAt\/nTqb4GAAAEAAAAAAAEEdGVzdANsYW4AABwAAQAAKf\/WAAAAAAAA"}
01089{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050813050,"flow_src_last_pkt_time":1725132050813050,"flow_dst_last_pkt_time":1725132050816698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":37,"midstream":0,"thread_ts_usec":1725132050816698,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":50125,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan","domainame":"test.lan","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}}
00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050813192,"flow_dst_last_pkt_time":1725132050816780,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":97,"pkt_l4_len":61,"thread_ts_usec":1725132050816780,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAFH\/aUAAARF7\/H8AADV\/AAABADWwzgA9\/oT9XIGAAAEAAQAAAAEEdGVzdANsYW4AAAEAAcAMAAEAAQAAAAAABH8AAAEAACn\/1gAAAAAAAA=="}
01221{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050813192,"flow_src_last_pkt_time":1725132050813192,"flow_dst_last_pkt_time":1725132050816780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1725132050816780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":45262,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan","domainame":"test.lan","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr": ["127.0.0.1,ttl=0"]}}}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050816926,"flow_src_last_pkt_time":1725132050816926,"flow_dst_last_pkt_time":1725132050816926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050816926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57874,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050816926,"flow_dst_last_pkt_time":1725132050816926,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050816926,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwSt0AAQAYqA38AAAF\/AAAB4hIE0oWuNnAAAAAAoAL68P4wAAACBAW0BAIICoRbnD4AAAAAAQMDBw=="}
00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050816926,"flow_dst_last_pkt_time":1725132050816944,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050816944,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBNLiEjFAczCFrjZxoBL+iP4wAAACBAW0BAIICoRbnD6EW5w+AQMDBw=="}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1725132050816958,"flow_dst_last_pkt_time":1725132050816944,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725132050816958,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADQSuEAAQAYqCn8AAAF\/AAAB4hIE0oWuNnExQHMxgBAB9v4oAAABAQgKhFucPoRbnD4="}
00943{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1725132050847484,"flow_dst_last_pkt_time":1725132050816944,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":346,"pkt_l4_len":310,"thread_ts_usec":1725132050847484,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAUoSuUAAQAYo838AAAF\/AAAB4hIE0oWuNnExQHMxgBgB9v8+AAABAQgKhFucXIRbnD4WAwEBEQEAAQ0DA30EqsQ+BgaZ\/NZ2sl5LiKqVzr2U1xOlxN3yXjWxHQZ9IDZNzzYemQ9l55Gei+lOem3cnZHqk5apYKdjmjaVAs8mACbAK8AvwCzAMMypzKjACcATwArAFACcAJ0ALwA1wBIAChMBEwITAwEAAJ4AAAANAAsAAAh0ZXN0LmxhbgAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAFwAAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAUEAwQDAwAzACYAJAAdACALRGEIG9aswGxEJ3DWHRdQjm36OhPnUR7s3CJMIcmqPQ=="}
01329{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725132050816926,"flow_src_last_pkt_time":1725132050847484,"flow_dst_last_pkt_time":1725132050816944,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":278,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050847484,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57874,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"test.lan","domainame":"test.lan","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1911h2_9dc949149365_e7c285222651","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1725132050847484,"flow_dst_last_pkt_time":1725132050847514,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725132050847514,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADQmGUAAQAYWqX8AAAF\/AAABBNLiEjFAczGFrjeHgBAB+\/4oAAABAQgKhFucXIRbnFw="}
01374{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725132050816926,"flow_src_last_pkt_time":1725132050847484,"flow_dst_last_pkt_time":1725132050848915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":1120,"flow_src_tot_l4_payload_len":278,"flow_dst_tot_l4_payload_len":1120,"midstream":0,"thread_ts_usec":1725132050848915,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57874,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"test.lan","domainame":"test.lan","tls": {"version":"TLSv1.3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t13d1911h2_9dc949149365_e7c285222651","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725132050873451,"flow_src_last_pkt_time":1725132050873451,"flow_dst_last_pkt_time":1725132050873451,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050873451,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"216.58.204.142","src_port":58612,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1725132050873451,"flow_dst_last_pkt_time":1725132050873451,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050873451,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAADxo9EAAQAZqn8CoAbfYOsyO5PQBu7ZCkCEAAAAAoAL68GdXAAACBAW0BAIICjq0ShsAAAAAAQMDBw=="}
00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1725132050873451,"flow_dst_last_pkt_time":1725132050876326,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725132050876326,"pkt":"AAAAAQAGILAB4IZiAAAIAEWAADwAAEAAegaZE9g6zI7AqAG3Abvk9JZ2W362QpAioBL\/\/3dxAAACBAWEBAIICjYtj346tEobAQMDCA=="}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1725132050876380,"flow_dst_last_pkt_time":1725132050876326,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725132050876380,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAADRo9UAAQAZqpsCoAbfYOsyO5PQBu7ZCkCKWdlt\/gBAB9mdPAAABAQgKOrRKHjYtj34="}
01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1725132050876814,"flow_dst_last_pkt_time":1725132050876326,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":585,"pkt_l4_len":549,"thread_ts_usec":1725132050876814,"pkt":"AAQAAQAGCAAn\/ADWAAAIAEUAAjlo9kAAQAZooMCoAbfYOsyO5PQBu7ZCkCKWdlt\/gBgB9mlUAAABAQgKOrRKHzYtj34WAwECAAEAAfwDA55vVzXI3mQH9e+wyvy5I6cXpuQRP5nZ6hYxg\/mFdw9\/IF4ht1IC8no54a26Y6+rkaHkm29\/NMcYzHfS4NjAh1BbAD4TAhMDEwHALMAwAJ\/MqcyozKrAK8AvAJ7AJMAoAGvAI8AnAGfACsAUADnACcATADMAnQCcAD0APAA1AC8A\/wEAAXUAAAAUABIAAA93d3cueW91dHViZS5jb20ACwAEAwABAgAKABYAFAAdABcAHgAZABgBAAEBAQIBAwEEM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAADEAAAANACoAKAQDBQMGAwgHCAgICQgKCAsIBAgFCAYEAQUBBgEDAwMBAwIEAgUCBgIAKwAFBAMEAwMALQACAQEAMwAmACQAHQAghYsBTkOlEYIUsZIxHX6uxj6aE6rZEFOhADLyFofqEmYAFQCuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1725132050873451,"flow_src_last_pkt_time":1725132050876814,"flow_dst_last_pkt_time":1725132050876326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725132050876814,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"216.58.204.142","src_port":58612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1725132050876814,"flow_dst_last_pkt_time":1725132050879524,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725132050879524,"pkt":"AAAAAQAGILAB4IZiAAAIAEWAADRY\/wAAegaAHNg6zI7AqAG3Abvk9JZ2W3+2QpIngBABBaL9AAABAQgKNi2PgTq0Sh8="}
01279{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725132050873451,"flow_src_last_pkt_time":1725132050876814,"flow_dst_last_pkt_time":1725132050895591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6600,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":6600,"midstream":0,"thread_ts_usec":1725132050895591,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"216.58.204.142","src_port":58612,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809501,"flow_src_last_pkt_time":1725132050809501,"flow_dst_last_pkt_time":1725132050810429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":209,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":209,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":49817,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":11,"flow_first_seen":1725132050807636,"flow_src_last_pkt_time":1725132050944716,"flow_dst_last_pkt_time":1725132050904186,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2544,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":7291,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40136,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050813192,"flow_src_last_pkt_time":1725132050813192,"flow_dst_last_pkt_time":1725132050816780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":45262,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}}
01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050813406,"flow_src_last_pkt_time":1725132050813406,"flow_dst_last_pkt_time":1725132050813923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":37,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":58009,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}}
01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725132050809269,"flow_src_last_pkt_time":1725132050809288,"flow_dst_last_pkt_time":1725132050810967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":396,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":46548,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050813050,"flow_src_last_pkt_time":1725132050813050,"flow_dst_last_pkt_time":1725132050816698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":37,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":50125,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}}
00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":15,"flow_first_seen":1725132050873451,"flow_src_last_pkt_time":1725132050978296,"flow_dst_last_pkt_time":1725132050978347,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6600,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":18386,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"216.58.204.142","src_port":58612,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1725132050816926,"flow_src_last_pkt_time":1725132050978467,"flow_dst_last_pkt_time":1725132050978462,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":2070,"flow_src_tot_l4_payload_len":1405,"flow_dst_tot_l4_payload_len":10691,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":57874,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050809672,"flow_src_last_pkt_time":1725132050809672,"flow_dst_last_pkt_time":1725132050810814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":193,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":193,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":41933,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1725132050813503,"flow_src_last_pkt_time":1725132050813503,"flow_dst_last_pkt_time":1725132050814218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1725132050978467,"l3_proto":"ip4","src_ip":"192.168.1.183","dst_ip":"192.168.1.253","src_port":42485,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"test.lan"}}
00868{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/tls_heur__vmess-tcp-tls.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":40731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":74,"global_ts_usec":1725132050978467}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 100/100
~~ skipped flows.............: 0
~~ total layer4 data length..: 40731 bytes
~~ total detected protocols..: 10
~~ total active/idle flows...: 10/10
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 7718618 bytes
~~ total memory freed........: 7718618 bytes
~~ total allocations/frees...: 126104/126104
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 571 chars
~~ json message max len.......: 1379 chars
~~ json message avg len.......: 974 chars
|