1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
|
00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":180833453,"flow_src_last_pkt_time":180833453,"flow_dst_last_pkt_time":180833453,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":204,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":204,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":180833453,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.93.78.79","src_port":57636,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":180833453,"flow_dst_last_pkt_time":180833453,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_usec":180833453,"pkt":"UlQAEjUCCAAns+YuCABFAADok9pAAEARvW8KAAIPjl1OT+EkymwA1AI7AQAAADFmGKwJrQ4czaGW2fivZifDA9bZgR+goGC1L1XT5Tb4ffONTEiIno7ADCXgv6ivhjOazMjC\/t3fNY+F6sUlmLsJKJDCgyGPUnt\/\/rJPAiu0ANf8FF8A7J313jnyFJAtRq6DvVU3WC8bIK2TvwFn3bJURdR7JOOW8a4igqigeFA5ckhI5+F1XHPSmY8AS0K+sKuVxh08pxhxLPsdtwiOTkCR0xbrNfYg21AogaRMjbfQPsSLDYOaMYAAAAAAAAAAAAAAAAAAAAAA"}
00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":180833453,"flow_dst_last_pkt_time":180920999,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":180920999,"pkt":"CAAns+YuUlQAEjUCCABFAACABmkAAEARi0mOXU5PCgACD8ps4SQAbB8QAgAAAALKGgAxZhisCgAFM6wRAwETE2VWnB7YZghBjVnpNQ3KTJTOED2SjFWO8s1dICoQdyfV8AE0uBoG0OSiaX+P0MRGTYfAATJAL6RBGx5gpd\/iAAAAAAAAAAAAAAAAAAAAAA=="}
00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":180833453,"flow_src_last_pkt_time":180833453,"flow_dst_last_pkt_time":180920999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":204,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":204,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":180920999,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.93.78.79","src_port":57636,"dst_port":51820,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard.TunnelBear","proto_id":"206.299","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":180921737,"flow_dst_last_pkt_time":180920999,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":180921737,"pkt":"UlQAEjUCCAAns+YuCABFAAA8lA5AAEARvecKAAIPjl1OT+EkymwAKBGZBAAAAALKGgAAAAAAAAAAANEgI73FyY4eHUJx9U1UE5w="}
00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":180952857,"flow_dst_last_pkt_time":180920999,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":180952857,"pkt":"UlQAEjUCCAAns+YuCABFAABslChAAEARvZ0KAAIPjl1OT+EkymwAWDU4BAAAAALKGgABAAAAAAAAAFC28F6vCsoDQl1BKDztz8bTxV\/i8iNoB8iJi5BnnIjKt8JoCFNvi2krNfZLHpmfDClTm9SLapiAtgmos93886Q="}
00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":180952885,"flow_dst_last_pkt_time":180920999,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":180952885,"pkt":"UlQAEjUCCAAns+YuCABFAABslClAAEARvZwKAAIPjl1OT+EkymwAWGIoBAAAAALKGgACAAAAAAAAAN+OZseZLG64qqjwhSSP6cXIgA4mV8Kre\/iZWIHFbWaRmSmw1+rPHtcU3wDw6AmdNtXHewk7LByBQZPbfZbxTAc="}
00796{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":13,"packets-processed":12,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":2112,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":9,"global_ts_usec":1655734524312623}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734524312623,"flow_src_last_pkt_time":1655734524312623,"flow_dst_last_pkt_time":1655734524312623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524312623,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50178,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1655734524312623,"flow_dst_last_pkt_time":1655734524312623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734524312623,"pkt":"ABoRAAACABoRAAABCABFAAA8wQ5AAEAGbKcKCAABaBGa7MQCAbs6\/WaPAAAAAKAC\/\/8qygAAAgQFtAQCCAoBY6eBAAAAAAEDAwg="}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1655734524312623,"flow_dst_last_pkt_time":1655734524319931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524319931,"pkt":"ABoRAAACABoRAAABCABFAAAoAFRAABAGXXZoEZrsCggAAQG7xALFAplwOv1mkFAS\/\/\/dDQAA"}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1655734524319986,"flow_dst_last_pkt_time":1655734524319931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524319986,"pkt":"ABoRAAACABoRAAABCABFAAAowQ9AAEAGbLoKCAABaBGa7MQCAbs6\/WaQxQKZcVAQ\/\/\/dDgAA"}
01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1655734524320000,"flow_dst_last_pkt_time":1655734524319931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734524320000,"pkt":"ABoRAAACABoRAAABCABFAAItwRBAAEAGarQKCAABaBGa7MQCAbs6\/WaQxQKZcVAY\/\/\/BLwAAFgMBAgABAAH8AwPk34tg8AHVJzjRYyHrpNCudSsBrVAevTx2Gxd6iOzlPiCmbhGpvk\/Hs9hN+pwujvy50uyqu5C3POsjOrMnub0cxgAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABmwAAABcAFQAAEmFwaS50dW5uZWxiZWFyLmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAMAJ82VJCtYolEtrmEBslUOZ6TOvlCveQTCYtajEuEGwCsKFGEVjXgSM2\/W2kzbzFyzWer90vOdXYfA1a+pViPoEtG\/hx8A2b8WR7t5R30NjKogvAksZuJftTJdfteyHCIWMTYdfryMtphHjNW4SUNc4OV36Ht4AvrpkkXom5ksAYdtWwvzRyGAjoksL973FCtPYosKqdcPeFzh+o6Oxzshj72aNgAnzokPG8SothiU680Dg90cqLxiVDdMUydxwu+4AEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAFQBqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01196{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734524312623,"flow_src_last_pkt_time":1655734524320000,"flow_dst_last_pkt_time":1655734524319931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524320000,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50178,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.tunnelbear.com","tls": {"version":"TLSv1.2","ja3":"a1c672bda2bda1a05bdca801144b2760","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1655734524320000,"flow_dst_last_pkt_time":1655734524320123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524320123,"pkt":"ABoRAAACABoRAAABCABFAAAoAFVAABAGXXVoEZrsCggAAQG7xALFAplxOv1olVAQ\/\/\/bCQAA"}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734524335198,"flow_src_last_pkt_time":1655734524335198,"flow_dst_last_pkt_time":1655734524335198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524335198,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1655734524335198,"flow_dst_last_pkt_time":1655734524335198,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734524335198,"pkt":"ABoRAAACABoRAAABCABFAAA8r3BAAEAGpgkKCAABaBFzKLAwAbtQpAj3AAAAAKAC\/\/+uSwAAAgQFtAQCCAoBY6eHAAAAAAEDAwg="}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1655734524335198,"flow_dst_last_pkt_time":1655734524340009,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524340009,"pkt":"ABoRAAACABoRAAABCABFAAAoAFZAABAGhThoEXMoCggAAQG7sDCvW\/cIUKQI+FAS\/\/8YpAAA"}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734524340111,"flow_src_last_pkt_time":1655734524340111,"flow_dst_last_pkt_time":1655734524340111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524340111,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1655734524340111,"flow_dst_last_pkt_time":1655734524340111,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734524340111,"pkt":"ABoRAAACABoRAAABCABFAAA8hAJAAEAG0XcKCAABaBFzKLAyAbsgvSOFAAAAAKAC\/\/\/DogAAAgQFtAQCCAoBY6eHAAAAAAEDAwg="}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1655734524340111,"flow_dst_last_pkt_time":1655734524343580,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524343580,"pkt":"ABoRAAACABoRAAABCABFAAAoAFdAABAGhTdoEXMoCggAAQG7sDLfQtx6IL0jhlAS\/\/8YogAA"}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734524343748,"flow_src_last_pkt_time":1655734524343748,"flow_dst_last_pkt_time":1655734524343748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524343748,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45108,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1655734524343748,"flow_dst_last_pkt_time":1655734524343748,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734524343748,"pkt":"ABoRAAACABoRAAABCABFAAA8b31AAEAG5fwKCAABaBFzKLA0Abv3yMj6AAAAAKAC\/\/9HHwAAAgQFtAQCCAoBY6eHAAAAAAEDAwg="}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1655734524343748,"flow_dst_last_pkt_time":1655734524345914,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524345914,"pkt":"ABoRAAACABoRAAABCABFAAAoAFhAABAGhTZoEXMoCggAAQG7sDQINzcF98jI+1AS\/\/8YoAAA"}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1655734524345961,"flow_dst_last_pkt_time":1655734524340009,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524345961,"pkt":"ABoRAAACABoRAAABCABFAAAor3FAAEAGphwKCAABaBFzKLAwAbtQpAj4r1v3CVAQ\/\/8YpQAA"}
01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1655734524345975,"flow_dst_last_pkt_time":1655734524340009,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734524345975,"pkt":"ABoRAAACABoRAAABCABFAAItr3JAAEAGpBYKCAABaBFzKLAwAbtQpAj4r1v3CVAY\/\/8HwwAAFgMBAgABAAH8AwPPe3hbM8dAy+GlGgF0b7BMeTFTravNzEo1RIhmijyHVSDn66IPs9ctnuibiJkbfKlMm8BMQxXU9b\/atZpx5MTwdwAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwGWL8mIuxZtK99a\/9aSk\/qp6xySITVvlPnlY2+DgI3BxvfbXq1zGciCxLrMLD7A6dVjeHR712CpR6tEXJKz+RC5bjVIXlid05M6MsA55S3Kp1Aa2Bj36xEghnp0sIsRiKdfOWJY3MCiFIBasVjN94rMeQhRi86\/WHqsUgHi9lpNDGzvLpzdSHT8l120BSQj5\/IjWs39MT3oC4h\/fOmpRWYfw8iqxm4TpjnSTgZwSqXyMROg1ftcgKa\/jD3WD1q3cRgANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734524335198,"flow_src_last_pkt_time":1655734524345975,"flow_dst_last_pkt_time":1655734524340009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524345975,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1655734524345975,"flow_dst_last_pkt_time":1655734524346036,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524346036,"pkt":"ABoRAAACABoRAAABCABFAAAoAFlAABAGhTVoEXMoCggAAQG7sDCvW\/cJUKQK\/VAQ\/\/8WoAAA"}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734524346049,"flow_src_last_pkt_time":1655734524346049,"flow_dst_last_pkt_time":1655734524346049,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524346049,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1655734524346049,"flow_dst_last_pkt_time":1655734524346049,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734524346049,"pkt":"ABoRAAACABoRAAABCABFAAA8HIhAAEAGOPIKCAABaBFzKLA6AbvglrsBAAAAAKAC\/\/9sQgAAAgQFtAQCCAoBY6eJAAAAAAEDAwg="}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1655734524346049,"flow_dst_last_pkt_time":1655734524346950,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524346950,"pkt":"ABoRAAACABoRAAABCABFAAAoAFpAABAGhTRoEXMoCggAAQG7sDofaUT+4Ja7AlAS\/\/8YmgAA"}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1655734524347016,"flow_dst_last_pkt_time":1655734524343580,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524347016,"pkt":"ABoRAAACABoRAAABCABFAAAohANAAEAG0YoKCAABaBFzKLAyAbsgvSOG30Lce1AQ\/\/8YowAA"}
01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1655734524347041,"flow_dst_last_pkt_time":1655734524343580,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734524347041,"pkt":"ABoRAAACABoRAAABCABFAAIthARAAEAGz4QKCAABaBFzKLAyAbsgvSOG30Lce1AY\/\/+nOwAAFgMBAgABAAH8AwOBQin+ycoWMW96U2S7Nyf8lKHjOUpraieioMywXXJL4CDn66IPs9ctnuibiJkbfKlMm8BMQxXU9b\/atZpx5MTwdwAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwGWL8mIuxZtK99a\/9aSk\/qp6xySITVvlPnlY2+DgI3BxvfbXq1zGciCxLrMLD7A6dVjeHR712CpR6tEXJKz+RC5bjVIXlid05M6MsA55S3Kp1Aa2Bj36xEghnp0sIsRiKdfOWJY3MCiFIBasVjN94rMeQhRi86\/WHqsUgHi9lpNDGzvLpzdSHT8l120BSQj5\/IjWs39MT3oC4h\/fOmpRWYfw8iqxm4TpjnSTgZwSqXyMROg1ftcgKa\/jD3WD1q3cRgANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734524340111,"flow_src_last_pkt_time":1655734524347041,"flow_dst_last_pkt_time":1655734524343580,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524347041,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1655734524347041,"flow_dst_last_pkt_time":1655734524347175,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524347175,"pkt":"ABoRAAACABoRAAABCABFAAAoAFtAABAGhTNoEXMoCggAAQG7sDLfQtx7IL0li1AQ\/\/8WngAA"}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1655734524347199,"flow_dst_last_pkt_time":1655734524345914,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524347199,"pkt":"ABoRAAACABoRAAABCABFAAAob35AAEAG5g8KCAABaBFzKLA0Abv3yMj7CDc3BlAQ\/\/8YoQAA"}
01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1655734524347219,"flow_dst_last_pkt_time":1655734524345914,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734524347219,"pkt":"ABoRAAACABoRAAABCABFAAItb39AAEAG5AkKCAABaBFzKLA0Abv3yMj7CDc3BlAY\/\/8gMQAAFgMBAgABAAH8AwNcAcPwKnj56cC0mJiZpEWc7eyWZWWRb+wm4SSq0gSKpSDn66IPs9ctnuibiJkbfKlMm8BMQxXU9b\/atZpx5MTwdwAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwGWL8mIuxZtK99a\/9aSk\/qp6xySITVvlPnlY2+DgI3BxvfbXq1zGciCxLrMLD7A6dVjeHR712CpR6tEXJKz+RC5bjVIXlid05M6MsA55S3Kp1Aa2Bj36xEghnp0sIsRiKdfOWJY3MCiFIBasVjN94rMeQhRi86\/WHqsUgHi9lpNDGzvLpzdSHT8l120BSQj5\/IjWs39MT3oC4h\/fOmpRWYfw8iqxm4TpjnSTgZwSqXyMROg1ftcgKa\/jD3WD1q3cRgANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734524343748,"flow_src_last_pkt_time":1655734524347219,"flow_dst_last_pkt_time":1655734524345914,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524347219,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45108,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1655734524347219,"flow_dst_last_pkt_time":1655734524347297,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524347297,"pkt":"ABoRAAACABoRAAABCABFAAAoAFxAABAGhTJoEXMoCggAAQG7sDQINzcG98jLAFAQ\/\/8WnAAA"}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1655734524347317,"flow_dst_last_pkt_time":1655734524346950,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524347317,"pkt":"ABoRAAACABoRAAABCABFAAAoHIlAAEAGOQUKCAABaBFzKLA6AbvglrsCH2lE\/1AQ\/\/8YmwAA"}
01236{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1655734524347416,"flow_dst_last_pkt_time":1655734524346950,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734524347416,"pkt":"ABoRAAACABoRAAABCABFAAItHIpAAEAGNv8KCAABaBFzKLA6AbvglrsCH2lE\/1AY\/\/\/taQAAFgMBAgABAAH8AwNzy1xM18VuxwIHxJY+cqMgXzNl9drV0itVzASv6gjKliDn66IPs9ctnuibiJkbfKlMm8BMQxXU9b\/atZpx5MTwdwAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwGWL8mIuxZtK99a\/9aSk\/qp6xySITVvlPnlY2+DgI3BxvfbXq1zGciCxLrMLD7A6dVjeHR712CpR6tEXJKz+RC5bjVIXlid05M6MsA55S3Kp1Aa2Bj36xEghnp0sIsRiKdfOWJY3MCiFIBasVjN94rMeQhRi86\/WHqsUgHi9lpNDGzvLpzdSHT8l120BSQj5\/IjWs39MT3oC4h\/fOmpRWYfw8iqxm4TpjnSTgZwSqXyMROg1ftcgKa\/jD3WD1q3cRgANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734524346049,"flow_src_last_pkt_time":1655734524347416,"flow_dst_last_pkt_time":1655734524346950,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524347416,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1655734524347416,"flow_dst_last_pkt_time":1655734524347518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524347518,"pkt":"ABoRAAACABoRAAABCABFAAAoAF1AABAGhTFoEXMoCggAAQG7sDofaUT\/4Ja9B1AQ\/\/8WlgAA"}
01569{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734524335198,"flow_src_last_pkt_time":1655734524345975,"flow_dst_last_pkt_time":1655734524417182,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3657,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3657,"midstream":0,"thread_ts_usec":1655734524417182,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","server_names":"*.polargrizzly.com,polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA","subjectDN":"CN=*.polargrizzly.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17","blocks":0}}}
01560{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734524312623,"flow_src_last_pkt_time":1655734524320000,"flow_dst_last_pkt_time":1655734524417598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":5473,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5473,"midstream":0,"thread_ts_usec":1655734524417598,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50178,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.tunnelbear.com","tls": {"version":"TLSv1.2","server_names":"*.tunnelbear.com,tunnelbear.com","ja3":"a1c672bda2bda1a05bdca801144b2760","ja3s":"a885fb01204bc11cc58efc02fe640899","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.tunnelbear.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"52:96:E2:83:CC:15:4E:B3:0F:5B:1D:E2:E8:FF:4E:A9:C4:E9:C0:AF","blocks":0}}}
01569{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734524340111,"flow_src_last_pkt_time":1655734524347041,"flow_dst_last_pkt_time":1655734524479120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3657,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3657,"midstream":0,"thread_ts_usec":1655734524479120,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","server_names":"*.polargrizzly.com,polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA","subjectDN":"CN=*.polargrizzly.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17","blocks":0}}}
01569{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734524343748,"flow_src_last_pkt_time":1655734524347219,"flow_dst_last_pkt_time":1655734524479396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3655,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3655,"midstream":0,"thread_ts_usec":1655734524479396,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45108,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","server_names":"*.polargrizzly.com,polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA","subjectDN":"CN=*.polargrizzly.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17","blocks":0}}}
01569{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734524346049,"flow_src_last_pkt_time":1655734524347416,"flow_dst_last_pkt_time":1655734524479592,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3658,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3658,"midstream":0,"thread_ts_usec":1655734524479592,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","server_names":"*.polargrizzly.com,polargrizzly.com","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"9ebc57def2efb523f25c77af13aa6d48","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo ECC Domain Validation Secure Server CA","subjectDN":"CN=*.polargrizzly.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"1D:D9:82:8B:E8:9A:66:86:18:67:66:52:EE:02:6C:7D:09:12:B4:17","blocks":0}}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734524480852,"flow_src_last_pkt_time":1655734524480852,"flow_dst_last_pkt_time":1655734524480852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524480852,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":47496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1655734524480852,"flow_dst_last_pkt_time":1655734524480852,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734524480852,"pkt":"ABoRAAACABoRAAABCABFAAA83gpAAEAGu\/QKCAABovfzvLmIAbsjcXmhAAAAAKAC\/\/+l3QAAAgQFtAQCCAoBY6erAAAAAAEDAwg="}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1655734524480852,"flow_dst_last_pkt_time":1655734524482578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524482578,"pkt":"ABoRAAACABoRAAABCABFAAAoAGxAABAGyaei9\/O8CggAAQG7uYjcjoZeI3F5olAS\/\/9T0QAA"}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1655734524482823,"flow_dst_last_pkt_time":1655734524482578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524482823,"pkt":"ABoRAAACABoRAAABCABFAAAo3gtAAEAGvAcKCAABovfzvLmIAbsjcXmi3I6GX1AQ\/\/9T0gAA"}
01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1655734524484592,"flow_dst_last_pkt_time":1655734524482578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734524484592,"pkt":"ABoRAAACABoRAAABCABFAAIt3gxAAEAGugEKCAABovfzvLmIAbsjcXmi3I6GX1AY\/\/+WTAAAFgMBAgABAAH8AwPdoGF70W3A+CHAdR4ClxewXfs5tap8jsVR3I\/hQbsXjSAcEa4OgnAATC+4XMxeR+\/oOPBucT0zEVEWK1hzrBhSFwAcwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZf\/AQABAAAAACIAIAAAHW1vYmlsZS1jb2xsZWN0b3IubmV3cmVsaWMuY29tABcAAAAjAMAc6HhX9xuZD5Fr70azY+MzqYNdAXSTjMQ4IA6wzEC2P3hVSk5QgFo5iPN2xg1o+OrJGswecJNUtgaP4gaSGrWjFfG2zUXgffNDHNV+JxDwYogQlHJkBCaTWoF4gGoKVEQnIZJK\/kZPneegIpzEvPMdOXoqoC7CrFaZW4VHcCgrWc7yMMTn+ST1zOaSeuDHkcyekWnAodKwzImkR5Kjgzq0BuxAy72wKWhansW2FOfhPyY4Bj0TSxTnmuiLslycsT8ADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEAALAAkIaHR0cC8xLjEACwACAQAACgAIAAYAHQAXABgAFQBeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734524480852,"flow_src_last_pkt_time":1655734524484592,"flow_dst_last_pkt_time":1655734524482578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524484592,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":47496,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"mobile-collector.newrelic.com","tls": {"version":"TLSv1.2","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"","ja4":"t12d1410ht_c866b44c5a26_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1655734524484592,"flow_dst_last_pkt_time":1655734524484796,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524484796,"pkt":"ABoRAAACABoRAAABCABFAAAoAG9AABAGyaSi9\/O8CggAAQG7uYjcjoZfI3F7p1AQ\/\/9RzQAA"}
01594{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734524480852,"flow_src_last_pkt_time":1655734524484592,"flow_dst_last_pkt_time":1655734524597187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3864,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3864,"midstream":0,"thread_ts_usec":1655734524597187,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":47496,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"mobile-collector.newrelic.com","tls": {"version":"TLSv1.2","server_names":"*.newrelic.com,newrelic.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"a885fb01204bc11cc58efc02fe640899","ja4":"t12d1410ht_c866b44c5a26_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77","blocks":0}}}
02214{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1655734524335198,"flow_src_last_pkt_time":1655734524914388,"flow_dst_last_pkt_time":1655734524915156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3657,"flow_src_tot_l4_payload_len":2952,"flow_dst_tot_l4_payload_len":9379,"midstream":0,"thread_ts_usec":1655734524915156,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":14,"avg":37391.9,"max":265866,"stddev":60218.7,"var":3626296576.0,"ent":3.5,"data": [4811,10763,14,6027,71146,71669,62476,63085,171,99,103,116,2258,2217,58331,58816,497,202,194,148,171,85,633,797,214474,265866,52392,51419,53825,54567,51776]},"pktlen": {"min":40,"avg":426.0,"max":3697,"stddev":812.3,"var":659832.9,"ent":3.5,"data": [60,40,40,557,40,3697,40,133,40,576,40,576,40,305,40,376,361,40,576,40,150,40,40,78,40,1632,40,691,40,352,40,2871]},"bins": {"c_to_s": [7,1,1,1,0,0,0,0,1,0,1,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1],"entropies": [4.505928516,4.461769581,4.584184170,6.096171856,4.530641556,7.154915333,4.484183788,5.938849449,4.530641079,7.408299446,4.530641556,7.614147663,4.580641270,7.362629890,4.511769295,7.075150967,7.354639530,4.461769581,7.592569828,4.461769581,6.475907803,4.530641556,4.584184170,5.252028465,4.480641842,7.871288776,4.584184170,7.643190861,4.584184170,7.059779167,4.584184170,7.871583939]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com"}}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734525210582,"flow_src_last_pkt_time":1655734525210582,"flow_dst_last_pkt_time":1655734525210582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734525210582,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1655734525210582,"flow_dst_last_pkt_time":1655734525210582,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734525210582,"pkt":"ABoRAAACABoRAAABCABFAAA8oPNAAEAGtIYKCAABaBFzKLBEAbsaEwikAAAAAKAC\/\/\/kSwAAAgQFtAQCCAoBY6hXAAAAAAEDAwg="}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1655734525210582,"flow_dst_last_pkt_time":1655734525218112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734525218112,"pkt":"ABoRAAACABoRAAABCABFAAAoAJJAABAGhPxoEXMoCggAAQG7sETl7PdbGhMIpVAS\/\/8YkAAA"}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734525218267,"flow_src_last_pkt_time":1655734525218267,"flow_dst_last_pkt_time":1655734525218267,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734525218267,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1655734525218267,"flow_dst_last_pkt_time":1655734525218267,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734525218267,"pkt":"ABoRAAACABoRAAABCABFAAA8IBpAAEAGNWAKCAABaBFzKLBGAbuqCIhCAAAAAKAC\/\/\/UtAAAAgQFtAQCCAoBY6hYAAAAAAEDAwg="}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1655734525218267,"flow_dst_last_pkt_time":1655734525221695,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734525221695,"pkt":"ABoRAAACABoRAAABCABFAAAoAJNAABAGhPtoEXMoCggAAQG7sEZV93e9qgiIQ1AS\/\/8YjgAA"}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1655734525221954,"flow_dst_last_pkt_time":1655734525218112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734525221954,"pkt":"ABoRAAACABoRAAABCABFAAAooPRAAEAGtJkKCAABaBFzKLBEAbsaEwil5ez3XFAQ\/\/8YkQAA"}
01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1655734525221986,"flow_dst_last_pkt_time":1655734525218112,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734525221986,"pkt":"ABoRAAACABoRAAABCABFAAItoPVAAEAGspMKCAABaBFzKLBEAbsaEwil5ez3XFAY\/\/\/VWwAAFgMBAgABAAH8AwOD21mof\/yQQcqXJfkfiM\/Gq4YkF6Y5BPGpbf86MIansiAN71R3+ObtCkanxhMzSgwSAMPgpmEbcLpm\/4d\/FCeJcQAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurUenpIKScqougExtT90O4XVdylj7yhXbabgTI97Utdqq8X6Nd28DP0twFQg1m62LJ2BTFOikZhogFtIA9HG\/0BNh5wxWFPHzqFD7ZHCloKbcwsD9mzTrRPBd7mAj+Eo9r9UEQqvETsHu1i04iOc0WTq+lbcyk1RjLb9T0V85ZhgEBE7nnrdXLAig0BkXuYvUIQNVmcHG2vpp2qDRpQJPL7g+cIGx2aTgUEiylR3KxnhGgANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01198{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734525210582,"flow_src_last_pkt_time":1655734525221986,"flow_dst_last_pkt_time":1655734525218112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734525221986,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45124,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1655734525221986,"flow_dst_last_pkt_time":1655734525222170,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734525222170,"pkt":"ABoRAAACABoRAAABCABFAAAoAJRAABAGhPpoEXMoCggAAQG7sETl7PdcGhMKqlAQ\/\/8WjAAA"}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1655734525222205,"flow_dst_last_pkt_time":1655734525221695,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734525222205,"pkt":"ABoRAAACABoRAAABCABFAAAoIBtAAEAGNXMKCAABaBFzKLBGAbuqCIhDVfd3vlAQ\/\/8YjwAA"}
01232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1655734525224208,"flow_dst_last_pkt_time":1655734525221695,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734525224208,"pkt":"ABoRAAACABoRAAABCABFAAItIBxAAEAGM20KCAABaBFzKLBGAbuqCIhDVfd3vlAY\/\/9sCgAAFgMBAgABAAH8AwMLkwU\/hFvxNVPmM2PwO25yhVvBKGFsW5iWv3P4rk7vySAN71R3+ObtCkanxhMzSgwSAMPgpmEbcLpm\/4d\/FCeJcQAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurUenpIKScqougExtT90O4XVdylj7yhXbabgTI97Utdqq8X6Nd28DP0twFQg1m62LJ2BTFOikZhogFtIA9HG\/0BNh5wxWFPHzqFD7ZHCloKbcwsD9mzTrRPBd7mAj+Eo9r9UEQqvETsHu1i04iOc0WTq+lbcyk1RjLb9T0V85ZhgEBE7nnrdXLAig0BkXuYvUIQNVmcHG2vpp2qDRpQJPL7g+cIGx2aTgUEiylR3KxnhGgANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01198{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734525218267,"flow_src_last_pkt_time":1655734525224208,"flow_dst_last_pkt_time":1655734525221695,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734525224208,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1655734525224208,"flow_dst_last_pkt_time":1655734525224559,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734525224559,"pkt":"ABoRAAACABoRAAABCABFAAAoAJVAABAGhPloEXMoCggAAQG7sEZV93e+qgiKSFAQ\/\/8WigAA"}
01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734525218267,"flow_src_last_pkt_time":1655734525224208,"flow_dst_last_pkt_time":1655734525281832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734525281832,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}}
01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734525210582,"flow_src_last_pkt_time":1655734525221986,"flow_dst_last_pkt_time":1655734525332870,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734525332870,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45124,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}}
02210{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1655734525218267,"flow_src_last_pkt_time":1655734525773780,"flow_dst_last_pkt_time":1655734525773395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":749,"flow_src_tot_l4_payload_len":2295,"flow_dst_tot_l4_payload_len":1194,"midstream":0,"thread_ts_usec":1655734525773780,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":128,"avg":35827.1,"max":233720,"stddev":54909.0,"var":3015001088.0,"ent":3.6,"data": [3428,3938,2003,2864,57273,107978,750,51373,305,140,145,128,138,133,50874,51892,1049,50443,50842,196795,233720,37672,51488,50853,51099,141,51026,454,234,444,1019]},"pktlen": {"min":40,"avg":149.7,"max":789,"stddev":198.3,"var":39337.4,"ent":4.1,"data": [60,40,40,557,40,196,40,91,40,576,40,576,40,303,40,118,363,40,78,40,789,40,213,40,78,40,71,40,40,40,40,40]},"bins": {"c_to_s": [9,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0],"entropies": [4.472595215,4.630641460,4.634183884,6.061924934,4.530641556,6.057179928,4.684184074,5.430868149,4.530642033,7.374313831,4.580641747,7.639074802,4.530642033,7.179740906,4.461769581,5.884557247,7.359737873,4.580641747,5.284663200,4.580641747,7.730541706,4.684184074,6.845517159,4.684184074,5.293632984,4.565311909,5.134845257,4.480641842,4.465312481,4.430641651,4.480641842,4.471928596]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com"}}
00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":1,"flow_first_seen":180833453,"flow_src_last_pkt_time":181212896,"flow_dst_last_pkt_time":180920999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":560,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":2012,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1655734525874298,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"142.93.78.79","src_port":57636,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard.TunnelBear","proto_id":"206.299","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734754614463,"flow_src_last_pkt_time":1655734754614463,"flow_dst_last_pkt_time":1655734754614463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655734754614463,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"104.17.114.40","src_port":38398,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1655734754614463,"flow_dst_last_pkt_time":1655734754614463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734754614463,"pkt":"ABoRAAACABoRAAABCABFAAAoVtFAAEAGeswKnoRbaBFyKJX+AbuhM960Ee9+klAQAVedJwAA"}
01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1655734754615913,"flow_dst_last_pkt_time":1655734754614463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734754615913,"pkt":"ABoRAAACABoRAAABCABFAAItVtJAAEAGeMYKnoRbaBFyKJX+AbuhM960Ee9+klAYAVc2sQAAFgMBAgABAAH8AwOffU2PEFvusphnSRt4iypv4+ZmiFJN5MhWLpPRgxBGWyBzS35friOfAWwzRvK4nOaCBJAbSD\/HvnzVJtlqjl91KAAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurXqfhCsyPABZtbMnzb26AxMffuozfeg4IKaCIbNJ3q2zznlQTcn2vtZGw2LgspfFkx\/\/ulZltuMfvovkdu6OxfbcYa5VnIF3xidmaUJ8SUPb79tJJFaBhFXEN61mvGK7zPpvVrV3mTyXEwUGGWTkZAGHvhktDm3FDiaeMeQoyzU\/JxID7YfTFAEkYxMS3+IaSjPuX3oi2kUbrLhwugcx7H6N+6QUOak1x1EA8eU6f8ZVAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01329{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1655734754614463,"flow_src_last_pkt_time":1655734754615913,"flow_dst_last_pkt_time":1655734754614463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655734754615913,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"104.17.114.40","src_port":38398,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734754648445,"flow_src_last_pkt_time":1655734754648445,"flow_dst_last_pkt_time":1655734754648445,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655734754648445,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"8.8.8.8","src_port":51120,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1655734754648445,"flow_dst_last_pkt_time":1655734754648445,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655734754648445,"pkt":"ABoRAAACABoRAAABCABFAAA0IExAAEAGe28KnoRbCAgICMewADWRpqgvfDsVvoAQAVcLYgAAAQEICgFkiHG27faC"}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1655734754650552,"flow_dst_last_pkt_time":1655734754648445,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655734754650552,"pkt":"ABoRAAACABoRAAABCABFAAA0IE1AAEAGe24KnoRbCAgICMewADWRpqgvfDsVvoARAVcLYAAAAQEICgFkiHK27faC"}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1655734754650552,"flow_dst_last_pkt_time":1655734754651001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734754651001,"pkt":"ABoRAAACABoRAAABCABFAAAoAElAABAGy34ICAgICp6EWwA1x7B8OxW+kaaoMFAQ\/\/99FQAA"}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1655734754650552,"flow_dst_last_pkt_time":1655734754651336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734754651336,"pkt":"ABoRAAACABoRAAABCABFAAAoAEpAABAGy30ICAgICp6EWwA1x7B8OxW+kaaoMFAR\/\/99FAAA"}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1655734754651380,"flow_dst_last_pkt_time":1655734754651336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655734754651380,"pkt":"ABoRAAACABoRAAABCABFAAA0AABAAEAGm7sKnoRbCAgICMewADWRpqgwfDsVv4AQAVcLXwAAAQEICgFkiHK27faC"}
01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1655734754841430,"flow_dst_last_pkt_time":1655734754614463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734754841430,"pkt":"ABoRAAACABoRAAABCABFAAItVtNAAEAGeMUKnoRbaBFyKJX+AbuhM960Ee9+klAYAVc2sQAAFgMBAgABAAH8AwOffU2PEFvusphnSRt4iypv4+ZmiFJN5MhWLpPRgxBGWyBzS35friOfAWwzRvK4nOaCBJAbSD\/HvnzVJtlqjl91KAAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurXqfhCsyPABZtbMnzb26AxMffuozfeg4IKaCIbNJ3q2zznlQTcn2vtZGw2LgspfFkx\/\/ulZltuMfvovkdu6OxfbcYa5VnIF3xidmaUJ8SUPb79tJJFaBhFXEN61mvGK7zPpvVrV3mTyXEwUGGWTkZAGHvhktDm3FDiaeMeQoyzU\/JxID7YfTFAEkYxMS3+IaSjPuX3oi2kUbrLhwugcx7H6N+6QUOak1x1EA8eU6f8ZVAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1655734755070762,"flow_dst_last_pkt_time":1655734754614463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734755070762,"pkt":"ABoRAAACABoRAAABCABFAAItVtRAAEAGeMQKnoRbaBFyKJX+AbuhM960Ee9+klAYAVc2sQAAFgMBAgABAAH8AwOffU2PEFvusphnSRt4iypv4+ZmiFJN5MhWLpPRgxBGWyBzS35friOfAWwzRvK4nOaCBJAbSD\/HvnzVJtlqjl91KAAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurXqfhCsyPABZtbMnzb26AxMffuozfeg4IKaCIbNJ3q2zznlQTcn2vtZGw2LgspfFkx\/\/ulZltuMfvovkdu6OxfbcYa5VnIF3xidmaUJ8SUPb79tJJFaBhFXEN61mvGK7zPpvVrV3mTyXEwUGGWTkZAGHvhktDm3FDiaeMeQoyzU\/JxID7YfTFAEkYxMS3+IaSjPuX3oi2kUbrLhwugcx7H6N+6QUOak1x1EA8eU6f8ZVAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1655734755078257,"flow_dst_last_pkt_time":1655734754614463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734755078257,"pkt":"ABoRAAACABoRAAABCABFAAAoVtVAAEAGesgKnoRbaBFyKJX+AbuhM+C5Ee9+klAUAVebHgAA"}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734755247797,"flow_src_last_pkt_time":1655734755247797,"flow_dst_last_pkt_time":1655734755247797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734755247797,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.7.32","src_port":60224,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1655734755247797,"flow_dst_last_pkt_time":1655734755247797,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734755247797,"pkt":"ABoRAAACABoRAAABCABFAAA8IytAAEAGaHgKCAABnfAHIOtAAbueF6osAAAAAKAC\/\/\/ZOgAAAgQFtAQCCAoBZIkHAAAAAAEDAwg="}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1655734755247797,"flow_dst_last_pkt_time":1655734755253147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734755253147,"pkt":"ABoRAAACABoRAAABCABFAAAoAEtAABAGu2yd8AcgCggAAQG760Bh6FXTnheqLVAS\/\/8TvQAA"}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1655734755253236,"flow_dst_last_pkt_time":1655734755253147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734755253236,"pkt":"ABoRAAACABoRAAABCABFAAAoIyxAAEAGaIsKCAABnfAHIOtAAbueF6otYehV1FAQ\/\/8TvgAA"}
00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1655734755261650,"flow_dst_last_pkt_time":1655734755253147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_usec":1655734755261650,"pkt":"ABoRAAACABoRAAABCABFAAENIy1AAEAGZ6UKCAABnfAHIOtAAbueF6otYehV1FAY\/\/+IWAAAFgMBAOABAADcAwOsr29P2twClx8bHowQVLbEFOIfgXx4Um\/PRTqetwAKayAJgCCyumPCkV7eO\/7Vf3tcjjqysKhIo+yuxRqkzL9EWgACEwEBAACRAA0ABAACBAMACgAEAAIAFwAtAAIBAQArAAUEAwT7GgAyAAQAAgQDAAAAGwAZAAAWbXF0dC1taW5pLmZhY2Vib29rLmNvbQAzAEcARQAXAEEEBf5Ra9IX7SPc8S6fcj6gxQyagTTzrgYTC+7wvM8qYnNgrN3e7bLLfQ9\/kVrPaK1nw304GIZoWsIceuyroYqzMw=="}
01358{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734755247797,"flow_src_last_pkt_time":1655734755261650,"flow_dst_last_pkt_time":1655734755253147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734755261650,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.7.32","src_port":60224,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"mqtt-mini.facebook.com","tls": {"version":"TLSv1.2","ja3":"82932b3c6398511df186dfc9416db2d4","ja3s":"","ja4":"t00d010700_0f2cb44170f4_8e1d4e45f8f1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":0}}}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1655734755261650,"flow_dst_last_pkt_time":1655734755261981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734755261981,"pkt":"ABoRAAACABoRAAABCABFAAAoAExAABAGu2ud8AcgCggAAQG760Bh6FXUnherElAQ\/\/8S2QAA"}
01403{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734755247797,"flow_src_last_pkt_time":1655734755261650,"flow_dst_last_pkt_time":1655734755401702,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":229,"flow_dst_max_l4_payload_len":2760,"flow_src_tot_l4_payload_len":229,"flow_dst_tot_l4_payload_len":2760,"midstream":0,"thread_ts_usec":1655734755401702,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.7.32","src_port":60224,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"mqtt-mini.facebook.com","tls": {"version":"TLSv1.3","ja3":"82932b3c6398511df186dfc9416db2d4","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","ja4":"t00d010700_0f2cb44170f4_8e1d4e45f8f1","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)","blocks":2}}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734759670358,"flow_src_last_pkt_time":1655734759670358,"flow_dst_last_pkt_time":1655734759670358,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734759670358,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"99.83.135.170","src_port":47594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1655734759670358,"flow_dst_last_pkt_time":1655734759670358,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734759670358,"pkt":"ABoRAAACABoRAAABCABFAAA8gORAAEAGxNEKCAABY1OHqrnqAbsKjg29AAAAAKAC\/\/\/wSgAAAgQFtAQCCAoBZI1ZAAAAAAEDAwg="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1655734759670358,"flow_dst_last_pkt_time":1655734759675362,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734759675362,"pkt":"ABoRAAACABoRAAABCABFAAAoAFRAABAGdXZjU4eqCggAAQG7uer1cfJCCo4NvlAS\/\/\/\/JQAA"}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1655734759675514,"flow_dst_last_pkt_time":1655734759675362,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734759675514,"pkt":"ABoRAAACABoRAAABCABFAAAogOVAAEAGxOQKCAABY1OHqrnqAbsKjg2+9XHyQ1AQ\/\/\/\/JgAA"}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1655734759678624,"flow_dst_last_pkt_time":1655734759675362,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_usec":1655734759678624,"pkt":"ABoRAAACABoRAAABCABFAADNgOZAAEAGxD4KCAABY1OHqrnqAbsKjg2+9XHyQ1AY\/\/\/YtgAAFgMBAKABAACcAwNp+aodAZwhy854vK3YMbAdCOa+jBULG06oYohax\/LlpAAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABX\/wEAAQAAAAAXABUAABJjYXBpLmdyYW1tYXJseS5jb20AFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAAAsAAgEAAAoACAAGAB0AFwAY"}
01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734759670358,"flow_src_last_pkt_time":1655734759678624,"flow_dst_last_pkt_time":1655734759675362,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":165,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734759678624,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"99.83.135.170","src_port":47594,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"capi.grammarly.com","tls": {"version":"TLSv1.2","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"","ja4":"t12d140700_c866b44c5a26_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1655734759678624,"flow_dst_last_pkt_time":1655734759679237,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734759679237,"pkt":"ABoRAAACABoRAAABCABFAAAoAFVAABAGdXVjU4eqCggAAQG7uer1cfJDCo4OY1AQ\/\/\/+gQAA"}
01337{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734759670358,"flow_src_last_pkt_time":1655734759678624,"flow_dst_last_pkt_time":1655734760073409,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":165,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1655734760073409,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"99.83.135.170","src_port":47594,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"capi.grammarly.com","tls": {"version":"TLSv1.2","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d140700_c866b44c5a26_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","blocks":0}}}
01565{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1655734759670358,"flow_src_last_pkt_time":1655734760123780,"flow_dst_last_pkt_time":1655734760124600,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":165,"flow_dst_max_l4_payload_len":4026,"flow_src_tot_l4_payload_len":165,"flow_dst_tot_l4_payload_len":5414,"midstream":0,"thread_ts_usec":1655734760124600,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"99.83.135.170","src_port":47594,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"capi.grammarly.com","tls": {"version":"TLSv1.2","server_names":"capi.grammarly.com,capi-msdk.grammarly.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"303951d4c50efb2e991652225a6f02b1","ja4":"t12d140700_c866b44c5a26_036209cd1ead","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=capi.grammarly.com","fingerprint":"1F:4A:0B:A6:60:01:94:7D:3D:94:03:14:5A:30:AF:64:D5:EC:58:DD","blocks":0}}}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734764418751,"flow_src_last_pkt_time":1655734764418751,"flow_dst_last_pkt_time":1655734764418751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734764418751,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.200.188","src_port":47046,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1655734764418751,"flow_dst_last_pkt_time":1655734764418751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734764418751,"pkt":"ABoRAAACABoRAAABCABFAAA8CMpAAEAGFLAKCAABSn3IvLfGFGxd05k2AAAAAKAC\/\/\/UHwAAAgQFtAQCCAoBZJH8AAAAAAEDAwg="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1655734764418751,"flow_dst_last_pkt_time":1655734764423369,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734764423369,"pkt":"ABoRAAACABoRAAABCABFAAAoAGFAABAGTS1Kfci8CggAARRst8aiLGbJXdOZN1AS\/\/\/GXAAA"}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1655734764423501,"flow_dst_last_pkt_time":1655734764423369,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734764423501,"pkt":"ABoRAAACABoRAAABCABFAAAoCMtAAEAGFMMKCAABSn3IvLfGFGxd05k3oixmylAQ\/\/\/GXQAA"}
01255{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1655734764426265,"flow_dst_last_pkt_time":1655734764423369,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"thread_ts_usec":1655734764426265,"pkt":"ABoRAAACABoRAAABCABFAAI9CMxAAEAGEq0KCAABSn3IvLfGFGxd05k3oixmylAY\/\/8lgwAAFgMBAhABAAIMAwPQqV6\/XDPY9+eFQAl61YOGsyFP552V\/ZndZv0yw7FMrSAiyjluEa\/DifWXNA3j4w+sCUv8aGLluyKFrtavmD6AzAAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAaEAAAAVABMAABBtdGFsay5nb29nbGUuY29tABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAAAAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACCdjpKs00Rk5nhyQVIde4JwTCr+4ZSfRPtkDa\/rTxcFOwAtAAIBAQArAAkIAwQDAwMCAwEAKQEHAOIA3AHhLjkyJagZsK5yJTXQjn67URRVTl1KLG0ljNHj1XTvj3Fat17GOxP1DId7vAc1VojEW9JYszOL9xiI3kYIKi1eNJzKwLsX1klCWaZd3cQK2Gkjumf\/UB49TpeK8TIxcQVeZNaK0EenrON5xm2aYBuhj6IMgY\/X7c2zxo2i+Fs3brGOIhvCSqKCOPlmjeP4t7UNrmPaFQ77WPk7rlZsCFsLgmE7BKwMDer9rzQDynBnD9UMTCVHsEmNq\/thjMQ8ND6FLrOf53qxVXyQvhZN+kcWHqXXRARFbLq0lsfBY3ZnACEghDQOuRIjZnU+F7Mt3evP2P4CuyjN+L77rDjfKobYKbo="}
01473{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734764418751,"flow_src_last_pkt_time":1655734764426265,"flow_dst_last_pkt_time":1655734764423369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734764426265,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.200.188","src_port":47046,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mtalk.google.com","tls": {"version":"TLSv1.2","ja3":"58e34c2965c9f3fa4919d58deef1f49e","ja3s":"","ja4":"t13d171200_5b57614c22b0_352634941f3a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":0}}}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1655734764426265,"flow_dst_last_pkt_time":1655734764426590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734764426590,"pkt":"ABoRAAACABoRAAABCABFAAAoAGJAABAGTSxKfci8CggAARRst8aiLGbKXdObTFAQ\/\/\/ESAAA"}
01022{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":27,"flow_first_seen":1655734524335198,"flow_src_last_pkt_time":1655734525873766,"flow_dst_last_pkt_time":1655734525874298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3657,"flow_src_tot_l4_payload_len":4308,"flow_dst_tot_l4_payload_len":9410,"midstream":0,"thread_ts_usec":1655734764426590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com"}}
00981{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1655734524340111,"flow_src_last_pkt_time":1655734524597364,"flow_dst_last_pkt_time":1655734524593066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3657,"flow_src_tot_l4_payload_len":749,"flow_dst_tot_l4_payload_len":3984,"midstream":0,"thread_ts_usec":1655734764426590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00982{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1655734524343748,"flow_src_last_pkt_time":1655734524541811,"flow_dst_last_pkt_time":1655734524541420,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3655,"flow_src_tot_l4_payload_len":749,"flow_dst_tot_l4_payload_len":3982,"midstream":0,"thread_ts_usec":1655734764426590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45108,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00981{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1655734524346049,"flow_src_last_pkt_time":1655734524597767,"flow_dst_last_pkt_time":1655734524593379,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3658,"flow_src_tot_l4_payload_len":749,"flow_dst_tot_l4_payload_len":3985,"midstream":0,"thread_ts_usec":1655734764426590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
01017{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1655734525210582,"flow_src_last_pkt_time":1655734525633318,"flow_dst_last_pkt_time":1655734525631645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":738,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734764426590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com"}}
01021{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1655734525218267,"flow_src_last_pkt_time":1655734525773780,"flow_dst_last_pkt_time":1655734525773395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":749,"flow_src_tot_l4_payload_len":2295,"flow_dst_tot_l4_payload_len":1194,"midstream":0,"thread_ts_usec":1655734764426590,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.115.40","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com"}}
01516{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734764418751,"flow_src_last_pkt_time":1655734764426265,"flow_dst_last_pkt_time":1655734764619627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":203,"flow_src_tot_l4_payload_len":533,"flow_dst_tot_l4_payload_len":203,"midstream":0,"thread_ts_usec":1655734764619627,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.200.188","src_port":47046,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"mtalk.google.com","tls": {"version":"TLSv1.3","ja3":"58e34c2965c9f3fa4919d58deef1f49e","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","ja4":"t13d171200_5b57614c22b0_352634941f3a","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","blocks":1}}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734776460292,"flow_src_last_pkt_time":1655734776460292,"flow_dst_last_pkt_time":1655734776460292,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776460292,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33830,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1655734776460292,"flow_dst_last_pkt_time":1655734776460292,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734776460292,"pkt":"ABoRAAACABoRAAABCABFAAA8JvtAAEAGL38KCAABaBFyKIQmAbsyg7tFAAAAAKAC\/\/9Q8AAAAgQFtAQCCAoBZJ2+AAAAAAEDAwg="}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1655734776460292,"flow_dst_last_pkt_time":1655734776464346,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776464346,"pkt":"ABoRAAACABoRAAABCABFAAAoAGhAABAGhiZoEXIoCggAAQG7hCbNfES6MoO7RlAS\/\/9FrgAA"}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1655734776465590,"flow_dst_last_pkt_time":1655734776464346,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776465590,"pkt":"ABoRAAACABoRAAABCABFAAAoJvxAAEAGL5IKCAABaBFyKIQmAbsyg7tGzXxEu1AQ\/\/9FrwAA"}
01233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1655734776467599,"flow_dst_last_pkt_time":1655734776464346,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734776467599,"pkt":"ABoRAAACABoRAAABCABFAAItJv1AAEAGLYwKCAABaBFyKIQmAbsyg7tGzXxEu1AY\/\/+IIwAAFgMBAgABAAH8AwNTpunh0LjCGnwVAqLDAciitV0MXZLQ78SEgG6X61y9YyBzS35friOfAWwzRvK4nOaCBJAbSD\/HvnzVJtlqjl91KAAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurXqfhCsyPABZtbMnzb26AxMffuozfeg4IKaCIbNJ3q2zznlQTcn2vtZGw2LgspfFkx\/\/ulZltuMfvovkdu6OxfbcYa5VnIF3xidmaUJ8SUPb79tJJFaBhFXEN61mvGK7zPpvVrV3mTyXEwUGGWTkZAGHvhktDm3FDiaeMeQoyzU\/JxID7YfTFAEkYxMS3+IaSjPuX3oi2kUbrLhwugcx7H6N+6QUOak1x1EA8eU6f8ZVAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01199{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776460292,"flow_src_last_pkt_time":1655734776467599,"flow_dst_last_pkt_time":1655734776464346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776467599,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33830,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1655734776467599,"flow_dst_last_pkt_time":1655734776467730,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776467730,"pkt":"ABoRAAACABoRAAABCABFAAAoAGlAABAGhiVoEXIoCggAAQG7hCbNfES7MoO9S1AQ\/\/9DqgAA"}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734776512617,"flow_src_last_pkt_time":1655734776512617,"flow_dst_last_pkt_time":1655734776512617,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776512617,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50904,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1655734776512617,"flow_dst_last_pkt_time":1655734776512617,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734776512617,"pkt":"ABoRAAACABoRAAABCABFAAA8+whAAEAGMq0KCAABaBGa7MbYAbtnT2bDAAAAAKAC\/\/8FIwAAAgQFtAQCCAoBZJ3LAAAAAAEDAwg="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1655734776512617,"flow_dst_last_pkt_time":1655734776516214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776516214,"pkt":"ABoRAAACABoRAAABCABFAAAoAGpAABAGXWBoEZrsCggAAQG7xtiYsJk8Z09mxFAS\/\/\/aNwAA"}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1655734776516270,"flow_dst_last_pkt_time":1655734776516214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776516270,"pkt":"ABoRAAACABoRAAABCABFAAAo+wlAAEAGMsAKCAABaBGa7MbYAbtnT2bEmLCZPVAQ\/\/\/aOAAA"}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734776516959,"flow_src_last_pkt_time":1655734776516959,"flow_dst_last_pkt_time":1655734776516959,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776516959,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33838,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1655734776516959,"flow_dst_last_pkt_time":1655734776516959,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734776516959,"pkt":"ABoRAAACABoRAAABCABFAAA8p\/tAAEAGrn4KCAABaBFyKIQuAbtZOTo3AAAAAKAC\/\/+rMgAAAgQFtAQCCAoBZJ3MAAAAAAEDAwg="}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1655734776516959,"flow_dst_last_pkt_time":1655734776519307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776519307,"pkt":"ABoRAAACABoRAAABCABFAAAoAGtAABAGhiNoEXIoCggAAQG7hC6mxsXIWTk6OFAS\/\/9FpgAA"}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1655734776519395,"flow_dst_last_pkt_time":1655734776519307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776519395,"pkt":"ABoRAAACABoRAAABCABFAAAop\/xAAEAGrpEKCAABaBFyKIQuAbtZOTo4psbFyVAQ\/\/9FpwAA"}
01235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1655734776520253,"flow_dst_last_pkt_time":1655734776519307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734776520253,"pkt":"ABoRAAACABoRAAABCABFAAItp\/1AAEAGrIsKCAABaBFyKIQuAbtZOTo4psbFyVAY\/\/9MfwAAFgMBAgABAAH8AwOknOCLy71YefiER+zKi8m1CnLACan\/7sQTy2WdZ0CVICBzS35friOfAWwzRvK4nOaCBJAbSD\/HvnzVJtlqjl91KAAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurXqfhCsyPABZtbMnzb26AxMffuozfeg4IKaCIbNJ3q2zznlQTcn2vtZGw2LgspfFkx\/\/ulZltuMfvovkdu6OxfbcYa5VnIF3xidmaUJ8SUPb79tJJFaBhFXEN61mvGK7zPpvVrV3mTyXEwUGGWTkZAGHvhktDm3FDiaeMeQoyzU\/JxID7YfTFAEkYxMS3+IaSjPuX3oi2kUbrLhwugcx7H6N+6QUOak1x1EA8eU6f8ZVAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01199{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776516959,"flow_src_last_pkt_time":1655734776520253,"flow_dst_last_pkt_time":1655734776519307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776520253,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33838,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1655734776520253,"flow_dst_last_pkt_time":1655734776520427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776520427,"pkt":"ABoRAAACABoRAAABCABFAAAoAGxAABAGhiJoEXIoCggAAQG7hC6mxsXJWTk8PVAQ\/\/9DogAA"}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734776520455,"flow_src_last_pkt_time":1655734776520455,"flow_dst_last_pkt_time":1655734776520455,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776520455,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1655734776520455,"flow_dst_last_pkt_time":1655734776520455,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734776520455,"pkt":"ABoRAAACABoRAAABCABFAAA8vpVAAEAGl+QKCAABaBFyKIQyAbvrdiNYAAAAAKAC\/\/8vzwAAAgQFtAQCCAoBZJ3NAAAAAAEDAwg="}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1655734776520455,"flow_dst_last_pkt_time":1655734776527001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776527001,"pkt":"ABoRAAACABoRAAABCABFAAAoAG1AABAGhiFoEXIoCggAAQG7hDIUidyn63YjWVAS\/\/9FogAA"}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734776527103,"flow_src_last_pkt_time":1655734776527103,"flow_dst_last_pkt_time":1655734776527103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776527103,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1655734776527103,"flow_dst_last_pkt_time":1655734776527103,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734776527103,"pkt":"ABoRAAACABoRAAABCABFAAA8wepAAEAGlI8KCAABaBFyKIQ2AbtYcFwkAAAAAKAC\/\/+KBAAAAgQFtAQCCAoBZJ3OAAAAAAEDAwg="}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1655734776527103,"flow_dst_last_pkt_time":1655734776537507,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776537507,"pkt":"ABoRAAACABoRAAABCABFAAAoAG5AABAGhiBoEXIoCggAAQG7hDanj6PbWHBcJVAS\/\/9FngAA"}
01236{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1655734776537556,"flow_dst_last_pkt_time":1655734776516214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734776537556,"pkt":"ABoRAAACABoRAAABCABFAAIt+wpAAEAGMLoKCAABaBGa7MbYAbtnT2bEmLCZPVAY\/\/8\/EgAAFgMBAgABAAH8AwOH80T4CE4khYV1szYAtq+YZDsOD3qGDLe+3r1RXwNbuCA1kJ+Av4IHht19pxpJNBfZnKOurF+9kn4TKSkMzW91IwAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABmwAAABcAFQAAEmFwaS50dW5uZWxiZWFyLmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAMAJ82VJCtYolEtrmEBslUOZSXCRP0vr8LQObgnB\/pfPwTLNKtxWxaf6mW1EJhF4s1ufH5BEWRDYzY9\/h4q420TuILtHy62\/G+yPFzewJleDMF9wJVAx29BuRTffiQKaPG+Ax8uAbLXV4WUYsbo+BvPL6+9IYVJP1djS8vMCe2sn\/PZLn2LYxUzl2amwE\/FBSos8hqn8cx4P+h99GrkrMAVkGWuisHE7OZQbh8s9KizVlJ7sXpH1FCV888le4Rb2\/tAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAFQBqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01198{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776512617,"flow_src_last_pkt_time":1655734776537556,"flow_dst_last_pkt_time":1655734776516214,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776537556,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50904,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.tunnelbear.com","tls": {"version":"TLSv1.2","ja3":"a1c672bda2bda1a05bdca801144b2760","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1655734776537556,"flow_dst_last_pkt_time":1655734776538063,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776538063,"pkt":"ABoRAAACABoRAAABCABFAAAoAG9AABAGXVtoEZrsCggAAQG7xtiYsJk9Z09oyVAQ\/\/\/YMwAA"}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734776538093,"flow_src_last_pkt_time":1655734776538093,"flow_dst_last_pkt_time":1655734776538093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776538093,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33848,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1655734776538093,"flow_dst_last_pkt_time":1655734776538093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734776538093,"pkt":"ABoRAAACABoRAAABCABFAAA8tphAAEAGn+EKCAABaBFyKIQ4AbtFRStWAAAAAKAC\/\/\/N+wAAAgQFtAQCCAoBZJ3OAAAAAAEDAwg="}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1655734776538093,"flow_dst_last_pkt_time":1655734776539151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776539151,"pkt":"ABoRAAACABoRAAABCABFAAAoAHBAABAGhh5oEXIoCggAAQG7hDi6utSpRUUrV1AS\/\/9FnAAA"}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1655734776539181,"flow_dst_last_pkt_time":1655734776527001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776539181,"pkt":"ABoRAAACABoRAAABCABFAAAovpZAAEAGl\/cKCAABaBFyKIQyAbvrdiNZFIncqFAQ\/\/9FowAA"}
01235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1655734776539194,"flow_dst_last_pkt_time":1655734776527001,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734776539194,"pkt":"ABoRAAACABoRAAABCABFAAItvpdAAEAGlfEKCAABaBFyKIQyAbvrdiNZFIncqFAY\/\/8vTAAAFgMBAgABAAH8AwPEsc6CTwivs\/ByMWtjVkVeAiCB0uzU7VDcO3u\/BMNu3yBzS35friOfAWwzRvK4nOaCBJAbSD\/HvnzVJtlqjl91KAAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurXqfhCsyPABZtbMnzb26AxMffuozfeg4IKaCIbNJ3q2zznlQTcn2vtZGw2LgspfFkx\/\/ulZltuMfvovkdu6OxfbcYa5VnIF3xidmaUJ8SUPb79tJJFaBhFXEN61mvGK7zPpvVrV3mTyXEwUGGWTkZAGHvhktDm3FDiaeMeQoyzU\/JxID7YfTFAEkYxMS3+IaSjPuX3oi2kUbrLhwugcx7H6N+6QUOak1x1EA8eU6f8ZVAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01199{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776520455,"flow_src_last_pkt_time":1655734776539194,"flow_dst_last_pkt_time":1655734776527001,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776539194,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1655734776539194,"flow_dst_last_pkt_time":1655734776539255,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776539255,"pkt":"ABoRAAACABoRAAABCABFAAAoAHFAABAGhh1oEXIoCggAAQG7hDIUidyo63YlXlAQ\/\/9DngAA"}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1655734776539267,"flow_dst_last_pkt_time":1655734776537507,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776539267,"pkt":"ABoRAAACABoRAAABCABFAAAowetAAEAGlKIKCAABaBFyKIQ2AbtYcFwlp4+j3FAQ\/\/9FnwAA"}
01235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1655734776539277,"flow_dst_last_pkt_time":1655734776537507,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734776539277,"pkt":"ABoRAAACABoRAAABCABFAAItwexAAEAGkpwKCAABaBFyKIQ2AbtYcFwlp4+j3FAY\/\/+c\/wAAFgMBAgABAAH8AwOqGYCUoX7WlmH6ltWde3RyWqua\/ToNUKpl4ZPw5WPBsyBzS35friOfAWwzRvK4nOaCBJAbSD\/HvnzVJtlqjl91KAAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurXqfhCsyPABZtbMnzb26AxMffuozfeg4IKaCIbNJ3q2zznlQTcn2vtZGw2LgspfFkx\/\/ulZltuMfvovkdu6OxfbcYa5VnIF3xidmaUJ8SUPb79tJJFaBhFXEN61mvGK7zPpvVrV3mTyXEwUGGWTkZAGHvhktDm3FDiaeMeQoyzU\/JxID7YfTFAEkYxMS3+IaSjPuX3oi2kUbrLhwugcx7H6N+6QUOak1x1EA8eU6f8ZVAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01199{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776527103,"flow_src_last_pkt_time":1655734776539277,"flow_dst_last_pkt_time":1655734776537507,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776539277,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1655734776539277,"flow_dst_last_pkt_time":1655734776539342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776539342,"pkt":"ABoRAAACABoRAAABCABFAAAoAHJAABAGhhxoEXIoCggAAQG7hDanj6PcWHBeKlAQ\/\/9DmgAA"}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1655734776541755,"flow_dst_last_pkt_time":1655734776539151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776541755,"pkt":"ABoRAAACABoRAAABCABFAAAotplAAEAGn\/QKCAABaBFyKIQ4AbtFRStXurrUqlAQ\/\/9FnQAA"}
01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1655734776541777,"flow_dst_last_pkt_time":1655734776539151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734776541777,"pkt":"ABoRAAACABoRAAABCABFAAIttppAAEAGne4KCAABaBFyKIQ4AbtFRStXurrUqlAY\/\/+r4gAAFgMBAgABAAH8AwMkKjoMXLKVnO5owWRfL+pfjnEnLKSyDkDVMn\/f2RUJIiBzS35friOfAWwzRvK4nOaCBJAbSD\/HvnzVJtlqjl91KAAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurXqfhCsyPABZtbMnzb26AxMffuozfeg4IKaCIbNJ3q2zznlQTcn2vtZGw2LgspfFkx\/\/ulZltuMfvovkdu6OxfbcYa5VnIF3xidmaUJ8SUPb79tJJFaBhFXEN61mvGK7zPpvVrV3mTyXEwUGGWTkZAGHvhktDm3FDiaeMeQoyzU\/JxID7YfTFAEkYxMS3+IaSjPuX3oi2kUbrLhwugcx7H6N+6QUOak1x1EA8eU6f8ZVAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01199{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776538093,"flow_src_last_pkt_time":1655734776541777,"flow_dst_last_pkt_time":1655734776539151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776541777,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33848,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1655734776541777,"flow_dst_last_pkt_time":1655734776541966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776541966,"pkt":"ABoRAAACABoRAAABCABFAAAoAHNAABAGhhtoEXIoCggAAQG7hDi6utSqRUUtXFAQ\/\/9DmAAA"}
01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776460292,"flow_src_last_pkt_time":1655734776467599,"flow_dst_last_pkt_time":1655734776705460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734776705460,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33830,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734776705767,"flow_src_last_pkt_time":1655734776705767,"flow_dst_last_pkt_time":1655734776705767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776705767,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":48222,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1655734776705767,"flow_dst_last_pkt_time":1655734776705767,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734776705767,"pkt":"ABoRAAACABoRAAABCABFAAA8nhVAAEAG++kKCAABovfzvLxeAbvXLAPvAAAAAKAC\/\/9urgAAAgQFtAQCCAoBZJ36AAAAAAEDAwg="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1655734776705767,"flow_dst_last_pkt_time":1655734776707406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776707406,"pkt":"ABoRAAACABoRAAABCABFAAAoAHVAABAGyZ6i9\/O8CggAAQG7vF4o0\/wQ1ywD8FAS\/\/9Q+wAA"}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1655734776707864,"flow_dst_last_pkt_time":1655734776707406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776707864,"pkt":"ABoRAAACABoRAAABCABFAAAonhZAAEAG+\/wKCAABovfzvLxeAbvXLAPwKNP8EVAQ\/\/9Q\/AAA"}
01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1655734776708195,"flow_dst_last_pkt_time":1655734776707406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734776708195,"pkt":"ABoRAAACABoRAAABCABFAAItnhdAAEAG+fYKCAABovfzvLxeAbvXLAPwKNP8EVAY\/\/\/ZQQAAFgMBAgABAAH8AwP2P\/anEHQDLYJzzNMuo0lVq1yDfOJ4xtlYm9HjmLjKQSAxsWZ00gpVVgL+6\/1OlRNTfpRGs4polAHP2pf73TCHlwAcwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZf\/AQABAAAAACIAIAAAHW1vYmlsZS1jb2xsZWN0b3IubmV3cmVsaWMuY29tABcAAAAjAMAc6HhX9xuZD5Fr70azY+Mz8r8SsauutecKFcXwEw+w0rHkwbgHpv7fMcfvYs7QxtyTKncDznNyuTWRSvLgn1HPsz62a8nTggBprd+EjadxMsiHM\/gbj8Gmf6Exjq5wAZlkY2hVF4C4iZw7QZO7QNvb6Fk0bgTwmvSx15V0Lw\/e6fF4eWMfK5cJ73p0mSb9eEs7WD03tHdnvVMCnkRmj8q749R7b7mXdidYc5RMVyLUdFb0KMV0AYu9iiQCv7UTl3cADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEAALAAkIaHR0cC8xLjEACwACAQAACgAIAAYAHQAXABgAFQBeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734776705767,"flow_src_last_pkt_time":1655734776708195,"flow_dst_last_pkt_time":1655734776707406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734776708195,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":48222,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"mobile-collector.newrelic.com","tls": {"version":"TLSv1.2","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"","ja4":"t12d1410ht_c866b44c5a26_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1","blocks":0}}}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1655734776708195,"flow_dst_last_pkt_time":1655734776708284,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734776708284,"pkt":"ABoRAAACABoRAAABCABFAAAoAHdAABAGyZyi9\/O8CggAAQG7vF4o0\/wR1ywF9VAQ\/\/9O9wAA"}
01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776527103,"flow_src_last_pkt_time":1655734776539277,"flow_dst_last_pkt_time":1655734776870421,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734776870421,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}}
01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776520455,"flow_src_last_pkt_time":1655734776539194,"flow_dst_last_pkt_time":1655734776870956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734776870956,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33842,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}}
01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776516959,"flow_src_last_pkt_time":1655734776520253,"flow_dst_last_pkt_time":1655734776871396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734776871396,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33838,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}}
01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776538093,"flow_src_last_pkt_time":1655734776541777,"flow_dst_last_pkt_time":1655734776872181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734776872181,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33848,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"5badad76fbdd6e8b6296e2e9f4024401","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","blocks":0}}}
01562{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776512617,"flow_src_last_pkt_time":1655734776537556,"flow_dst_last_pkt_time":1655734776874125,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":5473,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5473,"midstream":0,"thread_ts_usec":1655734776874125,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50904,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.tunnelbear.com","tls": {"version":"TLSv1.2","server_names":"*.tunnelbear.com,tunnelbear.com","ja3":"a1c672bda2bda1a05bdca801144b2760","ja3s":"a885fb01204bc11cc58efc02fe640899","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","subjectDN":"CN=*.tunnelbear.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"52:96:E2:83:CC:15:4E:B3:0F:5B:1D:E2:E8:FF:4E:A9:C4:E9:C0:AF","blocks":0}}}
01595{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1655734776705767,"flow_src_last_pkt_time":1655734776708195,"flow_dst_last_pkt_time":1655734776969484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3864,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3864,"midstream":0,"thread_ts_usec":1655734776969484,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":48222,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"mobile-collector.newrelic.com","tls": {"version":"TLSv1.2","server_names":"*.newrelic.com,newrelic.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"a885fb01204bc11cc58efc02fe640899","ja4":"t12d1410ht_c866b44c5a26_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Francisco, O=New Relic, Inc., CN=*.newrelic.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"90:B0:56:FB:4D:88:5C:EB:F9:79:45:35:26:15:0C:00:F4:08:72:77","blocks":0}}}
02212{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1655734776460292,"flow_src_last_pkt_time":1655734776909928,"flow_dst_last_pkt_time":1655734777250607,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":2900,"flow_src_tot_l4_payload_len":3230,"flow_dst_tot_l4_payload_len":3163,"midstream":0,"thread_ts_usec":1655734777250607,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33830,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":25,"avg":39998.4,"max":340372,"stddev":83812.5,"var":7024526848.0,"ent":3.0,"data": [4054,5298,2009,3384,237730,240091,25,2380,9328,9409,226,61,1426,1484,112,59,79,69,100518,152574,52262,7046,20588,16017,10024,8002,820,1293,7036,6175,340372]},"pktlen": {"min":40,"avg":240.4,"max":2940,"stddev":516.4,"var":266681.9,"ent":3.5,"data": [60,40,40,557,40,196,40,91,40,93,40,126,40,576,40,576,40,165,40,109,78,40,78,361,40,576,40,148,40,363,40,2940]},"bins": {"c_to_s": [3,3,1,2,0,0,0,0,0,0,2,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,0,1,0,1,1],"entropies": [4.460013390,4.480641842,4.515312195,6.108502865,4.580641747,6.049703121,4.634183884,5.378616810,4.580641747,5.520286560,4.580641747,5.850438595,4.530641556,7.632115364,4.530641556,7.628461361,4.580641747,6.826807022,4.530641556,5.918608665,5.310303688,4.580641747,5.303310871,7.209881783,4.580641747,7.572566509,4.580641747,6.476149559,4.580641747,7.298981190,4.530641556,7.923994541]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com"}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734777904202,"flow_src_last_pkt_time":1655734777904202,"flow_dst_last_pkt_time":1655734777904202,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734777904202,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33858,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1655734777904202,"flow_dst_last_pkt_time":1655734777904202,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734777904202,"pkt":"ABoRAAACABoRAAABCABFAAA8VQtAAEAGAW8KCAABaBFyKIRCAbtalsosAAAAAKAC\/\/8YcQAAAgQFtAQCCAoBZJ8nAAAAAAEDAwg="}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1655734777904202,"flow_dst_last_pkt_time":1655734777909352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734777909352,"pkt":"ABoRAAACABoRAAABCABFAAAoALVAABAGhdloEXIoCggAAQG7hEKlaTXTWpbKLVAS\/\/9FkgAA"}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1655734777910499,"flow_dst_last_pkt_time":1655734777909352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734777910499,"pkt":"ABoRAAACABoRAAABCABFAAAoVQxAAEAGAYIKCAABaBFyKIRCAbtalsotpWk11FAQ\/\/9FkwAA"}
01234{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1655734777912168,"flow_dst_last_pkt_time":1655734777909352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1655734777912168,"pkt":"ABoRAAACABoRAAABCABFAAItVQ1AAEAG\/3sKCAABaBFyKIRCAbtalsotpWk11FAY\/\/8d9wAAFgMBAgABAAH8AwMmAdKYGKsqqphSvWqupDgnKUFtDbqLJVhyc5O8GAS+ayBzS35friOfAWwzRvK4nOaCBJAbSD\/HvnzVJtlqjl91KAAYwCvALMypwC\/AMMyowBPAFACcAJ0ALwA1AQABm\/8BAAEAAAAAGQAXAAAUYXBpLnBvbGFyZ3JpenpseS5jb20AFwAAACMAwMEVNlaL0tdGnm3V54JqurXqfhCsyPABZtbMnzb26AxMffuozfeg4IKaCIbNJ3q2zznlQTcn2vtZGw2LgspfFkx\/\/ulZltuMfvovkdu6OxfbcYa5VnIF3xidmaUJ8SUPb79tJJFaBhFXEN61mvGK7zPpvVrV3mTyXEwUGGWTkZAGHvhktDm3FDiaeMeQoyzU\/JxID7YfTFAEkYxMS3+IaSjPuX3oi2kUbrLhwugcx7H6N+6QUOak1x1EA8eU6f8ZVAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGAAVAGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01199{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655734777904202,"flow_src_last_pkt_time":1655734777912168,"flow_dst_last_pkt_time":1655734777909352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734777912168,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33858,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com","tls": {"version":"TLSv1.2","ja3":"e9ec38c2b40ff3e300e9975dd7619902","ja3s":"","ja4":"t12d1210h2_d34a8e72043a_f88f2b2eb673","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1655734777912168,"flow_dst_last_pkt_time":1655734777912678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734777912678,"pkt":"ABoRAAACABoRAAABCABFAAAoALZAABAGhdhoEXIoCggAAQG7hEKlaTXUWpbMMlAQ\/\/9DjgAA"}
01236{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655734764418751,"flow_src_last_pkt_time":1655734764869724,"flow_dst_last_pkt_time":1655734764819484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":533,"flow_dst_max_l4_payload_len":529,"flow_src_tot_l4_payload_len":981,"flow_dst_tot_l4_payload_len":850,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.200.188","src_port":47046,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1655734776512617,"flow_src_last_pkt_time":1655734777353819,"flow_dst_last_pkt_time":1655734777302084,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":5473,"flow_src_tot_l4_payload_len":2129,"flow_dst_tot_l4_payload_len":6457,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50904,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1655734524480852,"flow_src_last_pkt_time":1655734524990363,"flow_dst_last_pkt_time":1655734524940004,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3864,"flow_src_tot_l4_payload_len":1386,"flow_dst_tot_l4_payload_len":4498,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":47496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement"}}
01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1655734755247797,"flow_src_last_pkt_time":1655734756001569,"flow_dst_last_pkt_time":1655734755950969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":2760,"flow_src_tot_l4_payload_len":814,"flow_dst_tot_l4_payload_len":3457,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.7.32","src_port":60224,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.FacebookMessenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}}
01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1655734776705767,"flow_src_last_pkt_time":1655734778245353,"flow_dst_last_pkt_time":1655734778245065,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":3864,"flow_src_tot_l4_payload_len":1479,"flow_dst_tot_l4_payload_len":4498,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"162.247.243.188","src_port":48222,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement"}}
01049{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1655734754648445,"flow_src_last_pkt_time":1655734754651380,"flow_dst_last_pkt_time":1655734754651336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"8.8.8.8","src_port":51120,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
00773{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1655734754648445,"flow_src_last_pkt_time":1655734754651380,"flow_dst_last_pkt_time":1655734754651336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"8.8.8.8","src_port":51120,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":13,"flow_first_seen":1655734759670358,"flow_src_last_pkt_time":1655734762085906,"flow_dst_last_pkt_time":1655734762035602,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":4026,"flow_src_tot_l4_payload_len":1421,"flow_dst_tot_l4_payload_len":6373,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"99.83.135.170","src_port":47594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01107{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1655734754614463,"flow_src_last_pkt_time":1655734755078257,"flow_dst_last_pkt_time":1655734754614463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1551,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.158.132.91","dst_ip":"104.17.114.40","src_port":38398,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":12,"flow_first_seen":1655734524312623,"flow_src_last_pkt_time":1655734524991165,"flow_dst_last_pkt_time":1655734524991083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":5473,"flow_src_tot_l4_payload_len":2127,"flow_dst_tot_l4_payload_len":6486,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50178,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.tunnelbear.com"}}
01023{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":30,"flow_first_seen":1655734776460292,"flow_src_last_pkt_time":1655734777910457,"flow_dst_last_pkt_time":1655734777903866,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":2900,"flow_src_tot_l4_payload_len":4802,"flow_dst_tot_l4_payload_len":6169,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33830,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com"}}
01018{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655734776516959,"flow_src_last_pkt_time":1655734776970401,"flow_dst_last_pkt_time":1655734776962883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":738,"flow_dst_tot_l4_payload_len":225,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33838,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com"}}
01018{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655734776520455,"flow_src_last_pkt_time":1655734776969874,"flow_dst_last_pkt_time":1655734776962409,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":738,"flow_dst_tot_l4_payload_len":225,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com"}}
01019{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1655734776527103,"flow_src_last_pkt_time":1655734776901504,"flow_dst_last_pkt_time":1655734776891156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":738,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com"}}
01018{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655734776538093,"flow_src_last_pkt_time":1655734776971287,"flow_dst_last_pkt_time":1655734776963310,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":738,"flow_dst_tot_l4_payload_len":225,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33848,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"api.polargrizzly.com"}}
00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1655734777904202,"flow_src_last_pkt_time":1655734777912168,"flow_dst_last_pkt_time":1655734777912678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33858,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00808{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":433,"packets-processed":433,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":94189,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":21,"total-detection-updates":19,"total-updates":0,"current-active-flows":0,"total-active-flows":22,"total-idle-flows":22,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":201,"global_ts_usec":1655734778245353}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 433/433
~~ skipped flows.............: 0
~~ total layer4 data length..: 94189 bytes
~~ total detected protocols..: 21
~~ total active/idle flows...: 22/22
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6823522 bytes
~~ total memory freed........: 6823522 bytes
~~ total allocations/frees...: 114806/114806
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 535 chars
~~ json message max len.......: 2219 chars
~~ json message avg len.......: 1377 chars
|