test/results/default/yandex.pcapng.out


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

00613{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00834{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1675629757956767}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629757956767,"flow_dst_last_pkt_time":1675629757956767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675629757956767,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675629757956767,"flow_dst_last_pkt_time":1675629757956767,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675629757956767,"pkt":"dNqIE5X\/CI6QkAulCABFAAA87YBAAEAG6CrAqAH51bTMup0aAbsZxJRyAAAAAKAC+vDi+wAAAgQFtAQCCApF2HIeAAAAAAEDAwc="}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1675629757956767,"flow_dst_last_pkt_time":1675629757971675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675629757971675,"pkt":"CI6QkAuldNqIE5X\/CABFAAA8AABAADcG3qvVtMy6wKgB+QG7nRotDdTkGcSUc6ASqUoQtAAAAgQFggQCCApPBdMWRdhyHgEDAwg="}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1675629757971734,"flow_dst_last_pkt_time":1675629757971675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675629757971734,"pkt":"dNqIE5X\/CI6QkAulCABFAAA07YFAAEAG6DHAqAH51bTMup0aAbsZxJRzLQ3U5YAQAfbmlAAAAQEICkXYci1PBdMW"}
01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1675629757972020,"flow_dst_last_pkt_time":1675629757971675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675629757972020,"pkt":"dNqIE5X\/CI6QkAulCABFAAI57YJAAEAG5ivAqAH51bTMup0aAbsZxJRzLQ3U5YAYAfZ\/EwAAAQEICkXYci1PBdMWFgMBAgABAAH8AwP+vI3mLN5Z+wBnku34fYzINGujNs\/+gAsvFuXSOXknZCD6SKp6ZH+Gnp264bYpR97eRIjgLauFRWr5TqKNguHKtAAgiooTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAAABQAEgAAD211c2ljLnlhbmRleC5regAXAAD\/AQABAAAKAAoACDo6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApOjoAAQAAHQAgBddzRfBLAWsja3T4QoBg0WPg0yskDzcG6ZG7KDUVPmQALQACAQEAKwAHBkpKAwQDAwAbAAMCAAJEaQAFAAMCaDLa2gABAAAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629757972020,"flow_dst_last_pkt_time":1675629757971675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675629757972020,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMusic","proto_id":"91.34","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"music.yandex.kz","domainame":"music.yandex.kz","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1675629757972020,"flow_dst_last_pkt_time":1675629757997818,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675629757997818,"pkt":"CI6QkAuldNqIE5X\/CABFAAA03SdAADcGAYzVtMy6wKgB+QG7nRotDdTlGcSWeIAQAKjlzQAAAQEICk8F0yZF2HIt"}
01316{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629757972020,"flow_dst_last_pkt_time":1675629757997818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1398,"midstream":0,"thread_ts_usec":1675629757997818,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMusic","proto_id":"91.34","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"music.yandex.kz","domainame":"music.yandex.kz","tls": {"version":"TLSv1.2","ja3s":"4ef1b297bb817d8212165a86308bac5f","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}}
01706{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629757997886,"flow_dst_last_pkt_time":1675629758006704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1644,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4440,"midstream":0,"thread_ts_usec":1675629758006704,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMusic","proto_id":"91.34","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"music.yandex.kz","domainame":"music.yandex.kz","tls": {"version":"TLSv1.2","server_names":"*.music.yandex.ru,music-partner.yandex.ru,music.yandex,music.yandex.by,music.yandex.uz,music.ya.ru,music.yandex.kz,music.yandex.com,music.yandex.ru","ja3s":"4ef1b297bb817d8212165a86308bac5f","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.music.yandex.ru","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"84:6E:A1:68:E5:3B:10:C1:87:75:43:D8:F2:39:C3:4D:E9:9F:DC:88","blocks":0}}}
00841{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":7039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1675632200347508}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675632200347508,"flow_src_last_pkt_time":1675632200347508,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632200347508,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"178.154.131.216","src_port":57126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1675632200347508,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675632200347508,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8p+RAAEAGmcPAqAH5spqD2N8mAbsQs3pEAAAAAKAC+vC2kwAAAgQFtAQCCAoxyf\/EAAAAAAEDAwc="}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1675632200354042,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632200354042,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0p+VAAEAGmcrAqAH5spqD2N8mAbsQs3pFVOenIIAQAfYqYQAAAQEICjHJ\/8uE0TMJ"}
01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1675632200354473,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675632200354473,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5p+ZAAEAGl8TAqAH5spqD2N8mAbsQs3pFVOenIIAYAfa4rAAAAQEICjHJ\/8uE0TMJFgMBAgABAAH8AwMCeOB+UV1Zl9rAfoMXDlTph\/llJNZPDmuYxOLa\/xVPqSAPpKtXfFpcXtQD9gJxdXfYfia9BR5gQVgTgED8FRJLwQAgOjoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTGhoAAAAAABEADwAADHlhc3RhdGljLm5ldAAXAAD\/AQABAAAKAAoACFpaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApWloAAQAAHQAgBpJMFfO4MRn+lGw5Q9QiDVq4CEy2Rx1IolF7flyHs38ALQACAQEAKwAHBtraAwQDAwAbAAMCAAJEaQAFAAMCaDLKygABAAAVAMsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01339{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675632200347508,"flow_src_last_pkt_time":1675632200354473,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632200354473,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"178.154.131.216","src_port":57126,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Yandex","proto_id":"91.25","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"yastatic.net","domainame":"yastatic.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1675632200360494,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632200360494,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0p+dAAEAGmcjAqAH5spqD2N8mAbsQs3xKVOe1eoAQAdoaEwAAAQEICjHJ\/9GE0TMO"}
00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1675632200360995,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1675632200360995,"pkt":"dNqIE5X\/CI6QkAulCABFAACEp+hAAEAGmXfAqAH5spqD2N8mAbsQs3xKVOe1eoAYAfV\/yAAAAQEICjHJ\/9KE0TMOFAMDAAEBFwMDAEWES\/y0BE+L50ZNcAv1HLApgKrcw1X3eeizDczeW49HnM30ZKZ\/Xv6Np0EU8iQuqAO+wCt5OYJYbXGxQhiooyFlrGchlRE="}
00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675632204761716,"flow_src_last_pkt_time":1675632204761716,"flow_dst_last_pkt_time":1675632204761716,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632204761716,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"178.154.131.216","src_port":42102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1675632204761716,"flow_dst_last_pkt_time":1675632204761716,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675632204761716,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8lc5AAEAGq9nAqAH5spqD2KR2AbtfewqXAAAAAKAC+vAA6gAAAgQFtAQCCAoxyhEDAAAAAAEDAwc="}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1675632204793132,"flow_dst_last_pkt_time":1675632204761716,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632204793132,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0lc9AAEAGq+DAqAH5spqD2KR2AbtfewqYK6FU0oAQAfbe9gAAAQEICjHKESKE0URG"}
01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1675632204793462,"flow_dst_last_pkt_time":1675632204761716,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675632204793462,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5ldBAAEAGqdrAqAH5spqD2KR2AbtfewqYK6FU0oAYAfbgCQAAAQEICjHKESKE0URGFgMBAgABAAH8AwMMhTgCx3sXJJ1s+Gg3dB1Y1YFOA0Qyx6jeNfCNHy8JpyBEH+2sTaBY75L\/Bj6JtOKcZ+SvYj0u3Z\/hJ+uso7EoPQAgKioTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTuroAAAAAABEADwAADHlhc3RhdGljLm5ldAAXAAD\/AQABAAAKAAoACNraAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwAp2toAAQAAHQAghSc9eOL2w0XPC0T6QBKFqvyvrtYVTs7ArgPcjXsVywQALQACAQEAKwAHBsrKAwQDAwAbAAMCAAJEaQAFAAMCaDJqagABAAAVAMsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01339{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675632204761716,"flow_src_last_pkt_time":1675632204793462,"flow_dst_last_pkt_time":1675632204761716,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632204793462,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"178.154.131.216","src_port":42102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Yandex","proto_id":"91.25","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"yastatic.net","domainame":"yastatic.net","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1675632204799736,"flow_dst_last_pkt_time":1675632204761716,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632204799736,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0ldFAAEAGq97AqAH5spqD2KR2AbtfewydK6FfvoAQAeHR9AAAAQEICjHKESmE0URl"}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1675632204799743,"flow_dst_last_pkt_time":1675632204761716,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632204799743,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0ldJAAEAGq93AqAH5spqD2KR2AbtfewydK6FjLYAQAdvOiwAAAQEICjHKESmE0URl"}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675632541901678,"flow_src_last_pkt_time":1675632541901678,"flow_dst_last_pkt_time":1675632541901678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632541901678,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.22","src_port":40870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1675632541901678,"flow_dst_last_pkt_time":1675632541901678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675632541901678,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8S\/JAAEAG2RfAqAH5V\/r7Fp+mAbu5dvRGAAAAAKAC+vDj1gAAAgQFtAQCCAo\/vsSoAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1675632541925599,"flow_dst_last_pkt_time":1675632541901678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632541925599,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0S\/NAAEAG2R7AqAH5V\/r7Fp+mAbu5dvRHDdkSX4AQAfbPgAAAAQEICj++xMDvqiwS"}
01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1675632541925736,"flow_dst_last_pkt_time":1675632541901678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675632541925736,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5S\/RAAEAG1xjAqAH5V\/r7Fp+mAbu5dvRHDdkSX4AYAfb6mQAAAQEICj++xMDvqiwSFgMBAgABAAH8AwPtfMIz6oqBmkptHceMPSbazAEu8ZWM6rOqvlqkat+IUSAka0ycDBu+EbgeRfD6GHwOlyzkKSdus12s2L8YXYqHmwAg+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTuroAAAAAABsAGQAAFmZlbmVrLm1hcmtldC55YW5kZXgucnUAFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKVpaAAEAAB0AIAA+NQoQ84hyf2kgxArk8+vgM6rjv\/t2S60kQ9wDA9xSAC0AAgEBACsABwaKigMEAwMAGwADAgACRGkABQADAmgy2toAAQAAFQDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01369{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675632541901678,"flow_src_last_pkt_time":1675632541925736,"flow_dst_last_pkt_time":1675632541901678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632541925736,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.22","src_port":40870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.YandexMarket","proto_id":"91.56","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":27,"category":"Shopping","hostname":"fenek.market.yandex.ru","domainame":"fenek.market.yandex.ru","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1675632541941369,"flow_dst_last_pkt_time":1675632541901678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632541941369,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0S\/VAAEAG2RzAqAH5V\/r7Fp+mAbu5dvZMDdkX1YAQAe3H6gAAAQEICj++xM\/vqiwn"}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1675632541943460,"flow_dst_last_pkt_time":1675632541901678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632541943460,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0S\/ZAAEAG2RvAqAH5V\/r7Fp+mAbu5dvZMDdkdS4AQAe3CcgAAAQEICj++xNHvqiwn"}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675632771618343,"flow_src_last_pkt_time":1675632771618343,"flow_dst_last_pkt_time":1675632771618343,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632771618343,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.108","src_port":57322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1675632771618343,"flow_dst_last_pkt_time":1675632771618343,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675632771618343,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8M7FAAEAG8gLAqAH5V\/r6bN\/qAbu2FgwOAAAAAKAC+vBvjwAAAgQFtAQCCArJQVtrAAAAAAEDAwc="}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1675632771618343,"flow_dst_last_pkt_time":1675632771649047,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675632771649047,"pkt":"CI6QkAuldNqIE5X\/CABFAAA8AABAADcGLrRX+vpswKgB+QG73+pH994CthYMD6ASqUoBvAAAAgQFggQCCAo5XGBDyUFbawEDAwg="}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1675632771649112,"flow_dst_last_pkt_time":1675632771649047,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632771649112,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0M7JAAEAG8gnAqAH5V\/r6bN\/qAbu2FgwPR\/feA4AQAfbXjAAAAQEICslBW4o5XGBD"}
01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1675632771649412,"flow_dst_last_pkt_time":1675632771649047,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675632771649412,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5M7NAAEAG8APAqAH5V\/r6bN\/qAbu2FgwPR\/feA4AYAfYFMAAAAQEICslBW4o5XGBDFgMBAgABAAH8AwPDl+2JFmjKIL7hDfisu89CzYhXZkk\/vwPriWM+Vkg18yCa6rOPbjh937N+DNbc2nfyeYbs5z5msoTSUhsQcGcNWQAgGhoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTuroAAAAAABQAEgAAD2Nsb3VkLnlhbmRleC5ydQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgkVZtnZwInP6KVt0j5rOweQ5b6EbbUxEB0f8PVn84fF0ALQACAQEAKwAHBioqAwQDAwAbAAMCAAJEaQAFAAMCaDKamgABAAAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675632771618343,"flow_src_last_pkt_time":1675632771649412,"flow_dst_last_pkt_time":1675632771649047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632771649412,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.108","src_port":57322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexCloud","proto_id":"91.62","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"cloud.yandex.ru","domainame":"cloud.yandex.ru","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1675632771649412,"flow_dst_last_pkt_time":1675632771661361,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632771661361,"pkt":"CI6QkAuldNqIE5X\/CABFAAA0o39AADcGizxX+vpswKgB+QG73+pH994DthYOFIAQAKjWtwAAAQEICjlcYGHJQVuK"}
01272{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675632771618343,"flow_src_last_pkt_time":1675632771649412,"flow_dst_last_pkt_time":1675632771666494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2796,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2796,"midstream":0,"thread_ts_usec":1675632771666494,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.108","src_port":57322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexCloud","proto_id":"91.62","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"cloud.yandex.ru","domainame":"cloud.yandex.ru","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}}
00842{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":68,"packets-processed":67,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":42,"global_ts_usec":1675633561788867}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675633561788867,"flow_src_last_pkt_time":1675633561788867,"flow_dst_last_pkt_time":1675633561788867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561788867,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.134","src_port":58832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1675633561788867,"flow_dst_last_pkt_time":1675633561788867,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675633561788867,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8OJ1AAEAG7PzAqAH5V\/r6huXQAbth\/x6mAAAAAKAC+vAp1QAAAgQFtAQCCAqt2\/gKAAAAAAEDAwc="}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1675633561788867,"flow_dst_last_pkt_time":1675633561796212,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675633561796212,"pkt":"CI6QkAuldNqIE5X\/CABFAAA8AABAADcGLppX+vqGwKgB+QG75dDNImeHYf8ep6ASqUqZLQAAAgQFggQCCAroj8Uzrdv4CgEDAwg="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1675633561796246,"flow_dst_last_pkt_time":1675633561796212,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675633561796246,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0OJ5AAEAG7QPAqAH5V\/r6huXQAbth\/x6nzSJniIAQAfZvFgAAAQEICq3b+BHoj8Uz"}
01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1675633561796388,"flow_dst_last_pkt_time":1675633561796212,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675633561796388,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5OJ9AAEAG6v3AqAH5V\/r6huXQAbth\/x6nzSJniIAYAfZUdAAAAQEICq3b+BHoj8UzFgMBAgABAAH8AwPOIUBKVKp8ZIN\/EU9VoiHQ2AlXZ+uEELBPqWzpmhja2SAKtUg2hG8DnSzG1e1bqKHeg+5gxcar1cZ5N1LebgjawAAgqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTiooAAAAAABUAEwAAEGRpcmVjdC55YW5kZXgua3oAFwAA\/wEAAQAACgAKAAgKCgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKQoKAAEAAB0AIIA8oyLKide20cLJ\/ycLxubM9zuROWUepq2\/4LpEMhQeAC0AAgEBACsABwaamgMEAwMAGwADAgACRGkABQADAmgyenoAAQAAFQDHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675633561788867,"flow_src_last_pkt_time":1675633561796388,"flow_dst_last_pkt_time":1675633561796212,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561796388,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.134","src_port":58832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexDirect","proto_id":"91.99","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"direct.yandex.kz","domainame":"direct.yandex.kz","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1675633561796388,"flow_dst_last_pkt_time":1675633561800946,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675633561800946,"pkt":"CI6QkAuldNqIE5X\/CABFAAA07UlAADcGQVhX+vqGwKgB+QG75dDNImeIYf8grIAQAKhuWgAAAQEICuiPxTit2\/gR"}
01292{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675633561788867,"flow_src_last_pkt_time":1675633561796388,"flow_dst_last_pkt_time":1675633561803570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1398,"midstream":0,"thread_ts_usec":1675633561803570,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.134","src_port":58832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexDirect","proto_id":"91.99","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"direct.yandex.kz","domainame":"direct.yandex.kz","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"77.88.21.127","src_port":42954,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8SfhAAEAGy0vAqAH5TVgVf6fKAbs1\/d2ZAAAAAKAC+vBx\/wAAAgQFtAQCCArUsCPKAAAAAAEDAwc="}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675633561819787,"pkt":"CI6QkAuldNqIE5X\/CABFAAA8IgYAADcGPD5NWBV\/wKgB+QG7p8q7yurkNf3dmqASqUrqiAAAAgQFggQCCAoXvxrK1LAjygEDAww="}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0SflAAEAGy1LAqAH5TVgVf6fKAbs1\/d2au8rq5YAQAfbAcgAAAQEICtSwI9QXvxrK"}
01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5SfpAAEAGyUzAqAH5TVgVf6fKAbs1\/d2au8rq5YAYAfa+zQAAAQEICtSwI9UXvxrKFgMBAgABAAH8AwPPjOXZH7bor02bzsColNH1LCr4dbD1DUsA1Xru6JQG\/iCmsiAZnEV2EdUXvMGlNOj\/Yg\/rBaYWHu+JG0FfmKdBVQAgCgoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTOjoAAAAAACAAHgAAGzEuZG93bmxvYWRlci5kaXNrLnlhbmRleC5regAXAAD\/AQABAAAKAAoACNraAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwAp2toAAQAAHQAglM7QJHbac9VGEYIQIOVtNhWVrjyyN0uhmbCBF21+ICEALQACAQEAKwAHBurqAwQDAwAbAAMCAAJEaQAFAAMCaDL6+gABAAAVALwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"77.88.21.127","src_port":42954,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexDisk","proto_id":"91.57","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"1.downloader.disk.yandex.kz","domainame":"1.downloader.disk.yandex.kz","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675633561819787,"pkt":"CI6QkAuldNqIE5X\/CABFAAA0IgcAADcGPEVNWBV\/wKgB+QG7p8q7yurlNf3fn4AQAAvAVAAAAQEIChe\/Gs3UsCPV"}
01331{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"77.88.21.127","src_port":42954,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexDisk","proto_id":"91.57","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"1.downloader.disk.yandex.kz","domainame":"1.downloader.disk.yandex.kz","tls": {"version":"TLSv1.2","ja3s":"00447ab319e9d94ba2b4c1248e155917","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}}
02660{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5411,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"77.88.21.127","src_port":42954,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexDisk","proto_id":"91.57","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"1.downloader.disk.yandex.kz","domainame":"1.downloader.disk.yandex.kz","tls": {"version":"TLSv1.2","server_names":"*.downloader.disk.yandex.uz,downloader.disk.yandex.ru,*.disk.yandex.net,*.downloader.disk.yandex.az,*.downloader.disk.yandex.by,*.downloader.disk.yandex.co.il,*.downloader.disk.yandex.com,*.downloader.disk.yandex.com.am,*.downloader.disk.yandex.com.ge,*.downloader.disk.yandex.com.tr,*.downloader.disk.yandex.ee,*.downloader.disk.yandex.fr,*.downloader.disk.yandex.kg,*.downloader.disk.yandex.kz,*.downloader.disk.yandex.lt,*.downloader.disk.yandex.lv,*.downloader.disk.yandex.md,*.downloader.disk.yandex.net,*.downloader.disk.yandex.ru,*.downloader.disk.yandex.tj,*.downloader.disk.yandex.tm,downloader.disk.yandex.az,downloader.disk.yandex.by,downloader.disk.yandex.co.il,downloader.disk.yandex.com,downloader.disk.yandex.com.am,downloader.disk.yandex.com.ge,downloader.disk.yandex.com.tr,downloader.disk.yandex.ee,downloader.disk.yandex.fr,downloader.disk.yandex.kg,downloader.disk.yandex.kz,downloader.disk.yandex.lt,downloader.disk.yandex.lv,downloader.disk.yandex.md,downloader.disk.yandex.net,downloader.disk.yandex.tj,downloader.disk.yandex.tm,downloader.disk.yandex.uz","ja3s":"00447ab319e9d94ba2b4c1248e155917","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.downloader.disk.yandex.uz","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"5F:90:0E:31:DE:D3:1E:B0:D7:D0:03:03:C0:2E:6B:5D:53:A4:D3:77","blocks":0}}}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"77.88.21.37","src_port":45224,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8IrdAAEAG8ubAqAH5TVgVJbCoAbtwbSvyAAAAAKAC+vD7iQAAAgQFtAQCCAq55SO+AAAAAAEDAwc="}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0IrhAAEAG8u3AqAH5TVgVJbCoAbtwbSvzIzNXzIAQAfYuGAAAAQEICrnlI8tBETkL"}
01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5IrlAAEAG8OfAqAH5TVgVJbCoAbtwbSvzIzNXzIAYAfZ2jQAAAQEICrnlI8xBETkLFgMBAgABAAH8AwONGvS9MmqqZL9T3ClOAGVvpPjxzHWlIP4olaHhgQsb\/CDthZgapOHsJ2O5NTn7e\/gZksqqfVl\/\/JkZ1WaML2X2GQAgCgoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTqqoAAAAAABMAEQAADm1haWwueWFuZGV4Lmt6ABcAAP8BAAEAAAoACgAIGhoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkaGgABAAAdACAkr3PGdPqnDY8uLrmpb2FtlwoAx0C4wNo3IAgESOcdKQAtAAIBAQArAAcGOjoDBAMDABsAAwIAAkRpAAUAAwJoMioqAAEAABUAyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01346{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"77.88.21.37","src_port":45224,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.YandexMail","proto_id":"91.33","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email","hostname":"mail.yandex.kz","domainame":"mail.yandex.kz","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0IrpAAEAG8uvAqAH5TVgVJbCoAbtwbS34IzNiuIAQAeEg2gAAAQEICrnlI\/9BETk5"}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0IrtAAEAG8urAqAH5TVgVJbCoAbtwbS34IzNnzIAQAe0buAAAAQEICrnlJAFBETk5"}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.77","src_port":51462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8PaBAAEAG5zLAqAH5V\/r7TckGAbvtS1zkAAAAAKAC+vDgxQAAAgQFtAQCCArcNGU5AAAAAAEDAwc="}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675633561819787,"pkt":"CI6QkAuldNqIE5X\/CABFAAA8AABAADcGLdNX+vtNwKgB+QG7yQbFPwqb7Utc5aASqUpyugAAAgQFggQCCAq16DoO3DRlOQEDAwg="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0PaFAAEAG5znAqAH5V\/r7TckGAbvtS1zlxT8KnIAQAfZInQAAAQEICtw0ZUa16DoO"}
01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1675633561819787,"pkt":"dNqIE5X\/CI6QkAulCABFAAI5PaJAAEAG5TPAqAH5V\/r7TckGAbvtS1zlxT8KnIAYAfailwAAAQEICtw0ZUa16DoOFgMBAgABAAH8AwOm7RyGDwkffhrTHSV0k8xrfr3RiLQxlf4UrOrBvfJJ7CCd0X8JXbKNT15HH9DNBfZs0Z+8YAO5K\/hl6Cw3a\/IdyQAg+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTOjoAAAAAABYAFAAAEW1ldHJpa2EueWFuZGV4Lmt6ABcAAP8BAAEAAAoACgAIKioAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkqKgABAAAdACBEUCGuLpWvG++4yM5Km9c0yR6odx0OblwH2t31KC0rDAAtAAIBAQArAAcGGhoDBAMDABsAAwIAAkRpAAUAAwJoMmpqAAEAABUAxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.77","src_port":51462,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMetrika","proto_id":"91.98","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"metrika.yandex.kz","domainame":"metrika.yandex.kz","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675633561819787,"pkt":"CI6QkAuldNqIE5X\/CABFAAA0DE5AADcGIY1X+vtNwKgB+QG7yQbFPwqc7Ute6oAQAKhH3AAAAQEICrXoOhjcNGVG"}
01275{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2796,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2796,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.77","src_port":51462,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMetrika","proto_id":"91.98","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"metrika.yandex.kz","domainame":"metrika.yandex.kz","tls": {"version":"TLSv1.3","ja3s":"15af977ce25de452b96affa2addb1036","ja4":"t13d1516h2_8daaf6152771_e5627efa2ab1","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","blocks":0}}}
00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1675632771618343,"flow_src_last_pkt_time":1675632771825396,"flow_dst_last_pkt_time":1675632771825396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1072,"flow_dst_max_l4_payload_len":2796,"flow_src_tot_l4_payload_len":1669,"flow_dst_tot_l4_payload_len":8437,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.108","src_port":57322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexCloud","proto_id":"91.62","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1675633561788867,"flow_src_last_pkt_time":1675633561812922,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":2796,"flow_src_tot_l4_payload_len":2077,"flow_dst_tot_l4_payload_len":5437,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.134","src_port":58832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexDirect","proto_id":"91.99","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement"}}
01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1675632200347508,"flow_src_last_pkt_time":1675632203871485,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":528,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"178.154.131.216","src_port":57126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Yandex","proto_id":"91.25","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":7,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":2354,"flow_dst_tot_l4_payload_len":5779,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"77.88.21.127","src_port":42954,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexDisk","proto_id":"91.57","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud"}}
01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2403,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"77.88.21.37","src_port":45224,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.YandexMail","proto_id":"91.33","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}}
01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1675632541901678,"flow_src_last_pkt_time":1675632541955636,"flow_dst_last_pkt_time":1675632541901678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3154,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.22","src_port":40870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.YandexMarket","proto_id":"91.56","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":27,"category":"Shopping"}}
01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1675632204761716,"flow_src_last_pkt_time":1675632204850774,"flow_dst_last_pkt_time":1675632204761716,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"178.154.131.216","src_port":42102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Yandex","proto_id":"91.25","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":2796,"flow_src_tot_l4_payload_len":2703,"flow_dst_tot_l4_payload_len":5466,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.77","src_port":51462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMetrika","proto_id":"91.98","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629758531921,"flow_dst_last_pkt_time":1675629758544983,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":1644,"flow_src_tot_l4_payload_len":2357,"flow_dst_tot_l4_payload_len":4682,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMusic","proto_id":"91.34","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}}
00847{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":130,"packets-processed":130,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":48891,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":84,"global_ts_usec":1675633561819787}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 130/130
~~ skipped flows.............: 0
~~ total layer4 data length..: 48891 bytes
~~ total detected protocols..: 9
~~ total active/idle flows...: 9/9
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 8581217 bytes
~~ total memory freed........: 8581217 bytes
~~ total allocations/frees...: 145062/145062
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 547 chars
~~ json message max len.......: 2665 chars
~~ json message avg len.......: 1605 chars