aboutsummaryrefslogtreecommitdiff
path: root/test/results/dns_doh.pcap.out
blob: 40ef356d11a7fce366e722ef83194102767abb95 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1571089200789,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":789290,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"WkBO7NFkeDHBvV4kCABFAABAAABAAEAGI5asFAoEaBD4+cLVAbuk7FgiAAAAALAC\/\/+OlwAAAgQFtAEDAwYBAQgKHZWyDQAAAAAEAgAA"}
00422{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":876406,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eDHBvV4kWkBO7NFkCABFAAA0AAAAADAGc6JoEPj5rBQKBAG7wtXKYdwupOxYI4ASchB+OgAAAgQFFAEBBAIBAwMK"}
00406{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":876498,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"WkBO7NFkeDHBvV4kCABFAAAoAABAAEAGI66sFAoEaBD4+cLVAbuk7FgjymHcL1AQEAAggAAA"}
01104{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":878306,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"pkt":"WkBO7NFkeDHBvV4kCABFAAItAABAAEAGIamsFAoEaBD4+cLVAbuk7FgjymHcL1AYEADUpQAAFgMBAgABAAH8AwMqXU892mwEgrbPk2vmEoCiukOQrlB4\/N6a6iNUaK2vhCCE4TBtR7O3Oe++UbyitDTWkNNjEWHZ1bNNN1quFsNy9gAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQABjwAAAB8AHQAAGm1vemlsbGEuY2xvdWRmbGFyZS1kbnMuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAzAGsAaQAdACD0aVsNTtl9Lx5GVsNGBkDynRSOBTbpOHtuKkwLAFQkYQAXAEEE\/AmIeggJ9IHU1kIvKs+Cnhzk3A1QGe6QCQ18\/XG1ZOdvRPgliMZgJr06algkRN3zqCIAxCiyg6awi6QlLrsiLQArAAkIAwQDAwMCAwEADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1571089200789,"flow_last_seen":1571089200878,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00406{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":968624,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eDHBvV4kWkBO7NFkCABFAAAoZNYAADAGDthoEPj5rBQKBAG7wtXKYdwvpOxaKFAQAB4uXQAA"}
02184{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":968629,"pkt_caplen":1354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1354,"pkt_l4_len":1320,"pkt":"eDHBvV4kWkBO7NFkCABFAAU8ZNcAADAGCcNoEPj5rBQKBAG7wtXKYdwvpOxaKFAQAB4szwAAFgMDAHoCAAB2AwPwfVV8aOGgOqslnV\/1t67BvhE\/CUUPutQ7u\/ptPTMsHiCE4TBtR7O3Oe++UbyitDTWkNNjEWHZ1bNNN1quFsNy9hMBAAAuADMAJAAdACCW52eP3c9sJ7BucVzz5YXXrL\/9fKgMov2fd47YrNSOEgArAAIDBBQDAwABARcDAwtfl8dSqVJlFhhTrB6kCzdrJxMUxk\/\/NKmGFjSBcjqQg\/Oh4ocDInoxcfj8KqE4iPkrtYlIcWuIVzQZ5IEBgfzN9WiWEcp1vI7mZRdFuFbDM\/fMO9IRIgd0li2Z0iJ6prtW54qu0svWjPTN6C50IHOaMtYoo4mZOzFHXFH+nqxe93yeb2DM4Lg87Qop7FoA0G5kZFBdSEoo1Ic5XXGp1uoIupJ6iThilwtRyOcRxHPSEjmICdrH\/QMovglbqjFWQoKA9+NiXFNCSpAfGFIGZE74hWzG5lTHaFCCp2MkXYja46xT2NGan01mhUmWb3PW9ykuOi2GEY5B33r35wgRivDbvWKKi5FF5gkybxgDwYeFGANoPOjkbTywLR8CS5auIQkzBVa7Y3TKvUsJ8TfsUO4lZU6Niw\/8bkjXCOUdu6hSvFq4AdO\/aAt8cWCKfNw+b1D\/fcmQ7C4nb4Ou6+eBeJoqpIFH+rWEvp7l+9xwRMUWhj2zaRNUtBlSFwOQa6nUuTvNdMkUkoUxTkah\/7SyIp8ZXcq69DTBCkZI30bNtsgV+MEDREJL3xDosALMkMo8K1pkW3SnfmHDYv+eBqs1iTksxIycfW1s\/Q97V\/1iheoXh\/KQxscnA\/qDBhOTXMBrOk5zzuscmr1Rm9FDiytNTY\/DTw6lWopw2CwIICs2qaOrOJdoAQaVb7BeQjqUHYaKsKli65Ftdd69eRgAZ9BKrlqd1DLDYPF+gToz3nwYDP56BJFkW9gjUaW64fUtolc3E64AUh5PFDMkw2xOqI4yPmCKqZJiT+qGVWXkzZSeLGcoggFlVYMBXfCAIoD1ql6ZrIVW5l0nlh0XnLsSKwdoE6AZlw0YEiGoKXrrUaD7LWhe3k1EySK7ELeaW7y\/TBwEiRNhHJqVKIq8OEVK6XfuS5XTZsE8SxvkbETrEmaOCQ4J2EqO16p0yTLZU3d0quY0DDulv7\/IT+u6nblUy85dyHiH41bpJ1Kplgs1CEyjsiE93uGom4jeN5oxLFF\/J7gFeR5sCCkV\/h4OgUS7Bt\/R72XV4q\/W5XrY5nzIU8WDRQITC07tdcqoYtuyeGb+uE5hmONbXwKG8Ctuj4HLRVnT5ju0MPOev2GYMiQR5yTgQGNnCfU\/1Tk7bfp\/S6UvEFtP5wA8PFiHH5PFxbokSUKyRpUcr891X88DPczspXFX5YHF\/JqtGTO4ZxgjbBacpW6sXNzSQlW+7odW1heUGO+ytF5gLBX6HKdc8K\/dwg7CD2R0e2+iAS0XjVuXqX4GXc24B2gZ\/f\/5w0SvWR9+n1Wd7TgB0wQyGNs9a0U9nx8UcXk+ZUTqnDHJoqGuC4NWSQ5I7EF7AGsofYRU+7yIUfao8K5zn\/RX1pnZXFvbg2nvwMXtNrhP9+qo\/B2ROPofj8fuqjqUf6CmxPuxoDX8uD15RtA+Twb6CTkgVGZ5aoVX6PVYhU1ohghbb035VSYAsRNNd91H0CI5FHKCB2SZKu2I7B27i9Y\/ClP8JPpdDuN\/gQXoSnOda6CcVE+qD8kyh\/79T4hL30ZJDId88m0\/+w=="}
00843{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1571089200789,"flow_last_seen":1571089200968,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1817,"flow_avg_l4_payload_len":302,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02172{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":968631,"pkt_caplen":1354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1354,"pkt_l4_len":1320,"pkt":"eDHBvV4kWkBO7NFkCABFAAU8ZNgAADAGCcJoEPj5rBQKBAG7wtXKYeFDpOxaKFAQAB7HaAAA8nvqig4\/mGd5hDrPzdsd3zWxrDG3ItVS2\/yx5vVtYxtIfA48NHveoVgHuoT0s91lX4UKZ448iKsrI6EBVUsNDAQrxtQ6pbM+nYO7zyLXksZC1MOImY4Rx+CtBFP6LEWz2I321KxNHT2PAppv4VdZEih7Z140XcLD3J4lTzuyWyxjXKtlEO7D5qrj8FM92DH4nX+G3uH4z6AcZfwFo41rGPcmLRP0ECZ1Z4kDzjfd9UbmqVmDohZNVYHwfjKOfp3LpmITpCYllmotBQXyfFJvAfYUU94fEmOcMJz7rwLfuJRmTZ5G3i+9DoNfPvaO0zAAgUfVX9fth1HoptxHwY3mllh+NBGQOkwGnmVzxjTHqT79nidxKs165NF97ghXpYRlInd177kCXia7oseAoDjRabU9xpyHfacc+aeEM7AcSUal5or2aMPi6j+hqexvnNlIOTX9085k8\/XTyj9lXJzd3ldKqyCsgD8pSX20a8q8MrW1vdhOPVbgV+M3UZXbvi0EsfruxKbiGbCvdAKUo+WsND2xsF9hghtBuO3CBi73D1EIb4lWWjrTib\/HX+lluNoBaQRj8g2jWXkD35o3aNXuO9Yze12C2bW7MAOgS50jOQcXHksXqhqDHjLTNhsfBxMt8u3FmF8PpiVpilW30OrZ5yw\/1XZ63oa+eHBIoByqm5kyAT+iLMcFfM9O3+CpLJLEyr6eyr5\/C2ISizRKsq3+\/+5HDWzb6YCkgbNovJSskHZ4et0X94IcSaEbCATVSt1dbYFhzsT0TdB\/muRpX2ZAX286vHchMG5IBXUivdQHy1ec8wvQTufW3zzc0Hr7KFWfHm2Jh2DiKDT8sd\/KMQwjD\/MtV1ipI9y8UmRMm6aHMd95A2WA4I8xyk4ifdnGZcVOxz1myl\/QxxSORURppT\/bv+6McPdK07PaPsGtHMAuLKzms3JmvykSegQcs7jnhxQDe8bhCTB\/ynIM0xnG9hp3AxN+LK5diR1Ggxwoa16plvF3cVq9JXEVV4rkC9DauZDJKEt0WkLBmvdAkOU9edOrC\/ngauFFHwffGNylgxRWxX9HXZir4jNPoD4Z5\/3AA5UDnfUuwByTERhmAT2MwA+m1wmQ06\/y6GEOOttUsDi0Em7Y4HHhBCTXLBo88oIQ8uJtblqhiOj2mlU1yFhkuxHEntt31Zj59COHTDEDWoSFdqSRkYZEEZSkZcsW6LEMfgitVHhoRZCWct6bgP5RFABnXKtqllD7pCsjr\/S8bYPrDsz97\/Hsb9zkpK5sFdUwdpPxRnQbgCQUUv86qZ4Iv2JX1xGuH88eLPgJvPsyLmL61n2ifuweKT0sTNENN46hR+G4In3Y2ORCo13GEeE\/1wtMinv84rNxCDKFqY1epgUYs23C1232tLcXqjuYQYjdcLS4zPGFQMbsR741LBOD06fC\/8RD1gxjLsHrsnCCrSMCL+K8C+WOFh9tqtRO4ZjpIwCaj6unlavg4hR\/sAqW+red6Midy2ySfE8RV7Ujss7CqWHZqem+jeuo0p59rFs50Q93KacTG3UQIlhC4fB9o9zfI+l2jE+ltpyQU+BT2vDg1MBFvlDWHnEdaQ5KelW3iVsevF\/GNv2F4+q3fK\/peVzd5jI1TbqVtEvuQGJttO9v8C6CTQRHkjn7U6MsO6FYaWV0JxWd1E2vTYXo6MhfcCMlhYP5QiU0Fl2\/Futai78DKbFID0B7IFybOYxhwKL8nZTzfEDlCA=="}
00406{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":968732,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"WkBO7NFkeDHBvV4kCABFAAAoAABAAEAGI66sFAoEaBD4+cLVAbuk7FooymHmV1AQD9cUfAAA"}
00406{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":969243,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"WkBO7NFkeDHBvV4kCABFAAAoAABAAEAGI66sFAoEaBD4+cLVAbuk7FooymHmV1AQEAAUUwAA"}
01023{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":970116,"pkt_caplen":503,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":503,"pkt_l4_len":469,"pkt":"eDHBvV4kWkBO7NFkCABFAAHpZNkAADAGDRRoEPj5rBQKBAG7wtXKYeZXpOxaKFAYAB6tJAAAjMPjGfV1XYlg0RH7gIn1o67K3gX5X7KrHNJzBqc+Y11pyWk6fjn+Vpd2lS0sHSgLrlfU4U8iwGJfgvxEn7DDEB\/TfSCaS+Ya42fPWsQ9P4TwY9WR5n1cvFwoCg+SRipP4O0A8wrh4oekzgrx5Oc3v\/hZZsY6osGYyUMHo5jUztdP7reJFxDgigoEX4KFwq3p3wWSiL4f45YdPFuZzNYfOH8uHwxX19LY5Wn\/QqlgDCBZaslCRRZLmu2lIFWthbgVlACvevw4cp7dpLnKYQ+B\/iB1+oCUV6BVujA5z36MFjAIcyLXJ748rKGkdXoURC0i7eRTT1gUvtJnf1SZ\/cOJR85Jj7Bz9zvJDl9k7bxOMT4SzjxeFgb\/n6C8jYyiUdh1QlML49NiqBX0UQXVfhajwSm09x6s\/rLiIOjXhnZClrzZB66Qxs\/4tPk2SuS\/6FFqSmFSj74W\/4fRiTmtX+f3+1oRefChI9DloHux9VundbqW+B0LUdZSjwvD1c99nUtoO4L9Db0K9WFcjyiAd5QUyNDbGBy8URnkFUdPKjiFFXDpQWCq1yij4D1qLA0uMnFD\/8CdBXQX\/otzoIBMAMoseGI="}
00409{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":970173,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"WkBO7NFkeDHBvV4kCABFAAAoAABAAEAGI66sFAoEaBD4+cLVAbuk7FooymHoGFAQD\/gSmgAA"}
00500{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":996247,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"WkBO7NFkeDHBvV4kCABFAABoAABAAEAGI26sFAoEaBD4+cLVAbuk7FooymHoGFAYEACn1QAAFAMDAAEBFwMDADW8J+MNaAb\/wrltAAv4HDSCQz8Bzyn512OJeqBzVj9glvtCmUJWsHGBAefv3ABeaMgYnCN\/ZQ=="}
00644{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":997105,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"WkBO7NFkeDHBvV4kCABFAADSAABAAEAGIwSsFAoEaBD4+cLVAbuk7FpoymHoGFAYEAAeoAAAFwMDAKVH6TqazYA7ng6LT4l7ICcI+zDrPqkD74EaZ6KlHesT55LnIvUipV2qXZpL8fzDqyEQhFLmXlLAQ93tMr6RsRmWGutBjX2OhZG68kQ4zzqatM7jcG4Y2nVphp4aNS7ac9Qo2\/v7IVdjtQB1CkeQwcFBtxuU+JEsGcEl4y5hc2GPOmwe\/WlOtwx06\/p3NlOkXM54GAVosDROpyIcNMw\/TJ\/7wU2Gazw="}
00738{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":997215,"pkt_caplen":297,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":297,"pkt_l4_len":263,"pkt":"WkBO7NFkeDHBvV4kCABFAAEbAABAAEAGIrusFAoEaBD4+cLVAbuk7FsSymHoGFAYEADbRgAAFwMDAO5\/vj0XEVnApHWZyVont16WzoBfdkAUmUbtIto2rVqakjpRrb9v2jurJwqyY\/z6UQZ3HmonNk14uRAJ2lvf9WUw3Lxqp7XnO9mc2Y0eGDeOQ78Bx7eTPAZJQY8jyiAoQ0jXnRqdThIktvVorw4e0Wm1AXUizW5CUhMfL\/E8EAZDMdczfxELdU1ZS42ZaZ+Phxpxn5fNufCX++USMGjMdp0Yzm2pqkSCVTURNOtV4CfYYOT0WamTvw9J8T9gizqAu6EOuMORP1Jd2wYehzjyC0fMtnDXpkcDrt5TeWwCR9SAmt3pp7M0dWeWWko8+S69"}
00518{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":997306,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"WkBO7NFkeDHBvV4kCABFAAB3AABAAEAGI1+sFAoEaBD4+cLVAbuk7FwFymHoGFAYEACdtAAAFwMDAEqnnHxUsCqmPBkBxfdKmS1LGWAClj9T3prwE3TeVTsVPs4vesfDED+gBYka+2qIBZHm9ndhgvy1QPO4+xzZ0FzqwIc8Gf+UTIjqXQ=="}
00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":142,"flow_first_seen":1571089200789,"flow_last_seen":1571089204031,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":12658,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 142/142
~~ skipped flows.............: 0
~~ total layer4 data length..: 15534 bytes
~~ total detected protocols..: 1
~~ total active/idle flows...: 1/1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 4831676 bytes
~~ total memory freed........: 4831676 bytes
~~ total allocations/frees...: 58505/58505
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Powered by cgit, Themed by Ted Yin.