aboutsummaryrefslogtreecommitdiff
path: root/test/results/dns_dot.pcap.out
blob: c968c5f48e86d057659fdd01d5930cdb5c31ab8f (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_dot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1572783663234,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":234722,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"uCfrK5DxCAAnjau+CABFAAA8w6dAAEAGpKPAqAG5CAgICOOyA1VVRPv3AAAAAKAC+vDSnwAAAgQFtAQCCAoqL5UTAAAAAAEDAwc="}
00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":269648,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"CAAnjau+uCfrK5DxCABFAAA8cqUAAHcG\/qUICAgIwKgBuQNV47LuO0vYVUT7+KAS6yDKxQAAAgQFZAQCCAqOOwAQKi+VEwEDAwg="}
00422{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":269693,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"uCfrK5DxCAAnjau+CABFAAA0w6hAAEAGpKrAqAG5CAgICOOyA1VVRPv47jtL2YAQAfbSlwAAAQEICiovlTaOOwAQ"}
00692{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":269902,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"uCfrK5DxCAAnjau+CABFAAD6w6lAAEAGo+PAqAG5CAgICOOyA1VVRPv47jtL2YAYAfbTXQAAAQEICiovlTaOOwAQFgMDAMEBAAC9AwOCK\/MuQQ5sSYHkQFarOZKq84a6P\/ILns+YkoRGDIAgSQAAMsAszKnArcAKwCvArMAJwDDMqMAUwC\/AEwCdwJ0ANQCcwJwALwCfzKrAnwA5AJ7AngAzAQAAYgAFAAUBAAAAAAAKABQAEgAXABgAGQAdAQABAQECAQMBBAALAAIBAAANACAAHgQBCAkIBAQDCAcFAQgKCAUFAwYBCAsIBgYDAgECAwAWAAAAFwAAACMAAP8BAAEAABwAAkAA"}
00830{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1572783663234,"flow_last_seen":1572783663269,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"4fe4099926d0acdc9b2fe4b02013659f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00423{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":302644,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CAAnjau+uCfrK5DxCABFAAA0cqYAAHcG\/qwICAgIwKgBuQNV47LuO0vZVUT8voAQAPDiaAAAAQEICo47ADIqL5U2"}
04560{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":319899,"pkt_caplen":3135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3135,"pkt_l4_len":3101,"pkt":"CAAnjau+uCfrK5DxCABFAAwxcqsAAHcG8qoICAgIwKgBuQNV47LuO0vZVUT8voAYAPDelAAAAQEICo47AEIqL5U2FgMDAD8CAAA7AwNdvsYvAkHw9e7UIX3PyBcPhbDwczOdLTRET1dOR1JEAQDMqAAAEwAXAAD\/AQABAAALAAIBAAAjAAAWAwMKegsACnYACnMABh8wggYbMIIFA6ADAgECAhEAm93VOAzvaEYCAAAAAEfYsDANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMwEQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTE5MTAxMDIwNTg0MloXDTIwMDEwMjIwNTg0MlowZDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxEzARBgNVBAMTCmRucy5nb29nbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDabVL3kPdFkZMO4tZFZTS3pJCwgDAv0Vaooht8m3xHNG+02FQTpPXnHzVnED+66l8hLi\/lnzRXG3UO6kuSQ4n4aWPEu9y2EfYMSeRt0uZ0Oyx\/Nx0pLeJwf6Q+MeFJ8ViEiMtGPi6uWxbiLjtXxqXEEiYRBaFtX5jMDwm6wV40e+vEiP\/kQOf7WOTGimZzcxCCcJn8hFiAlLXC4ByzIwFE7xcVdP+ydRE9Zy9T\/Y0rFUDDjCcYJFpw5Py9J+9HYCFAcloNZg8S1ortTsRH90h3RwM7Tn\/bVSEzsWHebAF6mMcoc0B8uk3A0szJiY3cqwMwi0ESAYx1nRkHC3pbrq5\/AgMBAAGjggLoMIIC5DAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUeGOKNB8SqBHv7OJWGnOorUt7eUgwHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J\/SswZAYIKwYBBQUHAQEEWDBWMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMxbzEwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dUUzFPMS5jcnQwgawGA1UdEQSBpDCBoYIKZG5zLmdvb2dsZYIQKi5kbnMuZ29vZ2xlLmNvbYILODg4OC5nb29nbGWCDmRucy5nb29nbGUuY29tghBkbnM2NC5kbnMuZ29vZ2xlhxAgAUhgSGAAAAAAAAAAAABkhxAgAUhgSGAAAAAAAAAAAGRkhxAgAUhgSGAAAAAAAAAAAIhEhxAgAUhgSGAAAAAAAAAAAIiIhwQICAQEhwQICAgIMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwGCisGAQQB1nkCBQMwLwYDVR0fBCgwJjAkoCKgIIYeaHR0cDovL2NybC5wa2kuZ29vZy9HVFMxTzEuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFtt65opAAABAMARzBFAiA2zaOLybV\/po66kZBkyy8WcFZVe8T\/uksXcjWZlDY2pgIhAPeTjLqwHjLhH2wgJ9gFinuuR7lLCOmx+MCyMKiIOxiBAHYAXqdz+d9WwOe1Nkh90EngMnqRmgyEoRIShBh1loFxRVgAAAFtt65owgAABAMARzBFAiEA1B5xDge6E+cVFJVON0YMFY48b6xoUFxQUvzMkiMWUYYCIGScEKTeAm5hjbas8zubogEIcrvEFI\/6e0RKPgdzzou\/MA0GCSqGSIb3DQEBCwUAA4IBAQA9Dp7Wqfw2aYKeyr7uJlu4SujZSvaN675RHdEPhMj+qJGop\/Gq5vJbt91usUroGfvDFQb8VoGPSLFynOC5OY06PXWWCd5c5kKN\/iTeEjX9Ha8HQlh9FEvaul9Qz2lQt+cRe3qRpImpRl4DMKtgNOCxk9SnRVEA3P1o+uOVhDwcPdK2VQ2NPqzeGatK+IxwlukNqW6ZOiKyZvEqQawdfWbDQ40fYxm10LSZdohzHkPn9Oar7WOKW1cMYwnaW7ItZQ9mFqJrMky8xTzHCDRgBJdrijixQdHfxSUsfSCPGAUn5KR0BMBA9hr5HksIm6zCgJYEwKr1jJCqJhVnFhxD4c7tAAROMIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEyMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3QgU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnvUA0Qk28FgICfKqC9EksC4T2fWBYk\/jCfC3R3VZMdS\/dN4ZKCEPZRrAzDsiKUDzRrmBBJ5wudgzndIMYcLe\/RGGFl5yODIKgjEv\/SJH\/UL+dEaltN11BmsK+eQmMF++AcxGNhr59qM\/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmKFsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7XrJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8GA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd\/cGYYuMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0gBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7HTgiZ\/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoNFvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ\/XteDSGU9YzJqPjY8q3MDxrzmqepBCf5o8mw\/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wWIRdAvKLWZu\/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZUSpxu6x6td0V7SvJCCosirSmIatj\/9dSSVDQibet8q\/7UK4v4ZUN80atnZz1yhYDAwEsDAABKAMAHSCENl1POvb6My7D4hPc\/sMJ7Tufg\/LCEx1rGH6qSE8RaQgEAQC5wySkCTDkvijEKyzcSo\/8MnFKyuNuS9ozlsIo\/40DVij51vWGmHTS5GhFyCASQxaHGFTYsSHNMC3Wgv1H5KA3Mee1B9o\/hTw4uoTHLTeXjL2YEsYJN9UTVvZQVJzdkM4XQcWw5Br+vs7\/JC6fD8JjJh5+eSdQSQUB1aDgH89Z9ZwCeYsojgzQtwUQ5wgEEXVn+8ro2wBZ1wX27tOYjI\/oTWlDrsQz8l4usXnSogdtc1LL9t0IoL8kjOwDk997Z7u7Ftz23DDAL\/5t80M3zHefGPuWFCnrCFYqLE6vev\/cyzB+YQm+GAEHnkVrh2JZz65l3\/Xfzwl06w\/f+XmJ7He+FgMDAAQOAAAA"}
01191{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1572783663234,"flow_last_seen":1572783663319,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":3267,"flow_avg_l4_payload_len":544,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google","ja3":"4fe4099926d0acdc9b2fe4b02013659f","ja3s":"2b341b88c742e940cfb485ce7d93dde7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53"}}
00422{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":319932,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"uCfrK5DxCAAnjau+CABFAAA0w6pAAEAGpKjAqAG5CAgICOOyA1VVRPy+7jtX1oAQAenSlwAAAQEICiovlWiOOwBC"}
00544{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":320932,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"uCfrK5DxCAAnjau+CABFAACJw6tAAEAGpFLAqAG5CAgICOOyA1VVRPy+7jtX1oAYAfXS7AAAAQEICiovlWmOOwBCFgMDACUQAAAhIIM\/\/7FVcfHSFoqNIHr07cwqtvDH7hAhWndiIOh8GFcLFAMDAAEBFgMDACAsJJrG91X8jl9pfndV2J\/0bngr7Be5pjDHfr3UQO+thw=="}
00456{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":321029,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"uCfrK5DxCAAnjau+CABFAABLw6xAAEAGpI\/AqAG5CAgICOOyA1VVRP0T7jtX1oAYAfXSrgAAAQEICiovlWmOOwBCFwMDABJ94OHAwTINl5f66A1sOf3\/IT8="}
00510{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":321141,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"uCfrK5DxCAAnjau+CABFAAByw61AAEAGpGfAqAG5CAgICOOyA1VVRP0q7jtX1oAYAfXS1QAAAQEICiovlWmOOwBCFwMDADk+iF8WPogamauS6gq3tjNHZmWCZeuPS7CKykhxgrPl9SkAa+FKuW8abnIFYN1rE6iL2lyZIzBEbNg="}
00801{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":351849,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"CAAnjau+uCfrK5DxCABFAAFIcr0AAHcG\/YEICAgIwKgBuQNV47LuO1fWVUT9E4AYAPBtAgAAAQEICo47AGMqL5VpFgMDAOQEAADgAAGJwADaAANPyS96Dnih+MQfD5GnBlJnAkBO\/bzmqeQVptfgwT391iseGI33ohOOJcPIJSQK\/OjtFfbzntzZDgiiBxv5lJS3Yn5133JSBVoRxa4quztlpAvYA7UZoOrFtfDjnvq7jfvTcSl9TjxdScdWC+QMTiN+ojOC3txxoYuf\/VMy7bQhkhTmvfdxyxc8O8Sl54xomNFsejR1POo2iLuH5HcvEW7rkSCZwQ8bZnjAZ1GAUdUtTREFP8VWiZGr9cIJ50sqsyH9aBwXSaRanjNBwG8rnHNe8cOQ9Ply\/wEUAwMAAQEWAwMAIMflBP6A7l78Jq+fJ0vlRSexLHF48\/TgtM27rcU3NLae"}
00425{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":351880,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CAAnjau+uCfrK5DxCABFAAA0cr4AAHcG\/pQICAgIwKgBuQNV47LuO1jqVUT9aIAQAPDUSQAAAQEICo47AGMqL5Vp"}
00581{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":362911,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"pkt":"CAAnjau+uCfrK5DxCABFAACkcscAAHcG\/hsICAgIwKgBuQNV47LuO1jqVUT9aIAYAPA14wAAAQEICo47AG0qL5VpFwMDAGtCZAKYrlOw7p7Ypme9t\/jxCtE4s3HbB+oF3nvBhGolPit9CQPVOUDaPHWJ6Wddy5sdn+0b82cMnVdi1F6cKaM9dEhCKMWku7ZXhgF9LPwgwe31yVB9tI+mAU3oHSrmP6q7mlJnO5Q6OCmQ+g=="}
00424{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":363038,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"uCfrK5DxCAAnjau+CABFAAA0w65AAEAGpKTAqAG5CAgICOOyA1VVRP1o7jtZWoAQAfXSlwAAAQEICiovlZOOOwBj"}
00457{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783664,"pkt_ts_usec":523258,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"uCfrK5DxCAAnjau+CABFAABLw69AAEAGpIzAqAG5CAgICOOyA1VVRP1o7jtZWoAYAfXSrgAAAQEICiovmhuOOwBjFwMDABI82N\/gUdWtanJsd6FACr8N0eU="}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":24,"flow_first_seen":1572783663234,"flow_last_seen":1572783666246,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":4269,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test"}
Powered by cgit, Themed by Ted Yin.