aboutsummaryrefslogtreecommitdiff
path: root/test/results/forticlient.pcap.out
blob: f9565d5f8c95aacc8f1be12bd841bfdf8e5c9dfc (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113

00479{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"forticlient.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1621067203571,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":571879,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFtKMutlmzOAAAAALAC\/\/9bnAAAAgQFtAEDAwUBAQgKJ6c8YwAAAAAEAgAA"}
00438{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":633408,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8pJBAADQGX3NSUS4NwKgBsijL8W1kEcpBrZZsz6ASOEBvHAAAAgQFrAQCCAoGP5CkJ6c8YwEDAwo="}
00426{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":633503,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFtKMutlmzPZBHKQoAQECzFugAAAQEICienPKAGP5Ck"}
00658{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":776571,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"EBMx8Tl2KDc3AG3ICABFAADfAABAAEAG92DAqAGyUlEuDfFtKMutlmzPZBHKQoAYECx8qwAAAQEICienPS4GP5CkFgMBAKYBAACiAwNgn4XDHhk9zkDSeKikF83Z2kCbBVuvXP2YO+k8PIUoXwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAATQAAABAADgAACzgyLjgxLjQ2LjEzAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"}
00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1621067203571,"flow_last_seen":1621067203776,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00427{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":840255,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0WuhAADQGqSNSUS4NwKgBsijL8W1kEcpCrZZteoAQABDUiQAAAQEICgY\/kLgnpz0u"}
02363{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":852128,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUWulAADQGo4JSUS4NwKgBsijL8W1kEcpCrZZteoAQABBZ3QAAAQEICgY\/kLknpz0uFgMDAFkCAABVAwNMQYg+z1Akfi0bYPhJZIpw8023veuBHo\/hhYl77vjjiCBAKAstRSAMu1dd4iOTCn8qfpwAVoV+sGTLYNRnbzZqNsAwAAAN\/wEAAQAACwAEAwABAhYDAwezCwAHrwAHrAADzTCCA8kwggKxoAMCAQICAzW7EjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTYwOTEyMTAwNjIwWhcNMzgwMTE5MDMxNDA3WjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxEjAQBgNVBAsTCUZvcnRpR2F0ZTEZMBcGA1UEAxMQRldGNjBFNFExNjAxMjA1MDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEkm3gy+fQGhP2G3iuLy8Thk0QvM9U+dmrsYDJ1gwTHyP2UJIhuJ02jfqRZiIvG+je9kV8s9R6mzJXHVuydgTIhOMjh5QYIPHRW4YuWrenkWAdCvgUyMPMMiz1hRBJvLfxGfMuKuiciYpdme8IwFlVz0WEZtQiIKspYk3LEKQFRg7EKq06hH7bjGSy9SkYiePX2\/K+0OUnL0KzGGpclRznUlXHfbVieNGeCTxeVpQoQK08D2Jl+FwRVE70QsL4ZCv6VMXYQCF1PrGR3pqMCr5ndr3OLTbmHxvvE9x8dx0KrEupPp\/gAIeWYX+g61\/j2hEO5ZbV47v2a619aMDCKTFzAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnFfq2BB7sjnPn7mxKxLcB1FUKVGXmAyucp\/B9HVTQoE17Xl1+r5Vk0e9mZnjsVLg768p9ebGiiJdLeYRDlXK8g6qPSAnMzChCYAybcvAY3HxUYjSFT\/qPmInVgIry0shRIlrcAme9A3JylKBPVu3qiGNI6CaLUkC1Frxq9l2xiEWQ1Tjkm6Z0R1CEZwU4128hVF5ItS8lcBhikdcXjtsh3Kg4Go41t\/JVB6EzbQ8JhaM2\/jUDdDNoGqONDpHkRwAw1XbU7nhl4Kk3nD24cjs5xuyx049VRnmrp29nXpOu1NoxuV2ncaG+hMlcNaEGX8e8RaSdY5V5V\/2KIMQLuazAAA9kwggPVMIICvaADAgECAgkA2vY2tEPUpYswDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1cHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTE1MDcxNjIyMzQzOVoXDTM4MDExOTIyMzQzOVowgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1"}
00814{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1621067203571,"flow_last_seen":1621067203852,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1611,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
01801{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":854111,"pkt_caplen":1075,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1075,"pkt_l4_len":1041,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQlWupAADQGpTBSUS4NwKgBsijL8W1kEc\/irZZteoAYABDBnAAAAQEICgY\/kLknpz0ucHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DtRc9A1EhLIw05ZQUjRO8GwptUPgyEpi3i\/68NEncZmgpruBB+gn6vgzXjFbNM03bo2sm1S61hJSYOZf+bmtujbgmO0Z3HUXMovr7dwModQNXzBkIjQNBktqaGBs0nt+\/RV6uCy4lfGny6vMUkDbmlurEf1fq7WU6zg2oIzoJMe9Wn4iqZka5xWYVBMyH1+ITQvbQgVjQrnBz8Ldc\/U9rQLNcu7qyaO2vSmvBeKwZKJOTGDT4dNI7bi2\/SrkAE+B\/M5Yqlf1vqBoy3XuveFKLkaEoSVsIMYu0xt0pyV1ujE0FBnmfE9E0VLbot17l24HyOhzpHB2C\/12zFJLXsdYwIDAQABoxAwDjAMBgNVHRMEBTADAQH\/MA0GCSqGSIb3DQEBCwUAA4IBAQCHF\/uN7GdKtM2yGmlemIyaUrkL0fG5BBlBP92rQWSY3\/tynqu2CXfpZR8FT3mJrSr0YmdrFtJalc7iOrjBPm+UYIgRqJqMksnHUEVG7t0xRmeSajIi8pPz3dhQaUBl4YwT9ZdUFoAeyPjAiFgg4y9SbtUHfBQr1KNm2fSoYTP46PGZaOcnb5yTrulltEuXyA65EHo6QUiI2nyyU7TyDiVchiq4ciW0LtEJp01A\/Pep9i9biekhbj3TgkfgJQC3O9tF0OzgwK+zMq484gK+bqmeqKfUAion7hwzA+tVXIE3k2wiGiEBSNIQu2VYlHWpDsdPlD21UsKv+o6cQcSSjLiHFgMDAW0MAAFpAwAYYQR+URWW5b3gDqWmVPPVzCdlCGa\/ZaV9D+4Y5LUq\/JTO8Pk5ntccgmPedHiM9ZU+yI6Wp\/rtlbvgg4DA+MifFvwbicOs51Y5U3e0warnAkqqHAVMg54Z2\/Qq5XYxJF4LlrwGAQEAWiagxs18C1Nhbm1NTKu8WaMewNWGkzOuz+sQcA0aJfYoWKbFGvHp1IlkAACJzZSXn\/iVpmF3vwwULnxcomU2Jm7bqHJEoHYbHaKETn\/JXTHTi9F8FfA9aTPhqRbRgB9kmFz57jnAd2soS7OLctE2FyEyl1eh8Iw34k\/LtieEZUTP0IVeRumrkcgyvDMtvHjnzQwo2bNJ1TF5ORTWalkmUYP7xZr\/I2xxHX45rTw+lu3\/wkZrzwYISP6GFzLrAwZXf9Yfqkdj3OARN+OOLJGBDKwq4Zwx2cHOfixpe9PzhlM7RkGV1O8gqkB5ewCDY+E+jNPxSzyZflcHUtKhGw1lJBYDAwAEDgAAAA=="}
01091{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1621067203571,"flow_last_seen":1621067203854,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":374,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
00426{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":854223,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFtKMutlm16ZBHT04AQD9+63gAAAQEICienPXgGP5C5"}
00575{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":985738,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"EBMx8Tl2KDc3AG3ICABFAACfAABAAEAG96DAqAGyUlEuDfFtKMutlm16ZBHT04AYEABn6gAAAQEICienPfkGP5C5FgMDAGYQAABiYQTvWBhKDRHH\/ODiOXdjlYaQWgsQRuME0zv3XHyBRRCZmTerEMFWFOfxHpdD05AKQ2xP+jA6kpB\/8E5bgg5jjZwSOsuOZT2bsHpIGDYh0lqRNfLwBslWlCzqDoy59tf4QEk="}
00436{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":985743,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6AABAAEAG+AXAqAGyUlEuDfFtKMutlm3lZBHT04AYEAChvwAAAQEICienPfkGP5C5FAMDAAEB"}
00491{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":985759,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"EBMx8Tl2KDc3AG3ICABFAABhAABAAEAG997AqAGyUlEuDfFtKMutlm3rZBHT04AYEACP1QAAAQEICienPfkGP5C5FgMDACiPvzq+zAUfbHcuAAZMPS9qDTujM0mpb\/a9HQZw7GJsXrVVo4K4R32f"}
00428{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":58367,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0WutAADQGqSBSUS4NwKgBsijL8W1kEdPTrZZuGIAQABDJeQAAAQEICgY\/kM4npz35"}
00499{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":59366,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnWuxAADQGqOxSUS4NwKgBsijL8W1kEdPTrZZuGIAYABBhYQAAAQEICgY\/kM4npz35FAMDAAEBFgMDACghidHAtJpSKRWJ59jA1JNw42oTY\/dmGXJgbzbWcnpUpjfbaFQB1oJG"}
00428{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":59478,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFtKMutlm4YZBHUBoAQD\/65EAAAAQEICienPkEGP5DO"}
00653{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":392230,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"EBMx8Tl2KDc3AG3ICABFAADYAABAAEAG92fAqAGyUlEuDfFtKMutlm4YZBHUBoAYEAC3jgAAAQEICienP4wGP5DOFwMDAJ+Pvzq+zAUfbV7XzAzO8kyR6SPi8+PHCMVSKeRefo6BBzxUVgted\/7S1JXrgvYiGetmmO3jPHiDrhWDcVz4c+8efu3wOgT\/E492kxUPwc4UjVhxyhE1wUkDMmngdrzgo2WN7UjpoAyrOo3GIIKKfsJy+eZgSNyosoprodoMnyncoZZE4wMSWTW6IpN4DZSPYGeg92KNxCBdcNED2ldshwM="}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1621067204622,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":622472,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFuKMux1NwAAAAAALAC\/\/\/kHgAAAgQFtAEDAwUBAQgKJ6dAbwAAAAAEAgAA"}
00440{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":682265,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8DZFAADQG9nJSUS4NwKgBsijL8W6yVLN5sdTcAaASOEC\/ugAAAgQFrAQCCAoGP5ENJ6dAbwEDAwo="}
00427{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":682424,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFuKMux1NwBslSzeoAQECwWWwAAAQEICienQKoGP5EN"}
00705{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":827269,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD\/AABAAEAG90DAqAGyUlEuDfFuKMux1NwBslSzeoAYECwJbQAAAQEICienQToGP5ENFgMBAMYBAADCAwNgn4XEp+uBSLXTSYGmDjytSwbEIFYHQALSGOu1WZB+OiBAKAstRSAMu1dd4iOTCn8qfpwAVoV+sGTLYNRnbzZqNgAsAP\/ALMArwCTAI8AKwAnACMAwwC\/AKMAnwBTAE8ASAJ0AnAA9ADwANQAvAAoBAABNAAAAEAAOAAALODIuODEuNDYuMTMACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1621067204622,"flow_last_seen":1621067204827,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00428{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":886490,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ImlAADQG4aJSUS4NwKgBsijL8W6yVLN6sdTczIAQABAlCAAAAQEICgY\/kSEnp0E6"}
02364{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":898197,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUImpAADQG3AFSUS4NwKgBsijL8W6yVLN6sdTczIAQABDMewAAAQEICgY\/kSInp0E6FgMDAFkCAABVAwPNKKzk0kFbGwK4GoGYDE7Clte2bxu4mBZlYF57\/OTSeCD6v6cDBAZPGVnAvwM3jxR4N1cBHzzI+povGklxwtUExsAwAAAN\/wEAAQAACwAEAwABAhYDAwezCwAHrwAHrAADzTCCA8kwggKxoAMCAQICAzW7EjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTYwOTEyMTAwNjIwWhcNMzgwMTE5MDMxNDA3WjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxEjAQBgNVBAsTCUZvcnRpR2F0ZTEZMBcGA1UEAxMQRldGNjBFNFExNjAxMjA1MDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEkm3gy+fQGhP2G3iuLy8Thk0QvM9U+dmrsYDJ1gwTHyP2UJIhuJ02jfqRZiIvG+je9kV8s9R6mzJXHVuydgTIhOMjh5QYIPHRW4YuWrenkWAdCvgUyMPMMiz1hRBJvLfxGfMuKuiciYpdme8IwFlVz0WEZtQiIKspYk3LEKQFRg7EKq06hH7bjGSy9SkYiePX2\/K+0OUnL0KzGGpclRznUlXHfbVieNGeCTxeVpQoQK08D2Jl+FwRVE70QsL4ZCv6VMXYQCF1PrGR3pqMCr5ndr3OLTbmHxvvE9x8dx0KrEupPp\/gAIeWYX+g61\/j2hEO5ZbV47v2a619aMDCKTFzAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnFfq2BB7sjnPn7mxKxLcB1FUKVGXmAyucp\/B9HVTQoE17Xl1+r5Vk0e9mZnjsVLg768p9ebGiiJdLeYRDlXK8g6qPSAnMzChCYAybcvAY3HxUYjSFT\/qPmInVgIry0shRIlrcAme9A3JylKBPVu3qiGNI6CaLUkC1Frxq9l2xiEWQ1Tjkm6Z0R1CEZwU4128hVF5ItS8lcBhikdcXjtsh3Kg4Go41t\/JVB6EzbQ8JhaM2\/jUDdDNoGqONDpHkRwAw1XbU7nhl4Kk3nD24cjs5xuyx049VRnmrp29nXpOu1NoxuV2ncaG+hMlcNaEGX8e8RaSdY5V5V\/2KIMQLuazAAA9kwggPVMIICvaADAgECAgkA2vY2tEPUpYswDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1cHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTE1MDcxNjIyMzQzOVoXDTM4MDExOTIyMzQzOVowgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1"}
00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1621067204622,"flow_last_seen":1621067204898,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
01802{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":900059,"pkt_caplen":1075,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1075,"pkt_l4_len":1041,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQlImtAADQG3a9SUS4NwKgBsijL8W6yVLkasdTczIAYABA\/5AAAAQEICgY\/kSInp0E6cHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DtRc9A1EhLIw05ZQUjRO8GwptUPgyEpi3i\/68NEncZmgpruBB+gn6vgzXjFbNM03bo2sm1S61hJSYOZf+bmtujbgmO0Z3HUXMovr7dwModQNXzBkIjQNBktqaGBs0nt+\/RV6uCy4lfGny6vMUkDbmlurEf1fq7WU6zg2oIzoJMe9Wn4iqZka5xWYVBMyH1+ITQvbQgVjQrnBz8Ldc\/U9rQLNcu7qyaO2vSmvBeKwZKJOTGDT4dNI7bi2\/SrkAE+B\/M5Yqlf1vqBoy3XuveFKLkaEoSVsIMYu0xt0pyV1ujE0FBnmfE9E0VLbot17l24HyOhzpHB2C\/12zFJLXsdYwIDAQABoxAwDjAMBgNVHRMEBTADAQH\/MA0GCSqGSIb3DQEBCwUAA4IBAQCHF\/uN7GdKtM2yGmlemIyaUrkL0fG5BBlBP92rQWSY3\/tynqu2CXfpZR8FT3mJrSr0YmdrFtJalc7iOrjBPm+UYIgRqJqMksnHUEVG7t0xRmeSajIi8pPz3dhQaUBl4YwT9ZdUFoAeyPjAiFgg4y9SbtUHfBQr1KNm2fSoYTP46PGZaOcnb5yTrulltEuXyA65EHo6QUiI2nyyU7TyDiVchiq4ciW0LtEJp01A\/Pep9i9biekhbj3TgkfgJQC3O9tF0OzgwK+zMq484gK+bqmeqKfUAion7hwzA+tVXIE3k2wiGiEBSNIQu2VYlHWpDsdPlD21UsKv+o6cQcSSjLiHFgMDAW0MAAFpAwAYYQRDWmAmCg7XsTW+RvCAC0sbZ+SBRkSgFCUlkz\/IwN\/8c\/NJIrs+ILcpIxCCI0N9sDPjc20vF3fhrL8oZBKZYp8ZbnTlpZrSiKibycLeXw1ASLbNdqYX3C+izklbSVJ\/tokGAQEABsO0H8vdCw0252tfIzfTfFWWJXTldG3BxDkkL4g1+0rLC+30WT+5h111YwDniV9p6SpJPWnP79Ah0p2blDE6FrdGElq5cIPT03Cte5Pygktzt3LkZAIscr\/HNfshHX6DT6B6gCsDRe7LT\/CJ7zw1pxErmsA1VDwZhwGwND6YCSsyyG2lqPfClwFiQwG5pR8Nn9ZXofREIJEnZTR6xf6a\/b19Ct7XaRLkl4il8P\/3lf+8eWV3jWuMnq0bAFbV90AD4k8m030f14e+Hkz8j4wGDwWOwBAO\/Bd5sFNzy7yX+9njCybmLTwDm6Ou0XWocGTEvAzh2sjgkSXR1g9SofMVgxYDAwAEDgAAAA=="}
01092{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1621067204622,"flow_last_seen":1621067204900,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
00427{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":900142,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFuKMux1NzMslS9C4AQD98LYAAAAQEICienQYEGP5Ei"}
00575{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":37894,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"EBMx8Tl2KDc3AG3ICABFAACfAABAAEAG96DAqAGyUlEuDfFuKMux1NzMslS9C4AYEAA1FQAAAQEICienQggGP5EiFgMDAGYQAABiYQRMlk9Sqm8x7BO7Ac\/JDkvTlimMq+ZTv2U1j379dVY8SgvRAiH5jrVV0Wx2QR8wjgugOy2ro2NKKw4TbZbYXO4ZIWGRnWkU\/sfj+8WhWYs3YarXXSOfhe5kLw3fJTpeBlA="}
00435{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":37898,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6AABAAEAG+AXAqAGyUlEuDfFuKMux1N03slS9C4AYEADyOgAAAQEICienQggGP5EiFAMDAAEB"}
00489{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":37900,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"EBMx8Tl2KDc3AG3ICABFAABhAABAAEAG997AqAGyUlEuDfFuKMux1N09slS9C4AYEACTFgAAAQEICienQggGP5EiFgMDACgf6ycOGoisF0h9nBZSXpGNUmJ9jfcKojoAJNMP8smnzz4+kDYh3VrI"}
00429{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":108650,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ImxAADQG4Z9SUS4NwKgBsijL8W6yVL0LsdTdaoAQABAZ9QAAAQEICgY\/kTcnp0II"}
00500{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":109043,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnIm1AADQG4WtSUS4NwKgBsijL8W6yVL0LsdTdaoAYABAqlAAAAQEICgY\/kTcnp0IIFAMDAAEBFgMDACiaUVlfnayZVBonB\/0bq4uxNvKj8siuQLcBr0MUxggpqZLArDcYZrpE"}
00429{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":109116,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFuKMux1N1qslS9PoAQD\/4JjwAAAQEICienQk0GP5E3"}
00655{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":445671,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"EBMx8Tl2KDc3AG3ICABFAADZAABAAEAG92bAqAGyUlEuDfFuKMux1N1qslS9PoAYEAC44QAAAQEICienQ5sGP5E3FwMDAKAf6ycOGoisGDmLuUPZx2+NBbgG8KhkWAB8Nz3dy4fDJtcvavNE9o\/ywFaGef6yNl1gdZXprd9Iu5V1f6t9\/EoQ+5QZ04TdKwgyu\/EBULZ7KUZNs7Jbcw465+G0CHW26Yhh9qQ0z2C45s76iEvhqy08QAZyAysN5FJGljaNK5642VdzWV8l8lwsxzieIYZW6mxl3LZE0\/8o6UPl0seZUrJw"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1621067205651,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":651500,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFzKMsSeiBCAAAAALAC\/\/87PQAAAgQFtAEDAwUBAQgKJ6dEZQAAAAAEAgAA"}
00439{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":710127,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8c5FAADQGkHJSUS4NwKgBsijL8XP7CfxqEnogQ6ASOECEzAAAAgQFrAQCCAoGP5FzJ6dEZQEDAwo="}
00427{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":710225,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFzKMsSeiBD+wn8a4AQECzbbQAAAQEICienRJ8GP5Fz"}
00705{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":856632,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD\/AABAAEAG90DAqAGyUlEuDfFzKMsSeiBD+wn8a4AYECzNugAAAQEICienRTAGP5FzFgMBAMYBAADCAwNgn4XFQZiH+y8CHLF8hTQg3ogVgVp4VG9EWDmmbkf39yD6v6cDBAZPGVnAvwM3jxR4N1cBHzzI+povGklxwtUExgAsAP\/ALMArwCTAI8AKwAnACMAwwC\/AKMAnwBTAE8ASAJ0AnAA9ADwANQAvAAoBAABNAAAAEAAOAAALODIuODEuNDYuMTMACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1621067205651,"flow_last_seen":1621067205856,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00428{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":914177,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0bRJAADQGlvlSUS4NwKgBsijL8XP7CfxrEnohDoAQABDqGAAAAQEICgY\/kYgnp0Uw"}
02365{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":926006,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUbRNAADQGkVhSUS4NwKgBsijL8XP7CfxrEnohDoAQABBMKwAAAQEICgY\/kYknp0UwFgMDAFkCAABVAwOYnBh1oFf3ZFZgK6KsDRsjcw1liD4uUa6U3S\/+hnNkKyAELNgcMkheJM59FCR9MMzWP2xubihBgP\/7aZ8AyE3Pc8AwAAAN\/wEAAQAACwAEAwABAhYDAwezCwAHrwAHrAADzTCCA8kwggKxoAMCAQICAzW7EjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTYwOTEyMTAwNjIwWhcNMzgwMTE5MDMxNDA3WjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxEjAQBgNVBAsTCUZvcnRpR2F0ZTEZMBcGA1UEAxMQRldGNjBFNFExNjAxMjA1MDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEkm3gy+fQGhP2G3iuLy8Thk0QvM9U+dmrsYDJ1gwTHyP2UJIhuJ02jfqRZiIvG+je9kV8s9R6mzJXHVuydgTIhOMjh5QYIPHRW4YuWrenkWAdCvgUyMPMMiz1hRBJvLfxGfMuKuiciYpdme8IwFlVz0WEZtQiIKspYk3LEKQFRg7EKq06hH7bjGSy9SkYiePX2\/K+0OUnL0KzGGpclRznUlXHfbVieNGeCTxeVpQoQK08D2Jl+FwRVE70QsL4ZCv6VMXYQCF1PrGR3pqMCr5ndr3OLTbmHxvvE9x8dx0KrEupPp\/gAIeWYX+g61\/j2hEO5ZbV47v2a619aMDCKTFzAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnFfq2BB7sjnPn7mxKxLcB1FUKVGXmAyucp\/B9HVTQoE17Xl1+r5Vk0e9mZnjsVLg768p9ebGiiJdLeYRDlXK8g6qPSAnMzChCYAybcvAY3HxUYjSFT\/qPmInVgIry0shRIlrcAme9A3JylKBPVu3qiGNI6CaLUkC1Frxq9l2xiEWQ1Tjkm6Z0R1CEZwU4128hVF5ItS8lcBhikdcXjtsh3Kg4Go41t\/JVB6EzbQ8JhaM2\/jUDdDNoGqONDpHkRwAw1XbU7nhl4Kk3nD24cjs5xuyx049VRnmrp29nXpOu1NoxuV2ncaG+hMlcNaEGX8e8RaSdY5V5V\/2KIMQLuazAAA9kwggPVMIICvaADAgECAgkA2vY2tEPUpYswDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1cHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTE1MDcxNjIyMzQzOVoXDTM4MDExOTIyMzQzOVowgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1"}
00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1621067205651,"flow_last_seen":1621067205926,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
01798{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":928157,"pkt_caplen":1075,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1075,"pkt_l4_len":1041,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQlbRRAADQGkwZSUS4NwKgBsijL8XP7CgILEnohDoAYABDaoQAAAQEICgY\/kYknp0UwcHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DtRc9A1EhLIw05ZQUjRO8GwptUPgyEpi3i\/68NEncZmgpruBB+gn6vgzXjFbNM03bo2sm1S61hJSYOZf+bmtujbgmO0Z3HUXMovr7dwModQNXzBkIjQNBktqaGBs0nt+\/RV6uCy4lfGny6vMUkDbmlurEf1fq7WU6zg2oIzoJMe9Wn4iqZka5xWYVBMyH1+ITQvbQgVjQrnBz8Ldc\/U9rQLNcu7qyaO2vSmvBeKwZKJOTGDT4dNI7bi2\/SrkAE+B\/M5Yqlf1vqBoy3XuveFKLkaEoSVsIMYu0xt0pyV1ujE0FBnmfE9E0VLbot17l24HyOhzpHB2C\/12zFJLXsdYwIDAQABoxAwDjAMBgNVHRMEBTADAQH\/MA0GCSqGSIb3DQEBCwUAA4IBAQCHF\/uN7GdKtM2yGmlemIyaUrkL0fG5BBlBP92rQWSY3\/tynqu2CXfpZR8FT3mJrSr0YmdrFtJalc7iOrjBPm+UYIgRqJqMksnHUEVG7t0xRmeSajIi8pPz3dhQaUBl4YwT9ZdUFoAeyPjAiFgg4y9SbtUHfBQr1KNm2fSoYTP46PGZaOcnb5yTrulltEuXyA65EHo6QUiI2nyyU7TyDiVchiq4ciW0LtEJp01A\/Pep9i9biekhbj3TgkfgJQC3O9tF0OzgwK+zMq484gK+bqmeqKfUAion7hwzA+tVXIE3k2wiGiEBSNIQu2VYlHWpDsdPlD21UsKv+o6cQcSSjLiHFgMDAW0MAAFpAwAYYQSpCI+VU7scjI3LZuh6jYdR3hiS+GXuFJu25gRBjlJW6+WSybs3rdoGEEOYPd0BnWod+IHDRUnzR2ptbIn0wosun1EaK94f345iYnt80TzVyXB5UPM880CNCqj3UAZBoVIGAQEABlPh0A5Bm60QzR6b9DrW1Tfbwxn2udCztNSTaJXT\/2w4ngli8i8InoI82Wg27s2xkKI+vFQA6sFXSo7U3KaUCCEJlgLtSNg\/2A\/b\/1bwkoDQHt9uOpgGm45ce2lS1OLsqZDhNE\/gp98CcpcVfkuoaFWhyChqJBI6ViV8ayFLbffU3P9h8KG72wFOW2INm+MYlr3WytPis+HH9IVw2Tjc7jMVS7nQhFv6L7\/0Gi2LedZL0ZpR811lOPPCyOX6piYedCFJaL4vZDBViQeRrG3asy2ZAurbxozYYclAUua5HyYR9ykN7S9W1f2gspfkn5vrULgtoCnuvsoXYPofDnqTfhYDAwAEDgAAAA=="}
01092{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":7,"flow_first_seen":1621067205651,"flow_last_seen":1621067205928,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
00429{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":928256,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFzKMsSeiEO+woF\/IAQD9\/QcwAAAQEICienRXQGP5GJ"}
00574{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":69996,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"EBMx8Tl2KDc3AG3ICABFAACfAABAAEAG96DAqAGyUlEuDfFzKMsSeiEO+woF\/IAYEABb9QAAAQEICienRgAGP5GJFgMDAGYQAABiYQS5klChCa1nu02InQSoL0lqkSpQKQso0+o5k7FR4cIlwmA8FNGNPgAOoglyMxSwmZD+xq8zmrxdr8+9ElnZVss7a3SMEwDf9mpkhDJzZcJXJeOg4cqF2AXi3h7DiDRygyA="}
00436{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":70001,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6AABAAEAG+AXAqAGyUlEuDfFzKMsSeiF5+woF\/IAYEAC3SQAAAQEICienRgAGP5GJFAMDAAEB"}
00494{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":70025,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"EBMx8Tl2KDc3AG3ICABFAABhAABAAEAG997AqAGyUlEuDfFzKMsSeiF\/+woF\/IAYEAAqwAAAAQEICienRgAGP5GJFgMDACg\/EKPn7uMD3g\/9A372am0PiizumOS\/7xcBlN2Gm6fq1JY4BwdMMHUP"}
00429{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":139621,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0bRVAADQGlvZSUS4NwKgBsijL8XP7CgX8EnohrIAQABDfAwAAAQEICgY\/kZ4np0YA"}
00499{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":139880,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnbRZAADQGlsJSUS4NwKgBsijL8XP7CgX8EnohrIAYABDIqQAAAQEICgY\/kZ4np0YAFAMDAAEBFgMDAChMdauOcW6Ls8zMpiVvg2ZTht4sOE2iePygPE6IcwmsrDzF4ZSHgKvC"}
00429{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":140004,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFzKMsSeiGs+woGL4AQD\/7OnQAAAQEICienRkUGP5Ge"}
00690{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":274735,"pkt_caplen":258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":258,"pkt_l4_len":224,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD0AABAAEAG90vAqAGyUlEuDfFzKMsSeiGs+woGL4AYEACMlgAAAQEICienRssGP5GeFwMDALs\/EKPn7uMD3+wpjQBRFW8e1EcPlV6Q6ObSOqheHzsJDzuPoZN+Gy1ymx+9FyKqEEkIOfMazwYQ1jHzyLN0ANGU6MOzbuoIkP6aN6cUV6Hq5u4aMPaai27JxkjW\/meB7CaPzYnZwVS0XzMoNt06YmeNjlaCEypgQR5oxOqm3kSg3\/Prt7AgH4LaxXpG1bhEcVfWFCh9HtyS8dBtzsLRqJiDXjhHZNpSebLaEzxVTZ+rzaFcK8i17+PsWOwB"}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1621067206773,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":773010,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF0KMspKYnJAAAAALAC\/\/+2swAAAgQFtAEDAwUBAQgKJ6dItwAAAAAEAgAA"}
00439{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":833331,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA85JFAADQGH3JSUS4NwKgBsijL8XTNezJoKSmJyqASOED3YgAAAgQFrAQCCAoGP5HkJ6dItwEDAwo="}
00427{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":833438,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF0KMspKYnKzXsyaYAQECxOAgAAAQEICienSPMGP5Hk"}
00707{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":977150,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD\/AABAAEAG90DAqAGyUlEuDfF0KMspKYnKzXsyaYAYECwOmAAAAQEICienSYIGP5HkFgMBAMYBAADCAwNgn4XGR7oIUOrAwfXLNhOc\/stRXR3cpjisHDHrOmoG8CAELNgcMkheJM59FCR9MMzWP2xubihBgP\/7aZ8AyE3PcwAsAP\/ALMArwCTAI8AKwAnACMAwwC\/AKMAnwBTAE8ASAJ0AnAA9ADwANQAvAAoBAABNAAAAEAAOAAALODIuODEuNDYuMTMACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1621067206773,"flow_last_seen":1621067206977,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00427{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":36967,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0o4NAADQGYIhSUS4NwKgBsijL8XTNezJpKSmKlYAQABBcsAAAAQEICgY\/kfgnp0mC"}
02365{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":49233,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUo4RAADQGWudSUS4NwKgBsijL8XTNezJpKSmKlYAQABA9RwAAAQEICgY\/kfknp0mCFgMDAFkCAABVAwNnZ\/OJo6RE7hyRtbLqvOcQnYNZvPW\/uW6Wzk3ZmtG85SCfyViooWLsKJeuaidxXFUrV8SrVuQwq5HnaWw9\/qL7fcAwAAAN\/wEAAQAACwAEAwABAhYDAwezCwAHrwAHrAADzTCCA8kwggKxoAMCAQICAzW7EjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTYwOTEyMTAwNjIwWhcNMzgwMTE5MDMxNDA3WjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxEjAQBgNVBAsTCUZvcnRpR2F0ZTEZMBcGA1UEAxMQRldGNjBFNFExNjAxMjA1MDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEkm3gy+fQGhP2G3iuLy8Thk0QvM9U+dmrsYDJ1gwTHyP2UJIhuJ02jfqRZiIvG+je9kV8s9R6mzJXHVuydgTIhOMjh5QYIPHRW4YuWrenkWAdCvgUyMPMMiz1hRBJvLfxGfMuKuiciYpdme8IwFlVz0WEZtQiIKspYk3LEKQFRg7EKq06hH7bjGSy9SkYiePX2\/K+0OUnL0KzGGpclRznUlXHfbVieNGeCTxeVpQoQK08D2Jl+FwRVE70QsL4ZCv6VMXYQCF1PrGR3pqMCr5ndr3OLTbmHxvvE9x8dx0KrEupPp\/gAIeWYX+g61\/j2hEO5ZbV47v2a619aMDCKTFzAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnFfq2BB7sjnPn7mxKxLcB1FUKVGXmAyucp\/B9HVTQoE17Xl1+r5Vk0e9mZnjsVLg768p9ebGiiJdLeYRDlXK8g6qPSAnMzChCYAybcvAY3HxUYjSFT\/qPmInVgIry0shRIlrcAme9A3JylKBPVu3qiGNI6CaLUkC1Frxq9l2xiEWQ1Tjkm6Z0R1CEZwU4128hVF5ItS8lcBhikdcXjtsh3Kg4Go41t\/JVB6EzbQ8JhaM2\/jUDdDNoGqONDpHkRwAw1XbU7nhl4Kk3nD24cjs5xuyx049VRnmrp29nXpOu1NoxuV2ncaG+hMlcNaEGX8e8RaSdY5V5V\/2KIMQLuazAAA9kwggPVMIICvaADAgECAgkA2vY2tEPUpYswDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1cHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTE1MDcxNjIyMzQzOVoXDTM4MDExOTIyMzQzOVowgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1"}
00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1621067206773,"flow_last_seen":1621067207049,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
01799{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":50833,"pkt_caplen":1075,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1075,"pkt_l4_len":1041,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQlo4VAADQGXJVSUS4NwKgBsijL8XTNezgJKSmKlYAYABCMkAAAAQEICgY\/kfknp0mCcHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DtRc9A1EhLIw05ZQUjRO8GwptUPgyEpi3i\/68NEncZmgpruBB+gn6vgzXjFbNM03bo2sm1S61hJSYOZf+bmtujbgmO0Z3HUXMovr7dwModQNXzBkIjQNBktqaGBs0nt+\/RV6uCy4lfGny6vMUkDbmlurEf1fq7WU6zg2oIzoJMe9Wn4iqZka5xWYVBMyH1+ITQvbQgVjQrnBz8Ldc\/U9rQLNcu7qyaO2vSmvBeKwZKJOTGDT4dNI7bi2\/SrkAE+B\/M5Yqlf1vqBoy3XuveFKLkaEoSVsIMYu0xt0pyV1ujE0FBnmfE9E0VLbot17l24HyOhzpHB2C\/12zFJLXsdYwIDAQABoxAwDjAMBgNVHRMEBTADAQH\/MA0GCSqGSIb3DQEBCwUAA4IBAQCHF\/uN7GdKtM2yGmlemIyaUrkL0fG5BBlBP92rQWSY3\/tynqu2CXfpZR8FT3mJrSr0YmdrFtJalc7iOrjBPm+UYIgRqJqMksnHUEVG7t0xRmeSajIi8pPz3dhQaUBl4YwT9ZdUFoAeyPjAiFgg4y9SbtUHfBQr1KNm2fSoYTP46PGZaOcnb5yTrulltEuXyA65EHo6QUiI2nyyU7TyDiVchiq4ciW0LtEJp01A\/Pep9i9biekhbj3TgkfgJQC3O9tF0OzgwK+zMq484gK+bqmeqKfUAion7hwzA+tVXIE3k2wiGiEBSNIQu2VYlHWpDsdPlD21UsKv+o6cQcSSjLiHFgMDAW0MAAFpAwAYYQTUu6wEEm6jsmXU0yCYD24OySeP+iql+oNZD\/TENWomz8k3jQ0IADMd4YxMPl5ytWgSDJI0fUn4l7Pbd8SWOodXcjYWJky+pbPSTG4pE5j1a+TMscEtWyiG7MEYLuOQnp0GAQEAeAyX7k5IEdhJ82TRB9jAixL1cTZ9S4jLhZM9mQDF4W1ZbAysAmH\/epKtzFX0GaHRNM5NqLRszFjgjwLZvy8GQf6PW2tsMa4\/XjHwzG39mZZQ\/tuqMW5fGtDACQES2AMZiyyWKtl62n5Tzfc5bRe8avX1eNr8vigRLuIIT\/uaxkBEqMs5SKi9qQ5GA1gXm5\/Ledt6fXFLZ6OJdUYI81WtqDQPwxsopyTTYPKIt5qWywK+XI5DDt4ZBx7H4ckwY6RQK1SzHtbuVOlBs8zaSezGrl1YMez7g+S9zMTU\/dkvPCBz\/Y8RRU9GC+Hl3FW3p8IpvWvTNllCUHU+afkH6s7cBxYDAwAEDgAAAA=="}
01092{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":7,"flow_first_seen":1621067206773,"flow_last_seen":1621067207050,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
00426{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":50911,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF0KMspKYqVzXs7+oAQD99DCAAAAQEICienSckGP5H5"}
00576{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":191301,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"EBMx8Tl2KDc3AG3ICABFAACfAABAAEAG96DAqAGyUlEuDfF0KMspKYqVzXs7+oAYEAAu7QAAAQEICienSkwGP5H5FgMDAGYQAABiYQQ6kYoBbfIPDz94x4EusTtku\/dKN6TebFHE7uNWy8hsH504MR0EB6yxCJ\/pHBUq5uckb9Cdeka0R1KNmmvqhigAcMRqWMpqtJ6uOmMrC9CHBTNAsA0RhGxxoAIhd5OXoE4="}
00436{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":191313,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6AABAAEAG+AXAqAGyUlEuDfF0KMspKYsAzXs7+oAYEAAp5wAAAQEICienSkwGP5H5FAMDAAEB"}
00491{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":191346,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"EBMx8Tl2KDc3AG3ICABFAABhAABAAEAG997AqAGyUlEuDfF0KMspKYsGzXs7+oAYEABAWAAAAQEICienSkwGP5H5FgMDACjQiYyfqMB2pawPsR9Y6SCtqKtiDKoC\/WclUtRXEJiI+cZ2+gMJ1f+8"}
00445{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":259182,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"KDc3AG3IEBMx8Tl2CABFAABAo4ZAADQGYHlSUS4NwKgBsijL8XTNezv6KSmLALAQABCzMQAAAQEICgY\/kg0np0pMAQEFCikpiwYpKYsz"}
00429{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":259184,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0o4dAADQGYIRSUS4NwKgBsijL8XTNezv6KSmLM4AQABBRogAAAQEICgY\/kg0np0pM"}
00436{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":259296,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6AABAAEAG+AXAqAGyUlEuDfF0KMspKYsAzXs7+oAQEAApmwAAAQEICienSowGP5INFAMDAAEB"}
00499{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":262580,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABno4hAADQGYFBSUS4NwKgBsijL8XTNezv6KSmLM4AYABBEPQAAAQEICgY\/kg8np0pMFAMDAAEBFgMDACiulq2pdMiDxsWPQvueOyAAw83reAvmnyN0DGxWcBtQ2f1JK+jBTh71"}
00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1621067209199,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":199710,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF8KMsekCMzAAAAALAC\/\/8eiQAAAgQFtAEDAwUBAQgKJ6dSCQAAAAAEAgAA"}
00440{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":262263,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA81pJAADQGLXFSUS4NwKgBsijL8XxcuXqIHpAjNKASOECG6AAAAgQFrAQCCAoGP5LWJ6dSCQEDAwo="}
00428{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":262372,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCM0XLl6iYAQECzdhQAAAQEICienUkcGP5LW"}
00854{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":264717,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"pkt":"EBMx8Tl2KDc3AG3ICABFAAFtAABAAEAG9tLAqAGyUlEuDfF8KMsekCM0XLl6iYAYECy4MwAAAQEICienUkkGP5LWFgMBATQBAAEwAwME0ZbiTglAl8IIF\/3QYtFxUOfO4VmvosSnyqFik3+gECB0m0E8n5ro5FpA+fOauorg9Y\/MUiqxzclkM+TtS7iPJgA+EwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAJ0AnAA9ADwANQAvAP8BAACpAAAAEAAOAAALODIuODEuNDYuMTMACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAABYAAAAXAAAADQAwAC4EAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMCAwMBAgEDAgICBAIFAgYCACsACQgDBAMDAwIDAQAtAAIBAQAzACYAJAAdACBs1PQ+qJEvrZx4kd6w\/yirfgThWirK26NCg33JqRCxNQ=="}
00816{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1621067209199,"flow_last_seen":1621067209264,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00429{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":326813,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA06FRAADQGG7dSUS4NwKgBsijL8XxcuXqJHpAkbYAQABDsXwAAAQEICgY\/kt0np1JJ"}
02362{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":346748,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXU6FVAADQGFhZSUS4NwKgBsijL8XxcuXqJHpAkbYAQABDZeAAAAQEICgY\/kt4np1JJFgMDAD0CAAA5AwNUBzBqQ9tE91yRCnCEASczkwE6\/gOv+6viNjQyh6uYogDAMAAAEf8BAAEAAAsABAMAAQIAIwAAFgMDB7MLAAevAAesAAPNMIIDyTCCArGgAwIBAgIDNbsSMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRAwDgYDVQQDEwdzdXBwb3J0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTAeFw0xNjA5MTIxMDA2MjBaFw0zODAxMTkwMzE0MDdaMIGdMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREwDwYDVQQKEwhGb3J0aW5ldDESMBAGA1UECxMJRm9ydGlHYXRlMRkwFwYDVQQDExBGV0Y2MEU0UTE2MDEyMDUwMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSSbeDL59AaE\/YbeK4vLxOGTRC8z1T52auxgMnWDBMfI\/ZQkiG4nTaN+pFmIi8b6N72RXyz1HqbMlcdW7J2BMiE4yOHlBgg8dFbhi5at6eRYB0K+BTIw8wyLPWFEEm8t\/EZ8y4q6JyJil2Z7wjAWVXPRYRm1CIgqyliTcsQpAVGDsQqrTqEftuMZLL1KRiJ49fb8r7Q5ScvQrMYalyVHOdSVcd9tWJ40Z4JPF5WlChArTwPYmX4XBFUTvRCwvhkK\/pUxdhAIXU+sZHemowKvmd2vc4tNuYfG+8T3Hx3HQqsS6k+n+AAh5Zhf6DrX+PaEQ7lltXju\/ZrrX1owMIpMXMCAwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAacV+rYEHuyOc+fubErEtwHUVQpUZeYDK5yn8H0dVNCgTXteXX6vlWTR72ZmeOxUuDvryn15saKIl0t5hEOVcryDqo9ICczMKEJgDJty8BjcfFRiNIVP+o+YidWAivLSyFEiWtwCZ70DcnKUoE9W7eqIY0joJotSQLUWvGr2XbGIRZDVOOSbpnRHUIRnBTjXbyFUXki1LyVwGGKR1xeO2yHcqDgajjW38lUHoTNtDwmFozb+NQN0M2gao40OkeRHADDVdtTueGXgqTecPbhyOznG7LHTj1VGeaunb2dek67U2jG5Xadxob6EyVw1oQZfx7xFpJ1jlXlX\/YogxAu5rMAAD2TCCA9UwggK9oAMCAQICCQDa9ja0Q9SlizANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTUwNzE2MjIzNDM5WhcNMzgwMTE5MjIzNDM5WjCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9y"}
00885{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1621067209199,"flow_last_seen":1621067209346,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1753,"flow_avg_l4_payload_len":292,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01763{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":348677,"pkt_caplen":1047,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1047,"pkt_l4_len":1013,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQJ6FZAADQGF+BSUS4NwKgBsijL8XxcuYApHpAkbYAYABCpVAAAAQEICgY\/kt4np1JJdEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUO1Fz0DUSEsjDTllBSNE7wbCm1Q+DISmLeL\/rw0SdxmaCmu4EH6Cfq+DNeMVs0zTdujaybVLrWElJg5l\/5ua26NuCY7RncdRcyi+vt3Ayh1A1fMGQiNA0GS2poYGzSe379FXq4LLiV8afLq8xSQNuaW6sR\/V+rtZTrODagjOgkx71afiKpmRrnFZhUEzIfX4hNC9tCBWNCucHPwt1z9T2tAs1y7urJo7a9Ka8F4rBkok5MYNPh00jtuLb9KuQAT4H8zliqV\/W+oGjLde694UouRoShJWwgxi7TG3SnJXW6MTQUGeZ8T0TRUtui3XuXbgfI6HOkcHYL\/XbMUktex1jAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIcX+43sZ0q0zbIaaV6YjJpSuQvR8bkEGUE\/3atBZJjf+3Keq7YJd+llHwVPeYmtKvRiZ2sW0lqVzuI6uME+b5RgiBGomoySycdQRUbu3TFGZ5JqMiLyk\/Pd2FBpQGXhjBP1l1QWgB7I+MCIWCDjL1Ju1Qd8FCvUo2bZ9KhhM\/jo8Zlo5ydvnJOu6WW0S5fIDrkQejpBSIjafLJTtPIOJVyGKrhyJbQu0QmnTUD896n2L1uJ6SFuPdOCR+AlALc720XQ7ODAr7MyrjziAr5uqZ6op9QCKifuHDMD61VcgTeTbCIaIQFI0hC7ZViUdakOx0+UPbVSwq\/6jpxBxJKMuIcWAwMBbQwAAWkDABhhBMm9s8Y8J88iOw9K3+u\/3AfajdDmrOpBOO7giMyfvSo5L\/76QGF2ZlvSm5\/aYk7PEkCLUKOwycUsoss4h\/BaMQU642JPmP9wHYeCTg+9d9CS\/+TR1nnQLnRts\/8c07kKowYBAQASdYRrtnQlQGsnr5R9dQPyOge8X+Ol+hFeyjDQ05ioqRL2NErNJ\/f\/5E2vi9SjcqwCh\/8Rvtgxf4MWxHT6e+W4J3MkugNzmGTmtOIZuWfKU069SGKwwFKpf99govz567LcYHAuM6Fcu8TDjaNFc\/xkEzhqjGXW0+ocq9JKdMBGLnb+ooYJ1j3Hn3gnd2wBcI5NVa+d6JU+S2SHRTFuxmt5wnEO8a6XCffR1RNI4YgkpUsYwj8KPa0\/FY2fsM0Y7aw00S1JBF0SQ1uMsB4H74MKpmQ1XhXANJp1eqsFjBJ8mFwjk1VcoRdvIoEIC3kt5cXRdjSemxw85wvfacyQB2pcFgMDAAQOAAAA"}
01150{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1621067209199,"flow_last_seen":1621067209348,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
00429{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":348733,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCRtXLmD\/oAQD+HSxwAAAQEICienUpoGP5Le"}
00648{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":359930,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"EBMx8Tl2KDc3AG3ICABFAADSAABAAEAG923AqAGyUlEuDfF8KMsekCRtXLmD\/oAYEADMNQAAAQEICienUqQGP5LeFgMDAGYQAABiYQSZ4VMIFZunofNsZKskfH9CoUgEbmPZM0172VWSipLEiZJ8tBi\/dHcTG7RCWrNcz2\/AQcYpNTA8ndBbNxkUK+HcYMWAPwYzPIZ4h1KcmSlyEOlOUeciFUxTbOcYEEByNToUAwMAAQEWAwMAKFEeBZdZ7Ez9Dk9UFd\/JAeDaptobTxU9txDkeQwFw2\/S5DFGqpTkZnw="}
00763{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":434000,"pkt_caplen":308,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":308,"pkt_l4_len":274,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEm6FdAADQGGsJSUS4NwKgBsijL8XxcuYP+HpAlC4AYABGhyQAAAQEICgY\/kugnp1KkFgMDALoEAAC2AAABLACwZZ5ezzAqP9XZMgDoL75RZ9gKsZPtv3hFgtTFajzKS8k1\/xXE2UCuTttunJSuBdIuKnEN\/Z99ojHQB0lZwOl\/jM0gwh2EA\/I4zNTxQf7PJXpRHQf3ROtUVUwTQMijIEMa04osUwsU4WGHLeJX38Ov5jzlweBhxRbW+NGtPsf0oW7yQnCIs+4EBuGsjX4ef7FPEE4ombBosBmM3sxpznGrqFUZaO+DnJkmP0+l9yxH78cUAwMAAQEWAwMAKDjhilnLpQKXwZ7zjsk+KQxeJhW\/yKcV\/p5IeQ8pH8uqlOmBkLiZfsE="}
00430{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":434122,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCULXLmE8IAQD\/jQwgAAAQEICienUu4GP5Lo"}
01148{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":863706,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":596,"pkt_l4_len":562,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJGAABAAEAG9fnAqAGyUlEuDfF8KMsekCULXLmE8IAYEADC4AAAAQEICienVJcGP5LoFwMDAg1RHgWXWexM\/mIEDJ\/McXA79GaLqQ5pQt9rVkd6JDfUN4ZkXKSM5GEiQRpeNRfiTGywxAcOBrqBRZj1LP9N\/xr6kcPnz37IVvdng99Zu4qN0tu3JjAWqzlmGI8hL0h\/dF3ikHLYbqzz+5dpKPySqLIJXA2nqfQAyBQ6C78L+iHxvXCl7csbkhIKiJqyuobIhGViKzgc4Fz61jlXTZH5oUZlirB9FOYDKALeku3FV62alcW3sCkgk737CmTUeO1MDinSrEL0N1r84hQ68LeAyeYuDNJLdkvf9R8P0RWklgudkNlEIo3ijFTwEZeUrH1dKQI6FZvNSFNIrPAF6xijePjBkSU5r9TFijYT57lMN18yLTe+4Sb+ajDgAedyIH9R3zU09dyoMVoZbrKh0oPZQS1amJPq+cTaoweXsucOqHvJfib6fFONqLJqK1f+OjSvb9SKdsrmbV30wBxxh7RRNkQOvyVK2L+8kvnHlH7GU\/mRo3GXRpsHJ3nB3H+Z4Zlr1jfKiIhIQ+cC\/rGWj3sg1KazHr5l+rA8SAWkF6dHDkSndqtrQl9obY51F\/21FofIVg+RdqN+czJ2ToVOszESmLY9oYccQR+r1CfJCwu55ROBTq1M6E5\/2O7m1UwZ2WTFIAMVXKRbHfkuq7F4ixdDqxeVcKBZSjAIFXDlIuBm7GsV2+LccE0EHC+DBzSoYpw="}
01477{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":929036,"pkt_caplen":841,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":841,"pkt_l4_len":807,"pkt":"KDc3AG3IEBMx8Tl2CABFAAM76FhAADQGGKxSUS4NwKgBsijL8XxcuYTwHpAnHYAYABJplAAAAQEICgY\/kxknp1SXFwMDAwI44YpZy6UCmGq90u0xpH+SWX7ArQhxGoFyYzhteRYnGGj9ujnorokis6dxlUOpBMe4Qi3frKXBnQ2KpQk9GehHhJQTecOvD8CrAxpffjF\/gLgBdNaNY4NyiIL0mrCmbImPw1uxfTGXZ2t6I8ey7fWkTARZnVFiEfNkCsuO5cKaJzkei+RcWDnnVeBmkbvxqX7105dP\/vY3dE2wX3mpkXVoDvUWoNh+u6NCMm2hIBt2LAvgDXKnZwIjOfAdJN09oXkHRVWoBuZOo8Iivm0wpzGFxAE34Lbr+07QO8zo3digkSQRyRGh1jAcbZmyz+KLsajqn5cJMrJ6cGelxe+64at6k+JhsvLAtS44wuQq4iHEICApXevboeLwC8SdmVvmPOgQltKq\/nJZxH3XvoS+glODB7fv6RToBwUwAoIZecZEK5G0YWjYDojAQyqq5PDO\/3SFaYROKelZ8uiwxbAULBSoySoVUXduAM7HzUtr88MCqzkaHA66OxXgxx8HKeqkcKMRE4+4x9TwonVpd6RtnDA32Sv12o5p2Vj1Kq6yLmDqFIbrRXCNwpKFGBt4614EYpFV\/7IMPwD7Ek529bOo5utyAyTDIuPeVPj8eE3\/5aZXX7lT+BTHbFHeoyHKzi90ZV3d7XR3BStzkMsOAgUl6cBHrTslMA23O9v7QOsh5ceDXHQdXs1knd7lOv59PDtRkOBkIwSw9HwS+OHlVx23Xve7ogGe4wURgOR0JbHbYEHQrln5RphPxuA3hOrY1MAmbhbmF4GQ\/NOozuXTa6n+9T8\/0+rpEVktCQdedJUq2XJHryBZtPgAbthRtBC8bLElx4RL3NiO1uWX9fFqLN1PdmZ+AJYrtLIthmsjj0m1gFKseBlPFSFAEkwvMIhl9+2ATIQEp54vUdZkExcDP0f311TzfETsG3588mXZfgOVKqUmf00CQTffPCZl7JdJJhOKuXjFIEk2ZYGcnrJdpksbC60cpzNeb9Rco0uXdabJQmqEJSCC6Wc1LHWeAOVd730yn1TEDw=="}
00429{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":929134,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCcdXLmH94AQD+fJnwAAAQEICienVNgGP5MZ"}
00833{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067210,"pkt_ts_usec":13684,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"pkt":"EBMx8Tl2KDc3AG3ICABFAAFcAABAAEAG9uPAqAGyUlEuDfF8KMsekCcdXLmH94AYEACyHwAAAQEICienVSwGP5MZFwMDASNRHgWXWexM\/2AsPQ+vcQD6Zrq79uzdvo1W7uAfC\/k3Byxhuizp\/YGYPMVkseftaRj2FAH4N018E4DBa+lsL9iw+ZdF6EwUFEV9dU86dto3QLflhJd79EQEWry9hfEixzEL5qg3vL4B9+HG9XiwsmnlyQsXu3q4hobjm6f7dl\/tLVTXOm+RfKFkQWrOQos25nenEVSy7gEpcimMFjYLMFf151XwfwKy0jS3xvMmtVtqXEUQ5dljnoYADAHHgiQywX37bbFJuUorxqp2XW\/jSBpLjwzMpOBxWPCcYkSfX2DtP2ri+jJbddTED4521ycf1HWorm4iKnB5RUfnR5SfBytC10nISYiaI+Vactl9PdL8VSrK2LgqMTFYHb\/lL13xz7xgHZ4="}
00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":21,"flow_first_seen":1621067203571,"flow_last_seen":1621067204682,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3422,"flow_avg_l4_payload_len":162,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":25,"flow_first_seen":1621067204622,"flow_last_seen":1621067205708,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6751,"flow_avg_l4_payload_len":270,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":24,"flow_first_seen":1621067205651,"flow_last_seen":1621067206738,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3853,"flow_avg_l4_payload_len":160,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":29,"flow_first_seen":1621067206773,"flow_last_seen":1621067207860,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7276,"flow_avg_l4_payload_len":250,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1901,"flow_first_seen":1621067209199,"flow_last_seen":1621067222261,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":277457,"flow_avg_l4_payload_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00133{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2000/2000
~~ skipped flows.............: 0
~~ total layer4 data length..: 362931 bytes
~~ total detected protocols..: 5
~~ total active/idle flows...: 5/5
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 4935278 bytes
~~ total memory freed........: 4935278 bytes
~~ total allocations/frees...: 60397/60397
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Powered by cgit, Themed by Ted Yin.