1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
00488{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"long_tls_certificate.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1609756181300,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756181,"pkt_ts_usec":300869,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqknAqAE8ag9ke9glAbsIXeEZAAAAALAC\/\/9qjwAAAgQFtAEDAwUBAQgKDpRqEwAAAAAEAgAA"}
00451{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756181,"pkt_ts_usec":671657,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"KDc3AG3IEBMx8Tl2CABFAABAAABAACsGv0lqD2R7wKgBPAG72CWlbC1xCF3hGrASMqDiugAAAgQFrAEBAQEBAQEBAQEBAQEBAQEEAgAA"}
00421{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756181,"pkt_ts_usec":671808,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGqmHAqAE8ag9ke9glAbsIXeEapWwtclAQ\/\/+JLgAA"}
01120{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756181,"pkt_ts_usec":681181,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"pkt":"EBMx8Tl2KDc3AG3ICABFAAItAABAAEAGqFzAqAE8ag9ke9glAbsIXeEapWwtclAY\/\/+6nwAAFgMBAgABAAH8AwPaLdEq+3GSHdtF+4ttW9KB\/sTfZhziqSrMTPedTeLckgAAhswUzBPMFcAwwCzAKMAkwBTACgCjAJ8AawBqADkAOP+FAMQAwwCIAIcAgcAywC7AKsAmwA\/ABQCdAD0ANQDAAITAL8ArwCfAI8ATwAkAogCeAGcAQAAzADIAvgC9AEUARMAxwC3AKcAlwA7ABACcADwALwC6AEHAEsAIABYAE8ANwAMACgD\/AQABTQAAABwAGgAAF2JlYWNvbi1hcGkuYWxpeXVuY3MuY29tAAsABAMAAQIACgA6ADgADgANABkAHAALAAwAGwAYAAkACgAaABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQANACYAJAYBBgIGA+\/vBQEFAgUDBAEEAgQD7u7t7QMBAwIDAwIBAgICAzN0AAAAEAAOAAwCaDIIaHR0cC8xLjEAFQCjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00745{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1609756181300,"flow_last_seen":1609756181681,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00426{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":32584,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAosodAACkGDtpqD2R7wKgBPAG72CWlbC1yCF3jH1AQHIRqpQAAAAAAAAAA"}
02370{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":35428,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUsohAACkGCS1qD2R7wKgBPAG72CWlbC1yCF3jH1AQHIScHwAAFgMDAGYCAABiAwNJG4xUCuaJD9t\/MpaNduncOH59x5uIxbalW8qat6w+NiCgetLVp\/s33qraCXEgez0aJJBWY\/R9dMTYW1HqAw1BA8ArAAAa\/wEAAQAAAAAAAAsABAMAAQIAEAAFAAMCaDIWAwMZuAsAGbQAGbEAFT4wghU6MIIUIqADAgECAgwc5mSsdn950NYZ2Y4wDQYJKoZIhvcNAQELBQAwZjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExPDA6BgNVBAMTM0dsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0EgLSBTSEEyNTYgLSBHMjAeFw0yMDExMjUxMDEyMDdaFw0yMTEyMjcxMDA2MDZaMHkxCzAJBgNVBAYTAkNOMREwDwYDVQQIEwhaaGVKaWFuZzERMA8GA1UEBxMISGFuZ1pob3UxLTArBgNVBAoTJEFsaWJhYmEgKENoaW5hKSBUZWNobm9sb2d5IENvLiwgTHRkLjEVMBMGA1UEAwwMKi5hbGl5dW4uY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEX8DOidQanu01bTZp2rxBuXR9dZJJRt7fHTflE7zGP\/bT84MkTATEhxOz3+NFOuva3vxRvYT\/N7t1iqLN\/cYtuqOCEp4wghKaMA4GA1UdDwEB\/wQEAwIDiDCBoAYIKwYBBQUHAQEEgZMwgZAwTQYIKwYBBQUHMAKGQWh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzb3JnYW5pemF0aW9udmFsc2hhMmcycjEuY3J0MD8GCCsGAQUFBzABhjNodHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIwVgYDVR0gBE8wTTBBBgkrBgEEAaAyARQwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQICMAkGA1UdEwQCMAAwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc29yZ2FuaXphdGlvbnZhbHNoYTJnMi5jcmwwgg\/OBgNVHREEgg\/FMIIPwYIMKi5hbGl5dW4uY29tghptYW5hZ2VyLmNoYW5uZWwuYWxpeXVuLmNvbYIQKi5hY2UuYWxpeXVuLmNvbYIbKi5hY3MtaW50ZXJuYWwuYWxpeXVuY3MuY29tghAqLmFjcy5hbGl5dW4uY29tghQqLmFpY3Jvd2QuYWxpeXVuLmNvbYIUKi5hbGliYWJhY2xvdWQuY28uaW6CEiouYWxpYmFiYWNsb3VkLmNvbYIVKi5hbGliYWJhY2xvdWQuY29tLmF1ghUqLmFsaWJhYmFjbG91ZC5jb20uaGuCFSouYWxpYmFiYWNsb3VkLmNvbS5teYIVKi5hbGliYWJhY2xvdWQuY29tLnNnghUqLmFsaWJhYmFjbG91ZC5jb20udHeCDCouYWxpY2RuLmNvbYIOKi5hbGljbG91ZC5jb22CFSouYWxpZ3JvdXAuYWxpeXVuLmNvbYIMKi5hbGltZWkuY29tghIqLmFsaW5rLmFsaXl1bi5jb22CFCouYWxpb3MuYWxpeXVuY3MuY29tgg0qLmFsaXBsdXMuY29tghUqLmFsaXRyYW54LmFsaXl1bi5jb22CFiouYWxpeXVuLWlvdC1zaGFyZS5jb22CDiouYWxpeXVuY3MuY29tggoqLmFseW1zLmNugh0qLmFwLW5vcnRoZWFzdC0xLmFsaXl1bmNzLmNvbYIZKi5hcC1zb3V0aC0xLmFsaXl1bmNzLmNvbYIdKi5hcC1zb3V0aGVhc3Qt"}
00803{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1609756181300,"flow_last_seen":1609756182035,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02360{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":35504,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUsolAACkGCSxqD2R7wKgBPAG72CWlbDMeCF3jH1AQHISyVgAAMS5hbGl5dW5jcy5jb22CHSouYXAtc291dGhlYXN0LTIuYWxpeXVuY3MuY29tgh0qLmFwLXNvdXRoZWFzdC0zLmFsaXl1bmNzLmNvbYIdKi5hcC1zb3V0aGVhc3QtNS5hbGl5dW5jcy5jb22CECouYXBpLmFsaXl1bi5jb22CECouYXBtLmFsaXl1bi5jb22CECouYXBwLmFsaXl1bi5jb22CDCouYXNtbGluay5jboIUKi5iYW5tYS5hbGl5dW5jcy5jb22CFyouYmFzZS5zaHVqdS5hbGl5dW4uY29tgg8qLmJpLmFsaXl1bi5jb22CECouYml6LmFsaXl1bi5jb22CEyouYnJpZGdlLmFsaXl1bi5jb22CEiouY2NjLmFsaXl1bmNzLmNvbYITKi5jZW50ZXIuYWxpeXVuLmNvbYIWKi5jaXR5YnJhaW4uYWxpeXVuLmNvbYIVKi5jbG91ZGFwcC5hbGl5dW4uY29tgg8qLmNsb3VkZWFnbGUuY26CFiouY2xvdWRnYW1lLmFsaXl1bi5jb22CGSouY24tYmVpamluZy5hbGl5dW5jcy5jb22CGSouY24tY2hlbmdkdS5hbGl5dW5jcy5jb22CGSouY24tZ3VpemhvdS5hbGl5dW5jcy5jb22CGSouY24taGFpZGlhbi5hbGl5dW5jcy5jb22CIiouY24taGFuZ3pob3UtZmluYW5jZS5hbGl5dW5jcy5jb22CGiouY24taGFuZ3pob3UuYWxpeXVuY3MuY29tghoqLmNuLWhvbmdrb25nLmFsaXl1bmNzLmNvbYIbKi5jbi1odWhlaGFvdGUuYWxpeXVuY3MuY29tghkqLmNuLW5pbmd4aWEuYWxpeXVuY3MuY29tgh8qLmNuLW5vcnRoLTItZ292LTEuYWxpeXVuY3MuY29tgiAqLmNuLXFpbmdkYW8tbmVidWxhLmFsaXl1bmNzLmNvbYIZKi5jbi1xaW5nZGFvLmFsaXl1bmNzLmNvbYIkKi5jbi1zaGFuZ2hhaS1maW5hbmNlLTEuYWxpeXVuY3MuY29tghgqLmNuLXNoYW5naGFpLmFsaXl1bi5jb22CGiouY24tc2hhbmdoYWkuYWxpeXVuY3MuY29tgiUqLmNuLXNoZW56aGVuLWNsb3Vkc3RvbmUuYWxpeXVuY3MuY29tgiQqLmNuLXNoZW56aGVuLWZpbmFuY2UtMS5hbGl5dW5jcy5jb22CGiouY24tc2hlbnpoZW4uYWxpeXVuY3MuY29tghkqLmNuLXNpY2h1YW4uYWxpeXVuY3MuY29tgh0qLmNuLXpoYW5namlha291LmFsaXl1bmNzLmNvbYIUKi5jb25uZWN0LmFsaXl1bi5jb22CGiouY29uc29sZS5hbGliYWJhY2xvdWQuY29tghYqLmNvbnNvbGUuYWxpY2xvdWQuY29tghQqLmNvbnNvbGUuYWxpeXVuLmNvbYIPKi5jcy5hbGl5dW4uY29tghcqLmNzY2hhdC1jY3MuYWxpeXVuLmNvbYIRKi5kYXRhLmFsaXl1bi5jb22CFCouZGF0YWFwaS5hbGl5dW4uY29tghQqLmRhdGFxLmFsaXl1bmNzLmNvbYISKi5kYXRhdi5hbGl5dW4uY29tghQqLmRhdGF2LmFsaXl1bmNzLmNvbYIUKi5kZXZsb3BzLmFsaXl1bi5jb22CEyouZGV2b3BzLmFsaXl1bi5jb22CESouZGl0dS5hbGl5dW4uY29tghMqLmRvbWFpbi5hbGl5dW4uY29tghIqLmR5aW90LmFsaXl1bi5jb22CECouZWJzLmFsaXl1bi5jb22CESouZW1hcy5hbGl5dW4uY29tghAqLmVtci5hbGl5dW4uY29tghcqLmVudGVycHJpc2UuYWxpeXVuLmNvbYIQKi5lbnYuYWxpeXVu"}
02360{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":35574,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUsopAACkGCStqD2R7wKgBPAG72CWlbDjKCF3jH1AQHIQzGQAALmNvbYIYKi5ldC1pbmR1c3RyeS5hbGl5dW4uY29tghsqLmV1LWNlbnRyYWwtMS5hbGl5dW5jcy5jb22CGCouZXUtd2VzdC0xLmFsaXl1bmNzLmNvbYIPKi5mYy5hbGl5dW4uY29tgh0qLmZlZWRiYWNrLmNvbnNvbGUuYWxpeXVuLmNvbYISKi5ndHMteC5hbGl5dW4uY29tghAqLmd0cy5hbGl5dW4uY29tghUqLmhlbHAtY2NzLmFsaXl1bi5jb22CDSouaWFsaWNkbi5jb22CGCouaW4tbXVtYmFpLmFsaXl1bmNzLmNvbYIQKi5pb3QuYWxpeXVuLmNvbYIXKi5qcC1mdWRhby5hbGl5dW5jcy5jb22CFyoubGlua2VkbWFsbC5hbGl5dW4uY29tghQqLmxpbmt3YW4uYWxpeXVuLmNvbYITKi5saXZpbmcuYWxpeXVuLmNvbYISKi5sdWJhbi5hbGl5dW4uY29tgg4qLm0uYWxpeXVuLmNvbYITKi5tYXJrZXQuYWxpeXVuLmNvbYIXKi5tYXhjb21wdXRlLmFsaXl1bi5jb22CGCoubWUtZWFzdC0xLmFsaXl1bmNzLmNvbYISKi5tZWRpYS5hbGl5dW4uY29tghoqLm1pY3JvZGluZ3RhbGsuYWxpeXVuLmNvbYIQKi5taXQuYWxpeXVuLmNvbYITKi5tb2JpbGUuYWxpeXVuLmNvbYIRKi5tc2VhLmFsaXl1bi5jb22CECoubXRzLmFsaXl1bi5jb22CECoubXZwLmFsaXl1bi5jb22CEyoubmVidWxhLmFsaXl1bi5jb22CEioubmxzLmFsaXl1bmNzLmNvbYIRKi5vZHBzLmFsaXl1bi5jb22CECoub25zLmFsaXl1bi5jb22CECoub3NlLmFsaXl1bi5jb22CFSoucGFpLmRhdGEuYWxpeXVuLmNvbYIeKi5wY3MtZ3ctY24tYmVpamluZy5hbGl5dW4uY29tgh8qLnBjcy1ndy1jbi1zaGFuZ2hhaS5hbGl5dW4uY29tgg0qLnBocHdpbmQuY29tgg0qLnBocHdpbmQubmV0ghwqLnByZS1zZy1wdXJjaGFzZS5hbGl5dW4uY29tghMqLnByZXB1Yi5hbGl5dW4uY29tghsqLnByb2R1Y3QuY2VudGVyLmFsaXl1bi5jb22CECoucHRzLmFsaXl1bi5jb22CIiouci1hcHAtY24tYmVpamluZy1kYXRhLmFsaXl1bi5jb22CIyouci1hcHAtY24taGFuZ3pob3UtZGF0YS5hbGl5dW4uY29tgiMqLnItYXBwLWNuLXNoZW56aGVuLWRhdGEuYWxpeXVuLmNvbYIXKi5yLWFwcC1kYXRhLmFsaXl1bi5jb22CECoucmRjLmFsaXl1bi5jb22CECoucmRzLmFsaXl1bi5jb22CESoucmVpZC5hbGl5dW4uY29tghYqLnNjLWNtZGIuYWxpeXVuY3MuY29tghEqLnNjc3AuYWxpeXVuLmNvbYIRKi5zZy5hbGl5dW5jcy5jb22CEiouc2h1anUuYWxpeXVuLmNvbYISKi5zbWFydC5hbGl5dW4uY29tghAqLnNvYy5hbGl5dW4uY29tghIqLnNvYy5hbGl5dW5jcy5jb22CDyouc3BhcmVub2RlLmNvbYILKi5zdXBldC5jb22CCioudGJ1cmwuaW6CECoudGVhbWJpdGlvbi5jb22CECoudGVhbWJpdGlvbi5uZXSCFCoudGVhbWJpdGlvbmFwaXMuY29tghQqLnRpYW5jaGkuYWxpeXVuLmNvbYIUKi50b29sa2l0LmFsaXl1bi5jb22CDyoudHYuYWxpeXVuLmNvbYIaKi50dy1nYW94aW9uZy5hbGl5dW5jcy5jb22CGCoudXMtZWFzdC0xLmFsaXl1bmNzLmNv"}
00420{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":35606,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGqmHAqAE8ag9ke9glAbsIXeMfpWw4ylAQ\/\/970QAA"}
02370{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":35697,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUsotAACkGCSpqD2R7wKgBPAG72CWlbD52CF3jH1AQHISgZgAAbYIYKi51cy13ZXN0LTEuYWxpeXVuY3MuY29tghMqLndlYmlkZS5hbGl5dW4uY29tghIqLnl1bnR1LmFsaXl1bi5jb22CEmFjY291bnQud3d3Lm5ldC5jboISYWxpYmFiYWNsb3VkLmNvLmlughBhbGliYWJhY2xvdWQuY29tghNhbGliYWJhY2xvdWQuY29tLmF1ghNhbGliYWJhY2xvdWQuY29tLmhrghNhbGliYWJhY2xvdWQuY29tLm15ghNhbGliYWJhY2xvdWQuY29tLnNnghNhbGliYWJhY2xvdWQuY29tLnR3ggphbGljZG4uY29tggxhbGljbG91ZC5jb22CCmFsaW1laS5jb22CFGFsaXl1bi1pb3Qtc2hhcmUuY29tggxhbGl5dW5jcy5jb22CDWRjLnd3dy5uZXQuY26CDmRtcC53d3cubmV0LmNugg5kbnMud3d3Lm5ldC5jboIQcGFuZGEud3d3Lm5ldC5jboITcGFuZGF2aXAud3d3Lm5ldC5jboILcGhwd2luZC5jb22CC3BocHdpbmQubmV0ggxzY2RucGhpNi5jb22CDXNwYXJlbm9kZS5jb22CCXN1cGV0LmNvbYIIdGJ1cmwuaW6CDnRlYW1iaXRpb24uY29tgg50ZWFtYml0aW9uLm5ldIISdGVhbWJpdGlvbmFwaXMuY29tghJ0aWFuY2hpLWdsb2JhbC5jb22CEHdob2lzLnd3dy5uZXQuY26CCmFsaXl1bi5jb20wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFJbeYfG9HBYpUxzAzH07gwBA5hp8MB0GA1UdDgQWBBS1rMccry6USHZgDo7Wjgdj5z3EHzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AG9Tdqwx8DEZ2JkApFEV\/3cVHBHZAsEAKQaNsgiaN9kTAAABdf7jnGIAAAQDAEYwRAIgb6RcZA8xurHDVBi7zHLW5fKk76P8WvRINl7DZMhJNA0CIC6ZLUg8oBD52LdtCamtIOPfVrJh85neJA9P\/iS5nDLvAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF1\/uOfNwAABAMASDBGAiEAkvtjq2hkFY7U9xUn1jC5F5+3yd7QS9qssGn+05rbopkCIQDA7JaNItVj9eImcEl5yUAAEz+onEzzy+WlkDCVmyNMyzANBgkqhkiG9w0BAQsFAAOCAQEAkEFhPNKObcW9LPG0yDs227Vyth35HCLU63SLgeernqxxa1xcRfq8Q3wuR0uG0KVHMCEIOplP+9gs+egMTIKU+5GiKwYRphnJcWZbVAaAe2CnwerfXL+i39lZGil5aDrNQqNOQHvr0GtdbOAseYPgn8fUifvdlA8Up8umCjq\/g\/cb4cAhrrrTGjUmRuZnEO\/EuZlZoNZCrHxSuqUwqwzZb4KUmt3ufIM9qAtcOxD9x3+xjHtyJ+zJpXe6WFCIJwZs1ogu9opZIP1K9AFA\/C7BaXx8A48iuzemFveUdHe0kJG3dQZBdiUGjywqTARxqV3MlgWOMcCjfPSw\/0MJ8xJCOgAEbTCCBGkwggNRoAMCAQICCwQAAAAAAURO8EJHMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTQwMjIwMTAwMDAwWhcNMjQwMjIwMTAwMDAwWjBmMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRh"}
00422{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":35731,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGqmHAqAE8ag9ke9glAbsIXeMfpWxEIlAQ\/\/9weQAA"}
01837{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":35821,"pkt_caplen":1104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1104,"pkt_l4_len":1070,"pkt":"KDc3AG3IEBMx8Tl2CABFAARCsoxAACkGCrtqD2R7wKgBPAG72CWlbEQiCF3jH1AYHIQyjQAAdGlvbiBDQSAtIFNIQTI1NiAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxw5sPyOTf8xwpZ0gww5TP37ATsKYScpH1SPvAzSFdMijAi5GXAt9yYidT4vw+JxsjFU127\/ys+r741bnSkbZEyLKNtWbwajjlkOT8gy85vnm6JnIY0h4f1c2aRoZHVrR1H3CnNR\/4YASrnrqiOpX2MoKCjoSSaJiGXoNJPc367RzknsFI5sStc7rKd+kFAK5AaXUppxDZIje+H7+4\/Ue5f7co6jkZjHZTCXpGLmJWQmu6Z0cbTcPSh41ICjir9QhiwHERa1uK2OrkmthCk0g7XO6fM7+FrXbn4Dw1ots2Qh5Sk94ZdqSvL41+bPE+SeATv+WUuYCIOEHc+ldK72y8QIDAQABo4IBJTCCASEwDgYDVR0PAQH\/BAQDAgEGMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJbeYfG9HBYpUxzAzH07gwBA5hp8MEcGA1UdIARAMD4wPAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdsb2JhbHNpZ24ubmV0L3Jvb3QuY3JsMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL29jc3AuZ2xvYmFsc2lnbi5jb20vcm9vdHIxMB8GA1UdIwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj\/\/P1LMA0GCSqGSIb3DQEBCwUAA4IBAQBGKu5eva4BYDcxEYZxdLZGScgQFv4vYiMXqx+H+ILtyt8OLN9kdY7lGHKnjDqLyayld1D3756k4KCPFFejKl\/sfm0Q5rqNsAiHdg5MstlRuxEC8lzdHL3zVZYP1AbA\/OIjiiRw07vweRqnYXCDiq8GxSDYoWPQbK5PMteufBhFdQUpd99CQGRkhr4qdgkxbx0k9JnQhf7yIQj5xvbx0Fnt1lY8CCgDZ7rw+fGQFkeuZ+a8gEjpQnY0l1VpJA6D1qAttPXzeYpJKHQaQaHC0ySINTBglBe04QQiMT07LxcGsridhitaae+D9UvEqrQq+HyhsYWUjPQMhwz0rED4WUmYFgMDAJQMAACQAwAXQQQHBay7E+l5uDF6vN0dNLfHZ3XFe8J1r8409dB6E5YGVhU9B+hLA4Y34U3QyAAeGWQ1RguC3GcZ8MZf0+Ru71\/JBAMARzBFAiAgyGq4ahdxqLGVDNRsFNBgOBB+olXEjHLxrojVx2ay6wIhAOyZtyRBCq\/VlL8q4e2g98hxlplagBQF4DnrtMUJaXs6FgMDAAQOAAAA"}
04940{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1609756181300,"flow_last_seen":1609756182035,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7375,"flow_avg_l4_payload_len":614,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","server_names":"*.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2","issuerDN":"C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com","alpn":"h2,http\/1.1","fingerprint":"2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA"}}
00422{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":35862,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGqmHAqAE8ag9ke9glAbsIXeMfpWxIPFAQ\/\/9sXwAA"}
01837{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":43894,"pkt_caplen":1104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1104,"pkt_l4_len":1070,"pkt":"KDc3AG3IEBMx8Tl2CABFAARCso1AACkGCrpqD2R7wKgBPAG72CWlbEQiCF3jH1AYHIQyjQAAdGlvbiBDQSAtIFNIQTI1NiAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxw5sPyOTf8xwpZ0gww5TP37ATsKYScpH1SPvAzSFdMijAi5GXAt9yYidT4vw+JxsjFU127\/ys+r741bnSkbZEyLKNtWbwajjlkOT8gy85vnm6JnIY0h4f1c2aRoZHVrR1H3CnNR\/4YASrnrqiOpX2MoKCjoSSaJiGXoNJPc367RzknsFI5sStc7rKd+kFAK5AaXUppxDZIje+H7+4\/Ue5f7co6jkZjHZTCXpGLmJWQmu6Z0cbTcPSh41ICjir9QhiwHERa1uK2OrkmthCk0g7XO6fM7+FrXbn4Dw1ots2Qh5Sk94ZdqSvL41+bPE+SeATv+WUuYCIOEHc+ldK72y8QIDAQABo4IBJTCCASEwDgYDVR0PAQH\/BAQDAgEGMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJbeYfG9HBYpUxzAzH07gwBA5hp8MEcGA1UdIARAMD4wPAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdsb2JhbHNpZ24ubmV0L3Jvb3QuY3JsMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL29jc3AuZ2xvYmFsc2lnbi5jb20vcm9vdHIxMB8GA1UdIwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj\/\/P1LMA0GCSqGSIb3DQEBCwUAA4IBAQBGKu5eva4BYDcxEYZxdLZGScgQFv4vYiMXqx+H+ILtyt8OLN9kdY7lGHKnjDqLyayld1D3756k4KCPFFejKl\/sfm0Q5rqNsAiHdg5MstlRuxEC8lzdHL3zVZYP1AbA\/OIjiiRw07vweRqnYXCDiq8GxSDYoWPQbK5PMteufBhFdQUpd99CQGRkhr4qdgkxbx0k9JnQhf7yIQj5xvbx0Fnt1lY8CCgDZ7rw+fGQFkeuZ+a8gEjpQnY0l1VpJA6D1qAttPXzeYpJKHQaQaHC0ySINTBglBe04QQiMT07LxcGsridhitaae+D9UvEqrQq+HyhsYWUjPQMhwz0rED4WUmYFgMDAJQMAACQAwAXQQQHBay7E+l5uDF6vN0dNLfHZ3XFe8J1r8409dB6E5YGVhU9B+hLA4Y34U3QyAAeGWQ1RguC3GcZ8MZf0+Ru71\/JBAMARzBFAiAgyGq4ahdxqLGVDNRsFNBgOBB+olXEjHLxrojVx2ay6wIhAOyZtyRBCq\/VlL8q4e2g98hxlplagBQF4DnrtMUJaXs6FgMDAAQOAAAA"}
00438{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":43951,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqlXAqAE8ag9ke9glAbsIXeMfpWxIPIAQ\/\/9fEAAAAQEFCqVsRCKlbEg8"}
00517{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":47,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":47,"flow_first_seen":1609756181300,"flow_last_seen":1609756183162,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":12100,"flow_avg_l4_payload_len":257,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00140{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"long_tls_certificate.pcap","alias":"nDPId-test"}
|