1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"malware.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569571466977,"flow_last_seen":0,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569571466,"pkt_ts_usec":977364,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"CGoKOl4eMFLLbJwbCABFAABcg9cAAEARLQnAqAcHAQEBAaWCADUASMoKC6QBIAABAAAAAAABA3d3dw9pbnRlcm5ldGJhZGd1eXMDY29tAAABAAEAACkQAAAAAAAADAAKAAjrBFAObfGpig=="}
00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569571466977,"flow_last_seen":0,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.internetbadguys.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00482{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569571467,"pkt_ts_usec":1085,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"MFLLbJwbCGoKOl4eCABFAABgLqZAADcRSzYBAQEBwKgHBwA1pYIATEdsC6SBgAABAAEAAAABA3d3dw9pbnRlcm5ldGJhZGd1eXMDY29tAAABAAHADAABAAEAAAABAARD11zSAAApBawAAAAAAAA="}
00673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1569571466977,"flow_last_seen":1569571467001,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.internetbadguys.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"67.215.92.210"}}
00450{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569571470672,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569571470,"pkt_ts_usec":672893,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"CGoKOl4eMFLLbJwbCABFAABU4M1AAEABCcTAqAcHkIv33AgApMYAAQABjsKNXQAAAABuRAoAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
00482{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569571470672,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569571476362,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569571476,"pkt_ts_usec":362891,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0sPtAAEAGObHAqAcHkIv33IOqAFCfbfb4AAAAAIAC+vBQPgAAAgQFtAEBBAIBAwMH"}
00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569571476362,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569571476362,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569571470672,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1569571466977,"flow_last_seen":1569571467001,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569579408876,"flow_last_seen":0,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00849{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579408,"pkt_ts_usec":876326,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"pkt":"CGoKOl4eMFLLbJwbCABFAAFxQQlAAEAGkCXAqAcHQ9dc0r0KAFDJvdSn63fGVVAYAfZpvAAAR0VUIC8gSFRUUC8xLjENCkhvc3Q6IHd3dy5pbnRlcm5ldGJhZGd1eXMuY29tDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBydjo2OC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY4LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkROVDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQ0KDQo="}
00715{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569579408876,"flow_last_seen":0,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.OpenDNS","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.internetbadguys.com","url":"www.internetbadguys.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; rv:68.0) Gecko\/20100101 Firefox\/68.0"}}
00466{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579409,"pkt_ts_usec":87861,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"MFLLbJwbCGoKOl4eCABFAABUIjBAADgGuBtD11zSwKgHBwBQvQrrd8wJyb3V8FAYAO11CAAALDXKuXRPxt9F45TTtQ17T177PqBz\/8Tm+6YgbZe0R+XFq38BUlr3UR8MAAA="}
00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569579416636,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579416,"pkt_ts_usec":636584,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0xe5AAEAGDH3AqAcHQ9dc0omkAbvdSlrrAAAAAIAC+vBofwAAAgQFtAEBBAIBAwMH"}
00422{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579416,"pkt_ts_usec":828379,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"MFLLbJwbCGoKOl4eCABFAAA0AABAADgG2mtD11zSwKgHBwG7iaQdaco+3Upa7IASchDpWQAAAgQFtAEBBAIBAwMH"}
00406{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579416,"pkt_ts_usec":828406,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"CGoKOl4eMFLLbJwbCABFAAAoxe9AAEAGDIjAqAcHQ9dc0omkAbvdSlrsHWnKP1AQAfZocwAA"}
01103{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579416,"pkt_ts_usec":830077,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"pkt":"CGoKOl4eMFLLbJwbCABFAAItxfBAAEAGCoLAqAcHQ9dc0omkAbvdSlrsHWnKP1AYAfZqeAAAFgMBAgABAAH8AwNiGwz6Nx6gZEkQ5mHfc0bz9cG8Q1IQ44DgAeGoVKlHzyC81+PdFDLSNn+Pdda1KG5hVhfTFmh4W9u7vJ1FmUKJWAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQABjwAAABwAGgAAF3d3dy5pbnRlcm5ldGJhZGd1eXMuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAzAGsAaQAdACCsOS9UcRaQolAvHH2lkEhvl6dNSVE29u8oKtYL+CH9BQAXAEEEoQXtl8vTSjgX92dpSeeQSX7Rmu4m1tT+guDWflQ+qUwx5JY0QUT2kxtvCYRY4\/6+TGd5ECmhJM43gC52CQwAHQArAAkIAwQDAwMCAwEADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1569579416636,"flow_last_seen":1569579416830,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00415{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":18328,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"MFLLbJwbCGoKOl4eCABFAAAoJgFAADgGtHZD11zSwKgHBwG7iaQdaco\/3Upc8VAQAO2ZSgAAAAAAAAAA"}
02366{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":29746,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MFLLbJwbCGoKOl4eCABFAAXcJgJAADgGrsFD11zSwKgHBwG7iaQdaco\/3Upc8VAQAO2JzQAAFgMDAEECAAA9AwOa8CbmIYLLORDT1HMzSXUr5DAbh3ZNL4mtllETBChcZwDALwAAFf8BAAEAAAsABAMAAQIAIwAAAAUAABYDAxBECwAQQAAQPQALnzCCC5swggqDoAMCAQICEA2S4SYiNapCCj9kLK8AtiMwDQYJKoZIhvcNAQELBQAwTTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEnMCUGA1UEAxMeRGlnaUNlcnQgU0hBMiBTZWN1cmUgU2VydmVyIENBMB4XDTE4MDQyNjAwMDAwMFoXDTIwMDcyOTAwMDAwMFowbDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xFjAUBgNVBAoTDU9wZW5ETlMsIEluYy4xGDAWBgNVBAMTD2FwaS5vcGVuZG5zLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANFe5RV9FWMejiuAedy83bKi99wc6eVJ9gxWHVD6DIdnVp8uJu7ko4lNWSZSHFA7ddiZBBCoaZ0q2DItmdSWkLGzkVlKrtTmyErtja60BY0ZShOkFIw4L9o4rMYKFDihhYnoFEJoVjoU8NowIlgdVzWiSPijrpLUVEh15+lcIXjOSdpUg4wicB+v9Ja2+ONWEmrQ40RRZIfXJ+sHQa\/E81Ei38tQouzBEuMG12jhf0ZPpeAJ\/AzHsvcJkWY2Ng\/DTELFAM7s8ey4ciWPIb+bg\/i4tG7s\/73JusB4AqcpVXmAIAkUIhHOZRyRa2DBGSaNMZin2Az4qz1PAxkYy+py2msCAwEAAaOCCFYwgghSMB8GA1UdIwQYMBaAFA+AYRyCMWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBR7ONynPoW1tvxlGV7XqExiGFHreTCCBJ8GA1UdEQSCBJYwggSSgg9hcGkub3BlbmRucy5jb22CGWJyYW5kZWQtbG9naW4ub3BlbmRucy5jb22CFmNhY2hlY2hlY2sub3BlbmRucy5jb22CFWNvbW11bml0eS5vcGVuZG5zLmNvbYIWZGFzaGJvYXJkMi5vcGVuZG5zLmNvbYIVZGFzaGJvYXJkLm9wZW5kbnMuY29tghpkYXNoYm9hcmQtaXB2NC5vcGVuZG5zLmNvbYIVbXNwLWxvZ2luLm9wZW5kbnMuY29tghRhcGktaXB2NC5vcGVuZG5zLmNvbYIUYXBpLWlwdjYub3BlbmRucy5jb22CFWF1dGh6LmFwaS5vcGVuZG5zLmNvbYISZG9tYWluLm9wZW5kbnMuY29tghRoZWxwLnZwbi5vcGVuZG5zLmNvbYIUaWRlYWJhbmsub3BlbmRucy5jb22CEWxvZ2luLm9wZW5kbnMuY29tghNuZXRnZWFyLm9wZW5kbnMuY29tghpyZXNlbGxlci1sb2dpbi5vcGVuZG5zLmNvbYISaW1hZ2VzLm9wZW5kbnMuY29tghhpbWFnZXMtdXNpbmcub3BlbmRucy5jb22CEXN0b3JlLm9wZW5kbnMuY29tghJzaWdudXAub3BlbmRucy5jb22CEnR3aWxpby5vcGVuZG5zLmNvbYITdXBkYXRlcy5vcGVuZG5zLmNvbYISc2hhcmVkLm9wZW5kbnMuY29tghF0b29scy5vcGVuZG5zLmNvbYIRY2FjaGUub3BlbmRucy5jb22CEGFwaS51bWJyZWxsYS5jb22CGmJyYW5kZWQtbG9naW4udW1icmVsbGEuY29tghdjYWNoZWNoZWNrLnVtYnJlbGxhLmNvbYIWY29tbXVuaXR5LnVtYnJlbGxhLmNvbYIXZGFzaGJvYXJkMi51bWJyZWxsYS5jb22CFmRhc2hib2FyZC51bWJyZWxsYS5jb22CG2Rhc2hib2E="}
00858{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1569579416636,"flow_last_seen":1569579417029,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00406{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":29778,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"CGoKOl4eMFLLbJwbCABFAAAoxfFAAEAGDIbAqAcHQ9dc0omkAbvdSlzxHWnP81AQAfVocwAA"}
02380{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":29821,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MFLLbJwbCGoKOl4eCABFAAXcJgNAADgGrsBD11zSwKgHBwG7iaQdac\/z3Upc8VAQAO0lMgAAcmQtaXB2NC51bWJyZWxsYS5jb22CFm1zcC1sb2dpbi51bWJyZWxsYS5jb22CFWFwaS1pcHY0LnVtYnJlbGxhLmNvbYIVYXBpLWlwdjYudW1icmVsbGEuY29tghZhdXRoei5hcGkudW1icmVsbGEuY29tghNkb21haW4udW1icmVsbGEuY29tghVoZWxwLnZwbi51bWJyZWxsYS5jb22CFWlkZWFiYW5rLnVtYnJlbGxhLmNvbYISbG9naW4udW1icmVsbGEuY29tghRuZXRnZWFyLnVtYnJlbGxhLmNvbYIbcmVzZWxsZXItbG9naW4udW1icmVsbGEuY29tghNpbWFnZXMudW1icmVsbGEuY29tghlpbWFnZXMtdXNpbmcudW1icmVsbGEuY29tghJzdG9yZS51bWJyZWxsYS5jb22CE3NpZ251cC51bWJyZWxsYS5jb22CE3R3aWxpby51bWJyZWxsYS5jb22CFHVwZGF0ZXMudW1icmVsbGEuY29tghNzaGFyZWQudW1icmVsbGEuY29tghJ0b29scy51bWJyZWxsYS5jb22CEmNhY2hlLnVtYnJlbGxhLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIB9QYKKwYBBAHWeQIEAgSCAeUEggHhAd8AdQCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWMDXchzAAAEAwBGMEQCIFTwPSzquKFW5HUiYU\/zIQQmF\/0KBNbLEXmO85TgdtvgAiBfwZ3J3Dx8uTYNM0iOZnheXqrrgpCH+en\/keS7Yyf9KgB2AG9Tdqwx8DEZ2JkApFEV\/3cVHBHZAsEAKQaNsgiaN9kTAAABYwNdyhYAAAQDAEcwRQIhAP63AMWZiylpR0M0FjgAyqMe\/47i75E1\/S\/+0HOB2NjRAiBXMuVKKA3CIs0v+Fcmw5Zz\/6wZB1noI8dI6HMBp3SfqwB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABYwNdyTEAAAQDAEcwRQIhAL5iHDu\/wdgrlFN\/zFT9bEw9r6A790WGiSil4WTCVmMcAiBtjip5jRY9gF2T6URXMwNqAdeBp85T99iwK54Gbt9UawB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABYwNdy7cAAAQDAEcwRQIhAL0UgBpmLeXFVE50bIiMURcQnPF3CoOjw9SBs3\/C8fLjAiBjLnb\/fOEZz9WEQh1+78qFXx6KbWaNsClMaCQYoJPctDANBgkqhkiG9w0BAQsFAAOCAQEAMbeQT2gSGbVn\/wOJr1qt3QTHlj0vxjVefxCUz4xqMfjpsq5tPx29LFoKI8jsKX21paTfpgO0Y\/Xl4Op\/f\/WT4ghx2lE3CeIpkDlXLQATo0I+JWSgTHAArpnlVdWj7o0H8Egd\/GuA965Yv9qNv2FebG4mGH8="}
00406{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":29833,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"CGoKOl4eMFLLbJwbCABFAAAoxfJAAEAGDIXAqAcHQ9dc0omkAbvdSlzxHWnVp1AQAe1ocwAA"}
02381{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":30048,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MFLLbJwbCGoKOl4eCABFAAXcJgRAADgGrr9D11zSwKgHBwG7iaQdadWn3Upc8VAQAO1JHAAARNk9pfZV7I9ElU6SgJxcRHIV94DjSSsWF9RsD5dj1oIWxXbkhtWnQPBZy1BIcYZnDWsisnzgGQ22qgarCJE\/kOuiC\/5jBgh1Q4zfFZk+fnJNhdRb5ktR\/b2Ak6V+ZhvK6coJ4A7Pg8iMpArwd99hSOWOTf45CCKbOkpX2VPk+Bxw1a7nHUsrEsR\/OXsABJgwggSUMIIDfKADAgECAhAB\/aPrbsp1yIhDi3JLz7yRMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMB4XDTEzMDMwODEyMDAwMFoXDTIzMDMwODEyMDAwMFowTTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEnMCUGA1UEAxMeRGlnaUNlcnQgU0hBMiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3K5YkE3BxDAVkDVbbjyCFfUsXL3j2\/9xQ\/pkJYDU7hiiTfBm0ApzbhGYNhdkrzed\/fpBhK\/Hr4z+GnNNzzOXkKKWh1ODK7mmdUgtHVY3e9oxMhrXrKsG9KpdS7dHRt0qk8OQLnmAgO8TBGoUO7Wbkr7CB2VO\/Nr8\/3qu3Fx+VTEM6DkHpNe+L9MLatKx31\/+V3RTOzWA3a6ORJiznw7T2uDX9Gspq0SnS1iEbZJLgcPac4sSl0iQBEV1Gt03MZeS6M1UDTvkwT85Xi6481x+EI6GQQCNRWZHsKFlzqCqKQlO85fr6C6rD3KnMA76x\/T9FHfDpFsoV8Kz+YL9t0VYmwIDAQABo4IBWjCCAVYwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUD4BhHIIxYdUvKOeNRji0LOHG2eIwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQELBQADggEBACM+30vSMUKltn5CXBpEzGnRaLRdS+AEIWxL4m3MseCXj6ZTCc2qKmXlOU8eg6VuXJiiJCbm+6Htk8cuAsZNSr+wQt942rOo+W3\/IYVTNmBMds7sONzWUYDwxdbl1E0nZKubxz5x+0iXuDNtyRMH7paiGxgV9lxMQO2zwuz\/ccHjR\/\/UuQC0N0LaIMnqboruFAaufaJZmIioG28t9PLJFF8mzyyNfu03wKnVObmCvxkM6jSvACFo+K1z4sky2jglC1XTmh3waIbtLkE073ylUB2\/OvnTwQgM5u0eilgl5Lh3rS1u9VLdtHSPq0kunTuTNCgfeM6U6se908ltHN5cMvMWAwMB3xYAAdsBAAHXMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQPgGEcgjFh1S8o541GOLQs4cbZ4hgPMjAxOTA5MjcwMTQ5MjFaMHMwcTBJMAkGBSsOAwIaBQAEFBBfpnqACJ21J581zoMLQ4ieo8cNBBQPgGEcgjFh1S8="}
02277{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":10,"flow_first_seen":1569579416636,"flow_last_seen":1569579417030,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4897,"flow_avg_l4_payload_len":489,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","server_names":"api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C"}}
00407{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":30065,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"CGoKOl4eMFLLbJwbCABFAAAoxfNAAEAGDITAqAcHQ9dc0omkAbvdSlzxHWnbW1AQAeRocwAA"}
01340{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":30085,"pkt_caplen":744,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":744,"pkt_l4_len":710,"pkt":"MFLLbJwbCGoKOl4eCABFAALaJgVAADgGscBD11zSwKgHBwG7iaQdadtb3Upc8VAYAO3\/JwAAKOeNRji0LOHG2eICEA2S4SYiNapCCj9kLK8AtiOAABgPMjAxOTA5MjcwMTQ5MjFaoBEYDzIwMTkxMDA0MDEwNDIxWjANBgkqhkiG9w0BAQsFAAOCAQEApK6VzrjK91yb6FSVVm\/UiXJhZYa5yYF3BuSeQy4KOiWGoHzO25yWIoH0FK9P35LE\/t9kBs308fazkHhWtvw0ptjB9WpU9h7Z8SbYGMMxTBrQlgXMmEoRkKC4Dlw9WibeiBgph1pcKmDhGh\/6CX6ihWDeoj97y9FDFgP5\/liK4YTZPFFbCLKVxDvBQBBvISewRGImfBRVHuLBKXdyPdUyZZVLGsmdDYkSxveMjpUUB6xcjhskcYbz\/v76DGJG9K78Y0zEbvabxUXt\/6owRMhGHY1G7DzmxHWKvoJicIr1cR2g2TOEd0M3i6XmKuTs82Pyq5VPdsIZiwBdFj3uG2OAVBYDAwFNDAABSQMAF0EEmXhvub5TWRGO0aD\/UlMVL8UfAIdaGsni5keBBubBLyToK6+HMpJvVJMQ+UAHWSWt7qidLl12hCiIPFACyk8GRQQBAQASEWa9eLfY+l9CyIYf6hqCgMSRiAQNOrOBxQI++JmYwD1J+UaeS7A7TFEqiaUs0V+DOiY4KZl3oR+KNU4rp7L7pK\/1LveAIsG2Tt+cVDnfumD7IiyIMhmt87tDeu53rFJPsxSMdfiATBKbvqstwTOoeYM9uqj3o4MAhKo4RPWoa3WQEeWoHPMk1C1JNhZPWsf7uPfdGJWSHNnbNpVvTnmDGdR1sr8nbiL8kDvwFAu+oyqas204\/SFrslbDoenktC2QTvSxmvwpF40+U+3enpiBCM5feYjRkV8TkMU60uxNEQlKCjWc4LTk245i7xa17NwolfS+w26sCo78oYa1VcqyFgMDAAQOAAAA"}
00407{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":30097,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"CGoKOl4eMFLLbJwbCABFAAAoxfRAAEAGDIPAqAcHQ9dc0omkAbvdSlzxHWneDVAQAd9ocwAA"}
00581{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":39098,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"CGoKOl4eMFLLbJwbCABFAACmxfVAAEAGDATAqAcHQ9dc0omkAbvdSlzxHWneDVAYAfVo8QAAFgMDAEYQAABCQQQXnDccjfVZWhqBUucdKddp1G59dDixN1oUPMNrwd\/5+g0DfHVKaOkM7PBEa\/PQ0DStvwqbgxEQhAx2pf\/kyEJVFAMDAAEBFgMDACgAAAAAAAAAAMBOO2LVRDZ5rUhBnMhKrHETxOl4WnHbkdoDiQqlhuRT"}
00451{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":39640,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"CGoKOl4eMFLLbJwbCABFAABHxfZAAEAGDGLAqAcHQ9dc0omkAbvdSl1vHWneDVAZAfVokgAAFQMDABoAAAAAAAAAARyktu6aPdJhbsX8oiEa2+1Qow=="}
00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":20,"flow_first_seen":1569579416636,"flow_last_seen":1569579417280,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6018,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1569579408876,"flow_last_seen":1569579409087,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":373,"flow_avg_l4_payload_len":186,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test"}
|