aboutsummaryrefslogtreecommitdiff
path: root/test/results/pluralsight.pcap.out
blob: e4e975edd115a563ae1f933a06caa16c98a47c8d (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

00491{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"pluralsight.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"pluralsight.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648373355763733}
00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355763733,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373355763733,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355763733,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373355763733,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8t1dAAEAGzuTAqAGANkW8EqaSAbs5mmmUAAAAAKAC+vDIPgAAAgQFtAQCCAqK+PnbAAAAAAEDAwc="}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373355952180,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOAG5js2RbwSwKgBgAG7ppJ9QO7SOZpplaASaN998gAAAgQFtAQCCApSMR4Hivj52wEDAwg="}
01227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1648373355952549,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5t1lAAEAGzOXAqAGANkW8EqaSAbs5mmmVfUDu04AYAfbrKAAAAQEICor4+pdSMR4HFgMBAgABAAH8AwM1jCFDKADpkwCWNDdgH\/adXVGzDgYuQsQMuim+6yCdjCAuElAWaAcNbYd22pDJpusrU2oMuj5gm\/t2Aky6e512VAAgamoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAAABQAEgAAD3BsdXJhbHNpZ2h0LmNvbQAXAAD\/AQABAAAKAAoACCoqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApKioAAQAAHQAgy0tnman9YKIJBU2tFJ\/X+H4+8C285s8hNvU9rt60YmAALQACAQEAKwAHBgoKAwQDAwAbAAMCAAJEaQAFAAMCaDJqagABAAAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373355952549,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}}
01251{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139861,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1648373356139861,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}}
01599{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355952549,"flow_dst_last_pkt_time":1648373356139971,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5590,"midstream":0,"thread_ts_usec":1648373356139971,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.com","tls": {"version":"TLSv1.2","server_names":"*.pluralsight.com,pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=*.pluralsight.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"31:0B:3D:03:7A:6A:F8:86:8F:CE:62:30:E9:A2:F1:47:E5:6C:3D:F7"}}}
00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357854664,"flow_dst_last_pkt_time":1648373357854664,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357854664,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1648373357854664,"flow_dst_last_pkt_time":1648373357854664,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373357854664,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8tRVAAEAG8mLAqAGAkks+0KceAbt\/83TdAAAAAKAC+vCjygAAAgQFtAQCCAquLcooAAAAAAEDAwc="}
00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357861427,"flow_dst_last_pkt_time":1648373357861427,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357861427,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1648373357861427,"flow_dst_last_pkt_time":1648373357861427,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373357861427,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA85z1AAEAGwDrAqAGAkks+0KcmAbuYBq2TAAAAAKAC+vBS8wAAAgQFtAQCCAquLcouAAAAAAEDAwc="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1648373357854664,"flow_dst_last_pkt_time":1648373357870317,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373357870317,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGrniSSz7QwKgBgAG7px6MpPZof\/N03qAS\/\/\/QggAAAgQFTAQCCApC6QiXri3KKAEDAwk="}
01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357870317,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1648373357870481,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5tRdAAEAG8GPAqAGAkks+0KceAbt\/83TejKT2aYAYAfY+HwAAAQEICq4tyjdC6QiXFgMBAgABAAH8AwNByQDZoxI4dOK0Sqz8YqFtpt\/EgjJNogy+qC4qHtET5yBBjqjV\/zD\/ZZYcaXw3kK2L11Av5ASkLtB9CBYWZu3HRgAg2toTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTGhoAAAAAABsAGQAAFnBsdXJhbHNpZ2h0Mi5pbWdpeC5uZXQAFwAA\/wEAAQAACgAKAAh6egAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKXp6AAEAAB0AICyryrnXcbLoAjfLxc89+emszCPBlJNQz9WtPrwFSKZoAC0AAgEBACsABwZ6egMEAwMAGwADAgACRGkABQADAmgySkoAAQAAFQDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01173{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357870317,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357870481,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight2.imgix.net","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1648373357861427,"flow_dst_last_pkt_time":1648373357879338,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373357879338,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGrniSSz7QwKgBgAG7pyYtR\/VLmAatlKAS\/\/8fEgAAAgQFTAQCCAr1hBcPri3KLgEDAwk="}
01226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357879338,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1648373357879453,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI55z9AAEAGvjvAqAGAkks+0KcmAbuYBq2ULUf1TIAYAfb0QgAAAQEICq4tykD1hBcPFgMBAgABAAH8AwMVCkjcl1ldHYszMMhbvCrBmyAv89Ky2j4DTP7XcUyMOSBZfmcNBQmySrBYu\/Xc6jDaJEswZCfnt+SXnGDnGRc5VwAgCgoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAAABoAGAAAFXBsdXJhbHNpZ2h0LmltZ2l4Lm5ldAAXAAD\/AQABAAAKAAoACBoaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApGhoAAQAAHQAgibFRT+4ffFiWVzdt9+CHYgJvYueRYWReY4H44PP66lMALQACAQEAKwAHBurqAwQDAwAbAAMCAAJEaQAFAAMCaDJaWgABAAAVAMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357879338,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373357879453,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.imgix.net","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}}
01256{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357887214,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1340,"midstream":0,"thread_ts_usec":1648373357887214,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight2.imgix.net","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}}
01499{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357870481,"flow_dst_last_pkt_time":1648373357887226,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4020,"midstream":0,"thread_ts_usec":1648373357887226,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight2.imgix.net","tls": {"version":"TLSv1.2","server_names":"*.imgix.com,*.imgix.net,imgix.com,imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.imgix.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D"}}}
01255{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357901597,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1340,"midstream":0,"thread_ts_usec":1648373357901597,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.imgix.net","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}}
01498{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357879453,"flow_dst_last_pkt_time":1648373357901597,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4020,"midstream":0,"thread_ts_usec":1648373357901597,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"pluralsight.imgix.net","tls": {"version":"TLSv1.2","server_names":"*.imgix.com,*.imgix.net,imgix.com,imgix.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.imgix.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C6:A8:D1:F3:16:08:C6:7F:9F:58:B9:3B:87:A6:A1:75:BC:67:F8:8D"}}}
00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358908144,"flow_dst_last_pkt_time":1648373358908144,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373358908144,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1648373358908144,"flow_dst_last_pkt_time":1648373358908144,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373358908144,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8pPxAAEAG95PAqAGAEsvJOKZ6AbsXjcxKAAAAAKAC+vDGJwAAAgQFtAQCCAq7LqF\/AAAAAAEDAwc="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1648373358908144,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373358948816,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOUG948Sy8k4wKgBgAG7pnpgCgHJF43MS6ASaN+FjQAAAgQFtAQCCAqVXttnuy6hfwEDAwg="}
01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1648373358949276,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5pP5AAEAG9ZTAqAGAEsvJOKZ6AbsXjcxLYAoByoAYAfahVQAAAQEICrsuoaiVXttnFgMBAgABAAH8AwPQaIxCQafGfU7U68BjTWz12bgC7rPMRDrwBcYKkg2BtiCsXEdEYhfEEMAlvDmVmL\/9\/3dvAf\/ZUZkvazPc8sBEAwAg6uoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAAABgAFgAAE3N0dC5wbHVyYWxzaWdodC5jb20AFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKVpaAAEAAB0AIC1NIbYz00S\/PDWD2znXWT+4vqGbUzfdyPQt1wB6uPFJAC0AAgEBACsABwb6+gMEAwMAGwADAgACRGkABQADAmgyuroAAQAAFQDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01174{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358948816,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373358949276,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}}
01257{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358988767,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1648373358988767,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}}
01541{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358949276,"flow_dst_last_pkt_time":1648373358992536,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4344,"midstream":0,"thread_ts_usec":1648373358992536,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"stt.pluralsight.com","tls": {"version":"TLSv1.2","server_names":"stt.pluralsight.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, CN=stt.pluralsight.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"C5:A3:DE:6D:71:B1:15:77:EC:86:38:E6:30:1C:F5:AC:18:9D:BE:82"}}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359576448,"flow_dst_last_pkt_time":1648373359576448,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359576448,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1648373359576448,"flow_dst_last_pkt_time":1648373359576448,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373359576448,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TutAAEAGHxbAqAGAaBOif780Abvdb02GAAAAAKAC+vDHywAAAgQFtAQCCArb1PDNAAAAAAEDAwc="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1648373359576448,"flow_dst_last_pkt_time":1648373359597402,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648373359597402,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGdQloE6J\/wKgBgAG7vzSUVFy03W9Nh4AS\/\/\/FjwAAAgQFeAEBBAIBAwMK"}
01211{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359597402,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1648373359600685,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItTu1AAEAGHSPAqAGAaBOif780Abvdb02HlFRctVAYAfYwgAAAFgMBAgABAAH8AwOIgQTFWwPXqiGWcEl1+ZXYiujgmOb6nQAZYCe\/QQpLyiA8RROCb85LShovAJOvtUQPlP7tKhROlf321DTdV6NmHgAgysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT2toAAAAAABgAFgAAE3d3dy5wbHVyYWxzaWdodC5jb20AFwAA\/wEAAQAACgAKAAgKCgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKQoKAAEAAB0AIEbEu4abSNoKA92bDrKiGkIvMOu6w9kvXP7U129h\/FVaAC0AAgEBACsABwaamgMEAwMAGwADAgACRGkABQADAmgyGhoAAQAAFQDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01176{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359597402,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359600685,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"www.pluralsight.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}}
01221{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":40,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359621466,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359621466,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"www.pluralsight.com","tls": {"version":"TLSv1.3","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359646502,"flow_dst_last_pkt_time":1648373359646502,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359646502,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1648373359646502,"flow_dst_last_pkt_time":1648373359646502,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373359646502,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8yIlAAEAGdgjAqAGAaBHR8K7iAbvIMdGjAAAAAKAC+vD8DgAAAgQFtAQCCArhZSj9AAAAAAEDAwc="}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1648373359646502,"flow_dst_last_pkt_time":1648373359662167,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648373359662167,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGRZpoEdHwwKgBgAG7ruI30m4VyDHRpIAS\/\/+CtAAAAgQFeAEBBAIBAwMK"}
01210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359662167,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1648373359662306,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItyItAAEAGdBXAqAGAaBHR8K7iAbvIMdGkN9JuFlAYAfapQAAAFgMBAgABAAH8AwNnKyM21\/SbS3Q02cIKvbAgcmV67HQB0KXsoOxxl9v++yDRdtN3P07Qel84K9CWVDBxLwdJHbn9d9oomO2+9M0CRgAgenoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAAAD4APAAAOXpuNnF6cTZjYWF1Y3VkZXNyLXBsdXJhbHNpZ2h0LnNpdGVpbnRlcmNlcHQucXVhbHRyaWNzLmNvbQAXAAD\/AQABAAAKAAoACLq6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAgm5zCzvNJzsWd1VyD4DXwZiQmlSanX10JAobLY4rSfTUALQACAQEAKwAHBsrKAwQDAwAbAAMCAAJEaQAFAAMCaDJaWgABAAAVAJ4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359662167,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373359662306,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}}
01259{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359681609,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pluralsight","proto_id":"91.61","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com","tls": {"version":"TLSv1.3","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}}
00770{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359646502,"flow_src_last_pkt_time":1648373359662306,"flow_dst_last_pkt_time":1648373359681609,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.17.209.240","src_port":44770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00769{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373358908144,"flow_src_last_pkt_time":1648373358995982,"flow_dst_last_pkt_time":1648373359037654,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":4402,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.203.201.56","src_port":42618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00770{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648373359576448,"flow_src_last_pkt_time":1648373359600685,"flow_dst_last_pkt_time":1648373359621466,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.19.162.127","src_port":48948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00769{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357890274,"flow_dst_last_pkt_time":1648373357906518,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5003,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00769{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357907751,"flow_dst_last_pkt_time":1648373357922416,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5003,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00768{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373356146750,"flow_dst_last_pkt_time":1648373356334094,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":5848,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"pluralsight.pcap","alias":"nDPId-test","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":26716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":49,"global_ts_usec":1648373359681609}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 44/44
~~ skipped flows.............: 0
~~ total layer4 data length..: 26716 bytes
~~ total detected protocols..: 6
~~ total active/idle flows...: 6/6
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6480368 bytes
~~ total memory freed........: 6480368 bytes
~~ total allocations/frees...: 122591/122591
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 496 chars
~~ json string max len.......: 1604 chars
~~ json string avg len.......: 1049 chars
Powered by cgit, Themed by Ted Yin.