1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
|
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"sites.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1595957694169}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1595957694169,"flow_last_seen":1595957694169,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1595957694169,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1595957694169,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1595957694169,"pkt":"CL6sCxdumt9Y+uvcCABFAAA86wlAAEAGQqHAqAypRav6FLRQAbvxSUO4AAAAAKAC\/\/943AAAAgQFtAQCCAp3CF\/6AAAAAAEDAwk="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1595957694175,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1595957694175,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAAFUGGKtFq\/oUwKgMqQG7tFDMBUIi8UlDuaASbHAk8gAAAgQFeAQCCAqwcikLdwhf+gEDAwg="}
00980{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1595957694181,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":447,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":447,"pkt_l4_len":413,"thread_ts_msec":1595957694181,"pkt":"CL6sCxdumt9Y+uvcCABFAAGx6wtAAEAGQSrAqAypRav6FLRQAbvxSUO5zAVCI4AYAKzC2gAAAQEICncIYAWwcikLFgMBAXgBAAF0AwMbz\/EVbbBeXTFd91pcxBNP5UcnCfq3Wnx+FKK431A8vCCYle6z8aZolVAW\/WsVOAFFqAocCpVZly96\/6VmRt6unAAGEwETAhMDAQABJQArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAgzM0Khe3cuLbHFAoUoUQ75VluiC+bl0wBHYa7GiFLSWoADQAGAAQEAwgEAAAAGwAZAAAWZWRnZS1tcXR0LmZhY2Vib29rLmNvbQAQAAsACQJoMgVoMi1mYgAtAAMCAQAAKgAAACkAoQB8AHb7PHlIDGTq5r6EmcaA47DeHw9k60TmJpJ4kMbWc07CmAAAAACvwY+4+cqVZO3LiyMH\/OBKqYTgxknPoune8SSx08gYUQ5v8dX54IHzjPiACk0t5hhgO+DjiFkUqTNKryO5SnHrNvAKz6QqOMdma4t912EvXAHgfFvQwwAhIFgFM36LO5BemV+W466ubu2dweNDP\/fyvoT9kq0FWNy9"}
00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1595957694169,"flow_last_seen":1595957694181,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1595957694181,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"edge-mqtt.facebook.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00951{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1595957694169,"flow_last_seen":1595957694188,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1595957694188,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"edge-mqtt.facebook.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,h2-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1623221441867}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623221441867,"flow_last_seen":1623221441867,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623221441867,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1623221441867,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1623221441867,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA8opRAAEAGGajAqAH6XHpfY6OWAbs7TQBaAAAAAKAC\/\/9coQAAAgQFtAQCCAqqdeFuAAAAAAEDAwk="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1623221441879,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1623221441879,"pkt":"AoEfHBPlpJGxgjQ5CABFAAA8AABAADgGxDxcel9jwKgB+gG7o5aALohKO00AW6AS\/ojeuQAAAgQFtAQCCAoeqlgsqnXhbgEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1623221441880,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623221441880,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA0opVAAEAGGa\/AqAH6XHpfY6OWAbs7TQBbgC6IS4AQAKwLVQAAAQEICqp14Xweqlgs"}
00916{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623221441867,"flow_last_seen":1623221441893,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1623221441893,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.TikTok","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"vcs-va.tiktokv.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00958{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1623221441867,"flow_last_seen":1623221441911,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1623221441911,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.TikTok","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"vcs-va.tiktokv.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1595957694169,"flow_last_seen":1595957694188,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":597,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1623221442073,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Messenger","breed":"Acceptable","category":"Chat"}}
00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":36,"packets-processed":35,"total-skipped-flows":0,"total-l4-data-len":9095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_msec":1623222051753}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623222051753,"flow_last_seen":1623222051753,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623222051753,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1623222051753,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623222051753,"pkt":"pJGxgjQ56CrqthSFCABFAAA0YDdAAIAGW9bAqAHjNElH4sOXAbv6yL58AAAAAIAC+vC20AAAAgQFtAEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1623222051852,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623222051852,"pkt":"6CrqthSFpJGxgjQ5CABFAAA0AABAAOkGUw00SUfiwKgB4wG7w5czz+y6+si+fYASaQMoIwAAAgQFtAEBBAIBAwMI"}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1623222051853,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1623222051853,"pkt":"pJGxgjQ56CrqthSFCABFAAAoYDhAAIAGW+HAqAHjNElH4sOXAbv6yL59M8\/su1AQAgHP+AAAAAAAAAAA"}
00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623222051753,"flow_last_seen":1623222051854,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1623222051854,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Fuze","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.fuze.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1623222051753,"flow_last_seen":1623222051957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1623222051957,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Fuze","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.fuze.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01192{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1623222051753,"flow_last_seen":1623222051957,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5798,"flow_avg_l4_payload_len":644,"midstream":0,"thread_ts_msec":1623222051957,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Fuze","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.fuze.com","server_names":"*.presence.fuze.com,presence.fuze.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=*.presence.fuze.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"B4:E1:85:91:CD:36:0A:89:7B:6F:A0:C1:11:B5:A5:29:CE:05:13:79"}}
00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1623221441867,"flow_last_seen":1623221458497,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8498,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1623222052202,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.TikTok","breed":"Fun","category":"SocialNetwork"}}
00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-data-len":17875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_msec":1623223595952}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623223595952,"flow_last_seen":1623223595952,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623223595952,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1623223595952,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1623223595952,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ZBhAAEAGCeXAqAGAW8au0MW8AbvaIBcHAAAAAKAC+vC78AAAAgQFtAQCCAq86k7VAAAAAAEDAwc="}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1623223595999,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1623223595999,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADEGfP1bxq7QwKgBgAG7xbxrNtsg2iAXCKASqbDzDgAAAgQFnAQCCAoXn7wwvOpO1QEDAwk="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1623223596002,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623223596002,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0ZBlAAEAGCezAqAGAW8au0MW8AbvaIBcIazbbIYAQAfbJTQAAAQEICrzqTwcXn7ww"}
00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623223595952,"flow_last_seen":1623223596004,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1623223596004,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Wikipedia","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.wikimedia.org","ja3":"6b5e0cfe988c723ee71faf54f8460684","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1623223595952,"flow_last_seen":1623223596052,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1623223596052,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Wikipedia","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"upload.wikimedia.org","ja3":"6b5e0cfe988c723ee71faf54f8460684","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":107,"source":"sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1623222051753,"flow_last_seen":1623222112185,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8780,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":1623223596203,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Fuze","breed":"Acceptable","category":"VoIP"}}
00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":119,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":119,"packets-processed":118,"total-skipped-flows":0,"total-l4-data-len":35609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":5,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_msec":1623226283573}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623226283573,"flow_last_seen":1623226283573,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623226283573,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1623226283573,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1623226283573,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA8M5RAAEAGJgDAqAH6LVLxM5vSAFAXgCu+AAAAAKAC\/\/9tawAAAgQFtAQCCAolvfRMAAAAAAEDAwk="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1623226283601,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623226283601,"pkt":"AoEfHBPlpJGxgjQ5CABFAAA0AABAADMGZpwtUvEzwKgB+gBQm9LNImc9F4Arv4ASchAIQAAAAgQFeAEBBAIBAwMK"}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1623226283602,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1623226283602,"pkt":"pJGxgjQ5AoEfHBPlCABFAAAoM5VAAEAGJhPAqAH6LVLxM5vSAFAXgCu\/zSJnPlAQAKy6PQAAAAAAAAAA"}
00823{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623226283573,"flow_last_seen":1623226283612,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1623226283612,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Likee","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"videosnap.like.video","url":"videosnap.like.video\/eu_live\/5uz\/1YOmxT.webp?type=8&resize=1&dw=360","code":0,"content_type":"","user_agent":"Like-Android"}}
00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":229,"source":"sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1623223595952,"flow_last_seen":1623223766553,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":17734,"flow_avg_l4_payload_len":341,"midstream":0,"thread_ts_msec":1623226286427,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Wikipedia","breed":"Safe","category":"Web"}}
00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":231,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":231,"packets-processed":230,"total-skipped-flows":0,"total-l4-data-len":108050,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":5,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_msec":1631088115362}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1631088115362,"flow_last_seen":1631088115362,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1631088115362,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1631088115362,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1631088115362,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8aylAAEAG8xTAqAGAx+hSbbaEAbsR7WhdAAAAAKAC+vCzrwAAAgQFtAQCCAqzLdcpAAAAAAEDAwc="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1631088115376,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1631088115376,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADQGaj7H6FJtwKgBgAG7toQ\/rdv6Ee1oXqAS\/\/\/HZwAAAgQFTAQCCApg6mr7sy3XKQEDAwk="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1631088115376,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1631088115376,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0aypAAEAG8xvAqAGAx+hSbbaEAbsR7WheP63b+4AQAfbzyQAAAQEICrMt1zdg6mr7"}
00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1631088115362,"flow_last_seen":1631088115376,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1631088115376,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vimeo","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"f.vimeocdn.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1631088115362,"flow_last_seen":1631088115392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":1861,"flow_avg_l4_payload_len":310,"midstream":0,"thread_ts_msec":1631088115392,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vimeo","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"f.vimeocdn.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01185{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1631088115362,"flow_last_seen":1631088115392,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":4549,"flow_avg_l4_payload_len":454,"midstream":0,"thread_ts_msec":1631088115392,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vimeo","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"f.vimeocdn.com","server_names":"*.vimeocdn.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.vimeocdn.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:0F:CF:EC:3C:13:25:E2:E1:4D:C6:52:A6:4D:8D:96:10:1E:8E:37"}}
00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":248,"source":"sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":112,"flow_first_seen":1623226283573,"flow_last_seen":1623226466507,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":72441,"flow_avg_l4_payload_len":646,"midstream":0,"thread_ts_msec":1631088115406,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Likee","breed":"Fun","category":"SocialNetwork"}}
00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":256,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":256,"packets-processed":255,"total-skipped-flows":0,"total-l4-data-len":113664,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":7,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_msec":1637349011376}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1637349011376,"flow_last_seen":1637349011376,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1637349011376,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1637349011376,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1637349011376,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TGJAAEAGkyTAqAGAj8wJQb8WAbs5hVBVAAAAAKAC+vA+\/wAAAgQFtAQCCAoHfmCrAAAAAAEDAww="}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1637349011393,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1637349011393,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8T5MAAPMGHPOPzAlBwKgBgAG7vxa2dgKJOYVQVqASBZSQpgAAAgQFoAQCCArIQyJ4B35gqwEDAwk="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1637349011393,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1637349011393,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0TGNAAEAGkyvAqAGAj8wJQb8WAbs5hVBWtnYCioAQABDE0gAAAQEICgd+YL3IQyJ4"}
00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1637349011376,"flow_last_seen":1637349011396,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":86,"midstream":0,"thread_ts_msec":1637349011396,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DisneyPlus","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"prod-static.disney-plus.net","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00947{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":263,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1637349011376,"flow_last_seen":1637349011405,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1637349011405,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DisneyPlus","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"prod-static.disney-plus.net","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":285,"source":"sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1631088115362,"flow_last_seen":1631088168165,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1344,"flow_tot_l4_payload_len":5614,"flow_avg_l4_payload_len":224,"midstream":0,"thread_ts_msec":1637349011425,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vimeo","breed":"Fun","category":"Streaming"}}
00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":285,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":285,"packets-processed":284,"total-skipped-flows":0,"total-l4-data-len":121431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":8,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_msec":1642584017659}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642584017659,"flow_last_seen":1642584017659,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1642584017659,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1642584017659,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1642584017659,"pkt":"CL6sCxdumt9Y+uvcCABFAAA8EtFAAEAG2zrAqAypFwxoU5lQAbvzO0RFAAAAAKAC\/\/9KaQAAAgQFtAQCCApYVYYCAAAAAAEDAwk="}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1642584017680,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1642584017680,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADcG9wsXDGhTwKgMqQG7mVB1nT8a8ztERqAS\/ojzIwAAAgQFtAQCCAqw3vMWWFWGAgEDAwc="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1642584017681,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1642584017681,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0EtJAAEAG20HAqAypFwxoU5lQAbvzO0RGdZ0\/G4AQAKwfuAAAAQEIClhVhhew3vMW"}
00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1642584017659,"flow_last_seen":1642584017683,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1642584017683,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AccuWeather","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.accuweather.com","ja3":"9b02ebd3a43b62d825e1ac605b621dc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":290,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1642584017659,"flow_last_seen":1642584017706,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1642584017706,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AccuWeather","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"api.accuweather.com","ja3":"9b02ebd3a43b62d825e1ac605b621dc8","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1637349011376,"flow_last_seen":1637349011425,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":7767,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1642584019409,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DisneyPlus","breed":"Fun","category":"Streaming"}}
00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":315,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":315,"packets-processed":314,"total-skipped-flows":0,"total-l4-data-len":128021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":9,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_msec":1643355518166}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643355518166,"flow_last_seen":1643355518166,"flow_idle_time":200000,"flow_min_l4_payload_len":1250,"flow_max_l4_payload_len":1250,"flow_tot_l4_payload_len":1250,"flow_avg_l4_payload_len":1250,"midstream":0,"thread_ts_msec":1643355518166,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02141{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1643355518166,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_msec":1643355518166,"pkt":"pJGxgjQ5SKRyNpegCABFAAT+PElAAIARThnAqAF72DrRLubeAbsE6urRwAAAAAEIZ7HskbOWr9QAAETQNKtjIjiCXCI+9vqBWPy31G7jDH4RlwYv0XhaWuj0UrdcSVWZIrVwzwDrJa8dEWOeUvaAw7BXeYev6bi8Nu9Z4LWOvt0+XPgNkeHB6PvaZ9N4cpB1UIRx6byg5QljaxCkgdia5\/WZz2yX\/TayWJG0egLwFK4DYqDDADilA59ewmPTSu6+F3\/EVfKw86o2Yio5HeQqtUOtEdw6pRwxBehgjTrZf0PMuk40XDPug94YB\/sEApD8Ghq1zUUVofn\/jZoji68n+CZ74BkmZ8LSaemosx3Vm7YV3yQUauQU4lBHNM2XdkooJSDGv9YINXu8hmpHdW\/1encLGdPSyOJC8itWve1maDbUaMRhrbQrpaAPeVfgND5alDCN2DMGvFe3nB6Pz2LOpDsj\/3ZN3caT5Nt0nSv8HN+DYWZc+2JmBlBY71FJ57bmTqruFnoZ\/GjM0BGxB5WlpJ0M3zE3M16k0p8WRYGK3bOkXFB5rtEix709VUri+WnB1ivvzP4A8iO977JvKVGlPddOYZ4k7qZne6v\/jb1y0P5AatOM7YYIeRI7u8jf\/xM8RY8UTL\/Pv+EQzBcgac+DyXJSt\/sJo+Uuz0dGCYpa4Aa01DbWUiA5x+j4g5WT5LGdKrytMkGgkIcVSlNAt4nWOQc2IroqJjfmf+NbusGe\/Gviz5jV93bOaTFv7sGyuvESP0iH2MD2mwPgizF6t5EabtXWaevGbit0evQ9O3bHeRpQwTlwh0hRD7WqrIf0Wri9spAJN53856UKZFRupvrVqTH40ht5wGl2g3HXmJvEKnWBsD1hEB3sacVd4lWjKim62JMTY6yUmMhRBlNu2AupnyFsChUJ1NgsRbg5cQPowXRIBVG8WcjCs7OHKUH\/zza5xjXEz1FrdKQASDLCvFyh9YUzlRmDx7d99nX5vf9AwJejikY1uel\/yRMHcT9IqYO0kZBeGiX2ZDJD7vD1sF+05Qq++ztAL3CTqhuU\/7KSbWKiGOoFGj9phj6fZiE+g9e7+HIVuvPAKr+aSbxS71gHelt+hKMcDj7jdDFk5P6TqQdUXfqrnN38RDusNZmvWB+23Sj9NvIjlpua1MtXRWVJaLY5mX9AL1kTENCHtxomZwiXSqkSWtzS8dZocOlqjfWrd2hnw5yl8b7T0843OsmN6ZOoho4X9bhFw\/52C+NFDBAC42\/6jsH2i4NdbJBqOAuf4tLWi3oaJ\/0r5Y0wWyVnBbFtq1sx6d6EHxqir52O50dkkD8SF7j+wGSCG2L1l5bcQGnAqpzpZNB8AgofMTbrgYgdYIyrh\/neffOlCQyXy2EgLb\/xWEt+QftF8p5n2FzevDADqTCGGVeWULgrEsb\/3qULNf4uZHaY4HBD6To7yTuITvaXdqFt30MJBKnhBexi0dhA\/MGpMyVJfR\/PhbhWZmiNdx\/LRAV2Semg\/nPWe+DzSBBXm7wJXZiE\/8ewkRVdkujJi\/QhXAX0aOL76X77YYeny\/V35WiIqUmuxRHrBRdP5AMMQo\/adJoX4bzVdEvw3cGw7\/\/hO2VzwL5m0trABzWAWdjRjsrTEu\/mWAVCZDP5\/peoG8YXeXsdHWwpRLyNJpzOlRz5aND24Jgn5x2v3PqoD5RBiIEHwD8jlV2fRCZXq1e7tPV6eLhSI74="}
00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643355518166,"flow_last_seen":1643355518166,"flow_idle_time":200000,"flow_min_l4_payload_len":1250,"flow_max_l4_payload_len":1250,"flow_tot_l4_payload_len":1250,"flow_avg_l4_payload_len":1250,"midstream":0,"thread_ts_msec":1643355518166,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleClassroom","breed":"Safe","category":"Collaborative"},"quic": {"client_requested_server_name":"classroom.google.com","user_agent":"Chrome\/97.0.4692.99 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3","ja3":"a27a03a8478393fe7f8958648bb71ff4","tls_supported_versions":"TLSv1.3"}}
00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":316,"source":"sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1642584017659,"flow_last_seen":1642584019409,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6590,"flow_avg_l4_payload_len":219,"midstream":0,"thread_ts_msec":1643355518166,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AccuWeather","breed":"Fun","category":"Web"}}
00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":316,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":316,"packets-processed":315,"total-skipped-flows":0,"total-l4-data-len":129271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":9,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_msec":1646482623895}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482623895,"flow_last_seen":1646482623895,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482623895,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1646482623895,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482623895,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8U5dAAEAGwa7AqAGAH95DcIjuAbuZU7+5AAAAAKAC+vB+rAAAAgQFtAQCCAqYsCyFAAAAAAEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1646482623937,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646482623937,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADIGI04f3kNwwKgBgAG7iO5SHRbemVO\/uoASa9CRawAAAgQFUAEBBAIBAwMH"}
01155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1646482623941,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646482623941,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItU5lAAEAGv7vAqAGAH95DcIjuAbuZU7+6Uh0W31AYAfZFAQAAFgMBAgABAAH8AwM7S+zQhzGHYgeM16HLoV5Lvv0qFp3\/Q9lLhcf6NGzgACCV4MycI1TbPUTQp0gTtBJdGxhCWPX0NxBb4Keh1UEhIQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAASABAAAA13d3cuYmFkb28uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIDy\/wV7uHvn89KVxoNawBj6O\/1N7J\/Rv6ROuT\/L2i752ABcAQQR8rtiFUa3yYRs4u6Ro\/84M9BXHGtIJp6HdzCSQRE\/jjRMPOqb5+WU5M\/Rwa3rXtSAPp6MS0Mul28MptoKZ2BK0ACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482623895,"flow_last_seen":1646482623941,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482623941,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Badoo","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.badoo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00934{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482623895,"flow_last_seen":1646482623982,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":474,"midstream":0,"thread_ts_msec":1646482623982,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Badoo","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.badoo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":320,"source":"sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1643355518166,"flow_last_seen":1643355518166,"flow_idle_time":200000,"flow_min_l4_payload_len":1250,"flow_max_l4_payload_len":1250,"flow_tot_l4_payload_len":1250,"flow_avg_l4_payload_len":1250,"midstream":0,"thread_ts_msec":1646482623982,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleClassroom","breed":"Safe","category":"Collaborative"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482634412,"flow_last_seen":1646482634412,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482634412,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1646482634412,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482634412,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ehBAAEAGVvPAqAGArEH7TtLuAburPYAuAAAAAKAC+vCVcQAAAgQFtAQCCAoaoTMuAAAAAAEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1646482634431,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646482634431,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkG2AusQftOwKgBgAG70u5kgyMxqz2AL4AS\/\/99tgAAAgQFeAEBBAIBAwMK"}
01152{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1646482634434,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646482634434,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItehJAAEAGVQDAqAGArEH7TtLuAburPYAvZIMjMlAYAfajwgAAFgMBAgABAAH8AwNOB4Gzi6+YArAvzkfwrorK9DEddM7BFl3e3mWx5EKfGSCorzDjbh21t2eWZKubSdOdkcLfUyHi+FUzEXYnC03sBQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAATABEAAA53d3cuZ2l0bGFiLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACA5FC8LVJQpX7CGnPMJyGCVSqmP\/UlOQqTKt4aSCzonPAAXAEEEf41WX9lKjs6LoM+3mxjeublwFG7G1\/kkw4gmsHPLzdToe\/hXlsiK3SyaMLeOC3M5q1ZNvI72xevTMYH\/wlBkVwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482634412,"flow_last_seen":1646482634434,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482634434,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GitLab","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.gitlab.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":323,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482634412,"flow_last_seen":1646482634459,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1646482634459,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GitLab","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.gitlab.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482646628,"flow_last_seen":1646482646628,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482646628,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1646482646628,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482646628,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8eQxAAEAGb\/bAqAGAAhGNgKZUAbv+Ru5OAAAAAKAC+vDfwAAAAgQFtAQCCAp7uQs2AAAAAAEDAwc="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1646482646646,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482646646,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgG8QICEY2AwKgBgAG7plR0ThXR\/kbuT6AS\/oh2XAAAAgQFtAQCCAqpkTIKe7kLNgEDAwc="}
01165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1646482646648,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482646648,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5eQ5AAEAGbffAqAGAAhGNgKZUAbv+Ru5PdE4V0oAYAfbaKAAAAQEICnu5C0qpkTIKFgMBAgABAAH8AwMSh5Kk8yD8gdWVB2YFzzg9KRBCWJ\/pzlApBrokxgf2OCBs84UpHDw4uY4jKpCVZJzZAhJUrEs0AlJ7gTtfJSwiWgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAXABUAABJ3d3cuYWN0aXZpc2lvbi5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAg40qefHDImQJEkibGm9hnpGwl44lKo4KOQS8qsLRSATsAFwBBBPNBVrG5A+ZLqrow1aQOaEgsW+53RcPAplpAt8ULtljoAJH8CjL7YTSZ+PIOiRhMhirRlex47cXc5PiOAFYE9T0AKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482646628,"flow_last_seen":1646482646648,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482646648,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Activision","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.activision.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482646628,"flow_last_seen":1646482646665,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482646665,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Activision","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.activision.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
02301{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1646482646628,"flow_last_seen":1646482646669,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5461,"flow_avg_l4_payload_len":780,"midstream":0,"thread_ts_msec":1646482646669,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Activision","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.activision.com","server_names":"www.benefitsforeveryworld.com,worldseriesofwarzone.com,treyarch.com,toysforbob.com,spyrothedragon.com,sledgehammergames.com,skylanders.com,sierragames.com,sekirothegame.com,ravensoftware.com,preview.demonware.net,infinityward.com,highmoonstudios.com,highmoon.com,guitarhero.com,europeanwarzoneseries.com,demonware.net,crashbandicoot.com,cdn.gh5.ps3.guitarhero.com,callofdutyleague.com,callofdutyendowment.org,callofdutyendowment.com,callofduty.com,benefitsforeveryworld.com,activisionretail.com,activisionblizzardmedia.com,activisionblizzard.com,activision.com,*.worldseriesofwarzone.com,*.treyarch.com,*.toysforbob.com,*.support.activision.com,*.spyrothedragon.com,*.sledgehammergames.com,*.skylanders.com,*.sierragames.com,*.sekirothegame.com,*.ravensoftware.com,*.infinityward.com,*.highmoonstudios.com,*.highmoon.com,*.guitarhero.com,*.europeanwarzoneseries.com,*.demonware.net,*.crashbandicoot.com,*.callofdutyleague.com,*.callofdutyendowment.org,*.callofdutyendowment.com,*.callofduty.com,*.activisionretail.com,*.activisionblizzardmedia.com,*.activisionblizzard.com,*.activision.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Santa Monica, O=Activision Publishing, Inc., CN=activision.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"F7:39:B4:E7:27:83:D4:55:8B:13:77:16:D5:8A:3E:77:FB:2A:4F:41"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482659915,"flow_last_seen":1646482659915,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482659915,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1646482659915,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482659915,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8NwhAAEAGcJnAqAGAkks+p7QEAbuPD+ThAAAAAKAC+vAn\/AAAAgQFtAQCCAp9leqxAAAAAAEDAwc="}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1646482659944,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482659944,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGrqGSSz6nwKgBgAG7tAQzgGmMjw\/k4qAS\/\/\/dhgAAAgQFTAQCCAr4JbCIfZXqsQEDAwk="}
01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1646482659945,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482659945,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5NwpAAEAGbprAqAGAkks+p7QEAbuPD+TiM4BpjYAYAfarGwAAAQEICn2V6s\/4JbCIFgMBAgABAAH8AwPVHsjDDxZ0MEuPnh4mVZQrYKtXYBQ9pfekL0WuWf4AwyAvTRXY5\/1xoex7GTddskZx0XzTM0eEKSDE8zjmPz09AAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAASABAAAA1ncWwudHdpdGNoLnR2ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AICTuPjjZ\/cozh9y3b4u57OZ+NqRixmrA1oX4LnqMFUIxABcAQQTtWijAm0UTGHfpz\/ha9z62jseAV4wQoU798kRZvjxGrgocjEiYQtFtFEOacmIDo8c6dP4orndC+2JQqffkv\/gjACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":335,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482659915,"flow_last_seen":1646482659945,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482659945,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gql.twitch.tv","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":336,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482659915,"flow_last_seen":1646482659961,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1646482659961,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.3","client_requested_server_name":"gql.twitch.tv","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482686914,"flow_last_seen":1646482686914,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482686914,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":45936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1646482686914,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482686914,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8RWlAAEAGOjfAqAGA0FUonrNwAFCsdkxQAAAAAKAC+vAqmQAAAgQFtAQCCArNau1nAAAAAAEDAwc="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1646482687080,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482687080,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8\/\/dAAPAGz6fQVSiewKgBgABQs3Db1RKprHZMUaASOQif4AAAAgQFtAEDAwAEAggKWgQEFM1q7Wc="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482724450,"flow_last_seen":1646482724450,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482724450,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1646482724450,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482724450,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8sa9AAEAG8DvAqAGAEkLEZspeAbv+oP0DAAAAAKAC+vBIlQAAAgQFtAQCCAqQpxNDAAAAAAEDAwc="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1646482724458,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482724458,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8e2QAAPYGsIYSQsRmwKgBgAG7yl4LcBoC\/qD9BKAS\/\/+NCwAAAgQFoAQCCAqOOgLQkKcTQwEDAwg="}
01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1646482724464,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482724464,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5sbFAAEAG7jzAqAGAEkLEZspeAbv+oP0EC3AaA4AYAfbA9QAAAQEICpCnE1COOgLQFgMBAgABAAH8AwM6K+sImNx3dIej3yQBfsHlSQyH5l4F8hLKFYurrt+jPCCUv6qySiadEZg7Gj4\/vX5jrLg\/JYOIeoxWa\/ahTy7RDQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAATABEAAA5zb3VuZGNsb3VkLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACDq1odYnjLE9YoHd\/igeLWhv14ukLQSyf98ZPyHkQn7OgAXAEEEKYWpJR9uHJSJZBwzi1pAC8cLX9iNXc5VMFPlSgV8HHXqYbwegIwyfo36+y7oUVZIFeBilQuBs9gLF4NzHajtKwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00891{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482724450,"flow_last_seen":1646482724464,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482724464,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.SoundCloud","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.2","client_requested_server_name":"soundcloud.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00932{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":342,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482724450,"flow_last_seen":1646482724472,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646482724472,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.SoundCloud","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.3","client_requested_server_name":"soundcloud.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482734324,"flow_last_seen":1646482734324,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482734324,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1646482734324,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482734324,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8YZNAAEAGvz7AqAGAl2XAXNyUAbtdgP2MAAAAAKAC+vB5pwAAAgQFtAQCCArbJaT6AAAAAAEDAwc="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1646482734331,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482734331,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGJ9KXZcBcwKgBgAG73JRRJl9LXYD9jaAS\/\/87kQAAAgQFTAQCCArq9J312yWk+gEDAwk="}
01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1646482734334,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482734334,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5YZVAAEAGvT\/AqAGAl2XAXNyUAbtdgP2NUSZfTIAYAfZOkQAAAQEICtslpQXq9J31FgMBAgABAAH8AwNzr2vzd\/QT\/aDhJiSq61v58duBBGwTUq6z8fAzWLEV5CDNfOfaUUVYVfXW\/CDKtRAJ+tVWWsbZK9mMfW2g+Km+ogAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAANAAsAAAh2ZXZvLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCPQyH3d70yPXK9aVtEdAPnRA9ZC5WTB071dNPYc9Y+CAAXAEEEeVVr0wfghCvKk8pB3rwr9lMyYYYxB1YwkLSYt9F3bwDqNkUCdiLkyXAxOw3adrfDZNG4HFWPlbGmWIPel1Si6AArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482734324,"flow_last_seen":1646482734334,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482734334,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"vevo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00930{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":346,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482734324,"flow_last_seen":1646482734350,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1646482734350,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"vevo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01479{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":348,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482734324,"flow_last_seen":1646482734350,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4125,"flow_avg_l4_payload_len":687,"midstream":0,"thread_ts_msec":1646482734350,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vevo","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.2","client_requested_server_name":"vevo.com","server_names":"*.cache.vevo.com,*.cache.vevodev.com,*.cache.vevoprd.com,*.cache.vevostg.com,*.vevodev.com,*.vevoprd.com,*.vevostg.com,stg.vevo.ly,vevo.com,vevo.ly,vevo.pl,vevo.tv,vevoapi.com,vevocdn.com,vevolive.tv,vevosubmit.com,www.vevo.ly,www.vevo.pl,*.vevo.com,*.vevo.ly,*.vevo.pl,*.vevo.tv,*.vevoapi.com,*.vevocdn.com,*.vevolive.tv,*.vevosubmit.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.cache.vevo.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"ED:55:58:0E:19:94:FE:95:93:86:88:FE:30:27:DF:43:EB:74:17:C2"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482753482,"flow_last_seen":1646482753482,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482753482,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1646482753482,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482753482,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8SaBAAEAG1aPAqAGAFwFCT7wMAbtaGHg4AAAAAKAC+vA\/9AAAAgQFtAQCCAr10Gu5AAAAAAEDAwc="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1646482753504,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482753504,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGJkQXAUJPwKgBgAG7vAwZG5KKWhh4OaAS\/ogYMwAAAgQFtAQCCApuzQml9dBruQEDAwc="}
01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1646482753507,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482753507,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5SaJAAEAG06TAqAGAFwFCT7wMAbtaGHg5GRuSi4AYAfZqJAAAAQEICvXQa9NuzQmlFgMBAgABAAH8AwOUyHhinsfe9G2IXNgY9L7xAzZ+DjB199btap4Cw89cViDuti6QLvXTxzS8GPAI\/LqrruRicKAVDOLPOdfZnGvHHQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAQAA4AAAtjZG4uY25uLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCyATmKdF69bnRwMVBRd98tu612XdMkfb0+p4HzFN6fBwAXAEEE+SEvSVfUiTeIP8IKKsjphsMZuVwTWztloapho\/r89Lhgv68xO7BDbwW8nmN\/dVf8z\/v3pQVdFakWyi7cuNIpiwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482753482,"flow_last_seen":1646482753507,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482753507,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.CNN","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.cnn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00918{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482753482,"flow_last_seen":1646482753526,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482753526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.CNN","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.cnn.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482759960,"flow_last_seen":1646482759960,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482759960,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1646482759960,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482759960,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8N8NAAEAGsY7AqAGAAhGNMZ+AAbsz0CpkAAAAAKAC+vAbqAAAAgQFtAQCCApTrIzgAAAAAAEDAwc="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1646482759979,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482759979,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgG8VECEY0xwKgBgAG7n4Axx0rTM9AqZaAS\/ogIXwAAAgQFtAQCCAq1xN1AU6yM4AEDAwc="}
01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1646482759982,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482759982,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5N8VAAEAGr4\/AqAGAAhGNMZ+AAbsz0CplMcdK1IAYAfb4fgAAAQEIClOsjPe1xN1AFgMBAgABAAH8AwO90p\/YrOJd\/Z4tss7jqktThIJxJIB3e+qrLLFobtKKlyAX6YhgDO5LSOYTxZN2IGu+QsQ1WdlQy7VgjD2lE+VvBgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAARAA8AAAx3d3cuZWJheS5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgf8Mv24G6SSqxNEfrqm7W\/bejLWA6OGSZmHTWefPpxiwAFwBBBD+GtRBdEP9fCUeld\/IGhJTQe0q9+sY1uU3D5mNCoqM6EROqE0XBEIsVt1XPe0XwL5d6JRvhBZsY2OXTwlPA9KoAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482759960,"flow_last_seen":1646482759982,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482759982,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.eBay","breed":"Safe","category":"Shopping"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ebay.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00926{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":358,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482759960,"flow_last_seen":1646482760002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482760002,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.eBay","breed":"Safe","category":"Shopping"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.ebay.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482772264,"flow_last_seen":1646482772264,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482772264,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1646482772264,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482772264,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8SfdAAEAGtwnAqAGAuX2+FaeEAbviQ3M+AAAAAKAC+vAD2AAAAgQFtAQCCAo3btlLAAAAAAEDAwc="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1646482772292,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482772292,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADcGCgG5fb4VwKgBgAG7p4RVAzgX4kNzP6AS\/ogvJwAAAgQFtAQCCAoh0SIcN27ZSwEDAwc="}
01167{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1646482772294,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482772294,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5SflAAEAGtQrAqAGAuX2+FaeEAbviQ3M\/VQM4GIAYAfaY1QAAAQEICjdu2Woh0SIcFgMBAgABAAH8AwMB8bRCQdqcx9fui+mF7VjuHN5SBb79arjGU4qYGthMOSBbTABCg135wJeFEPl+a8Oxzav9AsC9J9+l+IIaNAxYkQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABFhc3NldHMudWJ1bnR1LmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACCezVQBlUDf2SIx8m1xehLWY9pQKyvfH068Wwzre\/JcNwAXAEEEo09VNt2RkHEqlhHBw1nk6JbOlFIOJqgyxElu\/vwC+3XCJEwr43v+9rwXwcTyZXa+qtiIur9f6O0kVe2u0AJzEQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482772264,"flow_last_seen":1646482772294,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482772294,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.UbuntuONE","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.ubuntu.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00942{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482772264,"flow_last_seen":1646482772325,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482772325,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.UbuntuONE","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.3","client_requested_server_name":"assets.ubuntu.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482785304,"flow_last_seen":1646482785304,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482785304,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1646482785304,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482785304,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8c2NAAEAG\/FHAqAGAX4OpW8gwAbszoGaBAAAAAKAC+vB9ogAAAgQFtAQCCArCJt4xAAAAAAEDAwc="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1646482785347,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482785347,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADIGfbVfg6lbwKgBgAG7yDD0fDnYM6BmgqASOJCOBAAAAgQFtAQCCAoi\/WCZwibeMQEDAwk="}
01167{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1646482785351,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482785351,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5c2VAAEAG+lLAqAGAX4OpW8gwAbszoGaC9Hw52YAYAfYZoQAAAQEICsIm3l8i\/WCZFgMBAgABAAH8AwNK0euZMFtaCNBtu+eL8QS+C1QwW1wzikaweB9ZeLN7jCCkdWD5KYTe5rYj3sVQQUUDDmKS7Ul8Bkz8dJPsZBeSHgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAPAA0AAAp0dWVudGkuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIJK5tprzoOfSjZ23KXMf08y5udMKZfRYOXHDalLyYQBZABcAQQRLZU+TiBidby\/7mJhjeaCEAZfIl\/ESg4w9XgdOmdSs6KJ9\/6C1zE6e09432pgZPLx5qZNVUeHl8Lum72bGeXBPACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482785304,"flow_last_seen":1646482785351,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482785351,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00931{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":366,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482785304,"flow_last_seen":1646482785395,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482785395,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"61be9ce3d068c08ff99a857f62352f9d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01207{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482785304,"flow_last_seen":1646482785395,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3831,"flow_avg_l4_payload_len":638,"midstream":0,"thread_ts_msec":1646482785395,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tuenti.com","server_names":"*.tuenti.com,tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"61be9ce3d068c08ff99a857f62352f9d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=ES, L=Madrid, O=Tuenti Technologies S.L., CN=*.tuenti.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"89:B8:FA:C7:22:04:D2:BE:C5:6E:59:10:31:67:42:B1:3F:6D:F8:3B"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482786097,"flow_last_seen":1646482786097,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482786097,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1646482786097,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482786097,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8MYNAAEAGPTLAqAGAX4OqW5mGAbs4G85LAAAAAKAC+vAJ+AAAAgQFtAQCCApUK4E8AAAAAAEDAwc="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1646482786139,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482786139,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADEGfbVfg6pbwKgBgAG7mYaAJv+vOBvOTKASOJA3NAAAAgQFtAQCCAojEPIqVCuBPAEDAwk="}
01170{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1646482786140,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482786140,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5MYVAAEAGOzPAqAGAX4OqW5mGAbs4G85MgCb\/sIAYAfY7ugAAAQEIClQrgWcjEPIqFgMBAgABAAH8AwPCuINo9aszS1NOKEJoT\/qcXc1z2+SkMYjVWEN9Dzm1uCAc1Fe\/tF+S3TB+puhQn5k1kl\/SrZE1Zu7DG17b6iPYkAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABFzdGF0aWMudHVlbnRpLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACAO0kbEPJvFV01Owk3nxVpBPAsVRMhGqyVHONxZeCXXCAAXAEEEdYt+qtkVgPe4ucZXkNkiZFAQTN50kMr6BFmQ8vGiT4E\/aWy5wxXrEUez6C+lutJauRk\/zdA9y71YXWyeYxHbNwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482786097,"flow_last_seen":1646482786140,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482786140,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":374,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482786097,"flow_last_seen":1646482786188,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482786188,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"61be9ce3d068c08ff99a857f62352f9d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01214{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":376,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482786097,"flow_last_seen":1646482786188,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3831,"flow_avg_l4_payload_len":638,"midstream":0,"thread_ts_msec":1646482786188,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.tuenti.com","server_names":"*.tuenti.com,tuenti.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"61be9ce3d068c08ff99a857f62352f9d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=ES, L=Madrid, O=Tuenti Technologies S.L., CN=*.tuenti.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"89:B8:FA:C7:22:04:D2:BE:C5:6E:59:10:31:67:42:B1:3F:6D:F8:3B"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482791144,"flow_last_seen":1646482791144,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482791144,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1646482791144,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482791144,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8FF5AAEAGQPrAqAGAX2XD1sjoAbs9AWSXAAAAAKAC+vBfJgAAAgQFtAQCCAoz72hZAAAAAAEDAwc="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1646482791167,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482791167,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADMGYlhfZcPWwKgBgAG7yOhRyYQJPQFkmKAS\/ohadwAAAgQFtAQCCAoA0SpiM+9oWQEDAwc="}
01165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1646482791170,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482791170,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5FGBAAEAGPvvAqAGAX2XD1sjoAbs9AWSYUcmECoAYAfYkYQAAAQEICjPvaHMA0SpiFgMBAgABAAH8AwPkjLny33P+mExr32cMRl62\/8RJSZlKid1V05U+ySIWLCA+yoN1VMfFXakU81pmrArAv4PMFa74gV6zhhtZIkRahgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAANAAsAAAhodWx1LmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACATY1QXYS0qh7KvKliQF74PNyaFCqlZEZicpu9ccKADKQAXAEEEtcC0kqJMuUk4fNE8PcFvshva3wSMZbKQk5Gr6YxJX1t14RCVX0X4nJLqvHYB8ofAk7LBbtBWK6qUGB5XQIzcOQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482791144,"flow_last_seen":1646482791170,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482791170,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Hulu","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"hulu.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482791144,"flow_last_seen":1646482791191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482791191,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Hulu","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"hulu.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482801387,"flow_last_seen":1646482801387,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482801387,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"34.96.123.111","src_port":44954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1646482801387,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482801387,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8u7RAAEAGHxDAqAGAImB7b6+aAFDTrORQAAAAAKAC+vAeUwAAAgQFtAQCCAqmtsAlAAAAAAEDAwc="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1646482801394,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482801394,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8tJQAAHkGLLAiYHtvwKgBgABQr5rfpgWE06zkUaAS\/\/9QBgAAAgQFlgQCCArcngeAprbAJQEDAwg="}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482802720,"flow_last_seen":1646482802720,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482802720,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1646482802720,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482802720,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8g6pAAEAGYJjAqAGAI8lwiLgSAbvaEoGzAAAAAKAC+vAuRQAAAgQFtAQCCArAZPJXAAAAAAEDAwc="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1646482802726,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482802726,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8b+kAAHkGetkjyXCIwKgBgAG7uBJNy0p52hKBtKAS\/\/9IWQAAAgQFlgQCCArHroD1wGTyVwEDAwg="}
01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1646482802732,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482802732,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5g6xAAEAGXpnAqAGAI8lwiLgSAbvaEoG0TctKeoAYAfa\/ZwAAAQEICsBk8mLHroD1FgMBAgABAAH8AwM6s1cKgDvTG3LALyk7fAmvRJX9DNZN37XWMNl1\/SdHaCCUR56oKGM2UcODstsWkptKjiMgLAJPLuO56cI3NFuiCgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAASABAAAA1rZXJ2ZS5sYXN0LmZtABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIEXwFTh8NFdQPbVwjRz3qZyMML4Z+FJITLECgKzAH2YhABcAQQROHWQ9TZ\/FNyVoueylOLPpt31B2wF8YuKZg+41\/WG\/Ucaum9xuzZgJXugnVJqsHgtbN0plSfDPGhyRi1GNW\/CAACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482802720,"flow_last_seen":1646482802732,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482802732,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LastFM","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.2","client_requested_server_name":"kerve.last.fm","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00928{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482802720,"flow_last_seen":1646482802742,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646482802742,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LastFM","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.3","client_requested_server_name":"kerve.last.fm","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482825245,"flow_last_seen":1646482825245,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482825245,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"69.191.252.15","src_port":39036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1646482825245,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482825245,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8fBNAAEAGurHAqAGARb\/8D5h8AFDXP+M5AAAAAKAC+vDCpAAAAgQFtAQCCArIaWrDAAAAAAEDAwc="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1646482826257,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482826257,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8fBRAAEAGurDAqAGARb\/8D5h8AFDXP+M5AAAAAKAC+vC+sAAAAgQFtAQCCArIaW63AAAAAAEDAwc="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1646482828277,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482828277,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8fBVAAEAGuq\/AqAGARb\/8D5h8AFDXP+M5AAAAAKAC+vC2zAAAAgQFtAQCCArIaXabAAAAAAEDAwc="}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":394,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482844787,"flow_last_seen":1646482844787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482844787,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1646482844787,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482844787,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8DedAAEAGEf7AqAGAl2XBSamUAbtMTKsLAAAAAKAC+vDPdgAAAgQFtAQCCApUsmtnAAAAAAEDAwc="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1646482844795,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482844795,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGJuWXZcFJwKgBgAG7qZRSHsTXTEyrDKAS\/\/9OHAAAAgQFTAQCCAoo5zzDVLJrZwEDAwk="}
01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1646482844798,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482844798,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5DelAAEAGD\/\/AqAGAl2XBSamUAbtMTKsMUh7E2IAYAfYA+gAAAQEIClSya3Io5zzDFgMBAgABAAH8AwORBDzSmJ5ztCo20SFZ11gW0AoQQ4sgaFZaA3Y+KP\/wXyDr7yv9lTOmWoS6i6wF3DRKGiQ0dwIiiuA6PbPxGRgIZwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABF3d3cuYmxvb21iZXJnLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACDquIWld0x6v\/7S4zdZ49LOkRXJqmmpTXYEodSal6cCHwAXAEEEAIPYMeBzwG1ajydlfuoJM30LuOrUqddbx+YHyLZsEMUExIIuEeju0UTUsS5CFNGsqSGbD968lENk0xLpNURtmQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482844787,"flow_last_seen":1646482844798,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482844798,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00957{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482844787,"flow_last_seen":1646482844815,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1646482844815,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01825{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":399,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482844787,"flow_last_seen":1646482844815,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4537,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1646482844815,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.bloomberg.com","server_names":"www.bloomberg.com,api.businessweek.com,api.bwbx.io,assets.bwbx.io,byzantium.bloomberg.com,cdn-mobapi.bloomberg.com,cdn-videos.bloomberg.com,cdn.gotraffic.net,charts.bloomberg.com,embeds.bloomberg.com,fastly.bloomberg.tv,feeds.bloomberg.com,fonts.gotraffic.net,staging-assets.bwbx.io,nav.bloomberg.com,sponsored.bloomberg.com,spotlight.bloomberg.com,tictoc.video,www.bbthat.com,www.bloomberg.co.jp,www.bloomberg.co.jp.shared.bloomberga.com,www.bloomberg.com.shared.bloomberga.com,www.bloombergview.com,www.citylab.com,www.citylab.com.shared.bloomberga.com,www.quicktake.video,www.tictoc.video,cdn-api.cmobile.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=New York, L=New York, O=Bloomberg LP, CN=www.bloomberg.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"88:4A:85:34:1D:E6:C0:BE:5E:C6:14:BB:BA:94:A3:55:92:BA:95:82"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482845216,"flow_last_seen":1646482845216,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482845216,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1646482845216,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482845216,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ZOJAAEAG1L\/AqAGAbIvSZt62AbvYtDuvAAAAAKAC+vDuhAAAAgQFtAQCCAq3z7DKAAAAAAEDAwc="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1646482845236,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482845236,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8MSYAAPgGkHtsi9JmwKgBgAG73rYdOl\/82LQ7sKAS\/\/9A+gAAAgQFoAQCCAoefQzKt8+wygEDAwg="}
01166{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1646482845241,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482845241,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5ZORAAEAG0sDAqAGAbIvSZt62AbvYtDuwHTpf\/YAYAfbCEAAAAQEICrfPsOMefQzKFgMBAgABAAH8AwNDaq9+o2\/m1P9XaJsuL18rMu\/cbIc9LrPA5zUbsuvbziCdB7Y010YsAP9WvlmHthVAcmE9qTBtm04O9SpF9+K9iwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAhAB8AABxzb3VyY2Vwb2ludGNtcC5ibG9vbWJlcmcuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIFWzj0ex9WIWXeCl2qveVdo+cRB1gHroBn+mOFydyRUDABcAQQTZ7Kd3Dh15jhsRvRpWp2w5A6ZrOrpRgthYeTOHm9lBNbC7SyMy7sz4nAvG5eX8+75Yb0V9pFtY29+UzxdUbzEpACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAHoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482845216,"flow_last_seen":1646482845241,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482845241,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sourcepointcmp.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":406,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482845216,"flow_last_seen":1646482845260,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646482845260,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sourcepointcmp.bloomberg.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482860064,"flow_last_seen":1646482860064,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482860064,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1646482860064,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482860064,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8zthAAEAGckLAqAGADWsqDr4OAbv2xGogAAAAAKAC+vA6VgAAAgQFtAQCCArF2TKPAAAAAAEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1646482860089,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646482860089,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0KdNAAHUG4k8NayoOwKgBgAG7vg7o0cSg9sRqIYAS\/\/+nUAAAAgQFoAEDAwgBAQQC"}
01150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1646482860092,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646482860092,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItztpAAEAGcE\/AqAGADWsqDr4OAbv2xGoh6NHEoVAYAfY2twAAFgMBAgABAAH8AwN91wMalwKbnp34VhS8QvEFPozBOcSHhaFoSNBfPba3AiDXrrHLYmT\/nToyiJxYmouQzlobVBifJMUtdUWk4ZdOUAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAVABMAABB3d3cubGlua2VkaW4uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIOvcUoPBHSJ9xxKLt05ZOdwqxB4X188WUTuTKbETRNVIABcAQQSw33BhIovc8GgXm9sGLVvnRexF7f826PClnfuvUvruR3Sq4irZ9toHOp2agzdKIN0AwGPF8iqx1fv+O3\/0IjBNACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482860064,"flow_last_seen":1646482860092,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482860092,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LinkedIn","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.linkedin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01720{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":414,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1646482860064,"flow_last_seen":1646482860115,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4992,"flow_avg_l4_payload_len":713,"midstream":0,"thread_ts_msec":1646482860115,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LinkedIn","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.linkedin.com","server_names":"www.linkedin.com,linkedin.com,rum5.perf.linkedin.com,exp4.www.linkedin.com,exp3.www.linkedin.com,exp2.www.linkedin.com,exp1.www.linkedin.com,rum2.perf.linkedin.com,rum4.perf.linkedin.com,rum6.perf.linkedin.com,rum17.perf.linkedin.com,rum8.perf.linkedin.com,rum9.perf.linkedin.com,afd.perf.linkedin.com,rum14.perf.linkedin.com,rum18.perf.linkedin.com,rum19.perf.linkedin.com,exp5.www.linkedin.com,realtime.www.linkedin.com,px.ads.linkedin.com,px4.ads.linkedin.com,dc.ads.linkedin.com,lnkd.in,px.jobs.linkedin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Sunnyvale, O=LinkedIn Corporation, CN=www.linkedin.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"CE:D8:A5:BE:BD:4B:EF:E9:22:C8:0D:55:A6:7A:A6:4A:B8:03:4A:53"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482866432,"flow_last_seen":1646482866432,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482866432,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1646482866432,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482866432,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8sBtAAEAG\/aLAqAGAaBdivpv+AbuQtJSoAAAAAKAC+vAG0QAAAgQFtAQCCAoY1d1UAAAAAAEDAwc="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1646482866449,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646482866449,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADkGtMZoF2K+wKgBgAG7m\/4hqZihkLSUqYAS\/\/9k2gAAAgQFeAEBBAIBAwMK"}
01152{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1646482866451,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646482866451,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItsB1AAEAG+6\/AqAGAaBdivpv+AbuQtJSpIamYolAYAfYUJQAAFgMBAgABAAH8AwOkCw2THMGhALk0\/S0UPYY9Fiy1MMas0dLFjf2ObmEV3iD+CRapxYYnJ+AUET5SjxVSaJRJeT\/rvI5T4N1r2TpPLQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAARAA8AAAxwYXN0ZWJpbi5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAg+1dFx2JbQxGMLbjHxdWGfdupB63kQdiHTmuNhsrVgTQAFwBBBKdDPqMFSChZhRpkv1Y2JjoX2aNL5O59XM1C0oY6ZFf1Ifckam\/eVu5cuFoipFrAsWBrxGiWt6uHvmWbTHpfZoYAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01027{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482866432,"flow_last_seen":1646482866451,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482866451,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Pastebin","breed":"Potentially Dangerous","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pastebin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01068{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":420,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482866432,"flow_last_seen":1646482866473,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1646482866473,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Pastebin","breed":"Potentially Dangerous","category":"Download"},"tls": {"version":"TLSv1.3","client_requested_server_name":"pastebin.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482879566,"flow_last_seen":1646482879566,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482879566,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1646482879566,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482879566,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ZJ5AAEAGuDfAqAGAFwFEvd\/4Abu+RY+DAAAAAKAC+vCgEQAAAgQFtAQCCAqibL0tAAAAAAEDAwc="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1646482879585,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482879585,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADkGI9YXAUS9wKgBgAG73\/iES9VYvkWPhKAS\/ojG\/QAAAgQFtAQCCApEcjdUomy9LQEDAwc="}
01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1646482879590,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482879590,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5ZKBAAEAGtjjAqAGAFwFEvd\/4Abu+RY+EhEvVWYAYAfb4UwAAAQEICqJsvUREcjdUFgMBAgABAAH8AwPTmj1yotJrCU5Axy8WSqX4RbWM\/SINHTcC+qIJwwqdWyAtxwR2GOpVXqzss+L4QuffJNllYoSRruXn4YOMT1n2UQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAYABYAABN3d3cucGxheXN0YXRpb24uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIO+m+y4kE\/Ul0wRfLnWkNqXDSHnFmA3tI1g\/5Tv\/EZwCABcAQQQh+3EFl7VEJWAHnTsK42aVbCexqYTb9DwqjdAN6Pu9IMJwjvRFdXg\/Y6aZYu3btbo89OdSMmSsifn4YkrISGSJACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482879566,"flow_last_seen":1646482879590,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482879590,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482879566,"flow_last_seen":1646482879608,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482879608,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01282{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646482879566,"flow_last_seen":1646482879608,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4380,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1646482879608,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.playstation.com","server_names":"playstation.com,webforms.playstation.com,www.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"19e4a55cecd087d9ebf88da03db13a0f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Mateo, O=SONY INTERACTIVE ENTERTAINMENT LLC, CN=www.playstation.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"19:BC:48:84:B7:B0:91:46:45:D5:DD:3B:B5:8D:8E:45:E8:42:1A:8A"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482879964,"flow_last_seen":1646482879964,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482879964,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1646482879964,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482879964,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8nmNAAEAGzLvAqAGAFzP2QbS4AbvcfW4jAAAAAKAC+vARXQAAAgQFtAQCCAo1KzXVAAAAAAEDAwc="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1646482879981,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482879981,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgGcx8XM\/ZBwKgBgAG7tLg0LEpK3H1uJKAS\/oiOFAAAAgQFtAQCCAqG0XpXNSs11QEDAwc="}
01163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1646482879983,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482879983,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5nmVAAEAGyrzAqAGAFzP2QbS4AbvcfW4kNCxKS4AYAfZhPwAAAQEICjUrNeiG0XpXFgMBAgABAAH8AwOVj3yfLLIdpS7ph9cCyv5vCYAGlSzvdrVr1N5tbcI94SDvfvqZxXeUOWdQ166wenjn8HB2CzcmnFG8kG7bSApHKAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAbABkAABZzdGF0aWMucGxheXN0YXRpb24uY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AID7op1onM6THMaho0vMOrhWIG6UTS6n8xwsrP6D1biscABcAQQR0Q9Knvll2eKORbkRyexBvYc7r+Q69FpqwjjnvO3KMU7d3ZPOw9jaGO1B0c9lo8UIHFSOSayE0o5gPreutfPv3ACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482879964,"flow_last_seen":1646482879983,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482879983,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482879964,"flow_last_seen":1646482879998,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482879998,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.3","client_requested_server_name":"static.playstation.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482896911,"flow_last_seen":1646482896911,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482896911,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1646482896911,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482896911,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8pPpAAEAGn8vAqAGAbIrHQ6iOAbuXn2EUAAAAAKAC+vCb0AAAAgQFtAQCCApW0sF4AAAAAAEDAwc="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1646482896918,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482896918,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8E58AAPcGuiZsisdDwKgBgAG7qI5txRYul59hFaAS\/\/+2KgAAAgQFoAQCCAqPYc1DVtLBeAEDAwg="}
01163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1646482896921,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482896921,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5pPxAAEAGnczAqAGAbIrHQ6iOAbuXn2EVbcUWL4AYAfaXogAAAQEIClbSwYKPYc1DFgMBAgABAAH8AwNMrbkme+2pG6WKGaUcTfCs10ic95it0jPiimTr5KWaaiCmUwwyrZpDXgONpktntKRQJ28LAppHGUwuuBwH65AqlAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAPAA0AAApkZWV6ZXIuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIAS3iFI+Lml2aqbJ99HMOh2pxKpjuORM+VA6AJN2jS5cABcAQQS2OgHZ7hQeCCurKRe6Z6o4CXtv3DRVG4xO7HV8XVI+fMr+wQD4VFXUBMvHu9XDFEguxQ+LZymMWbInoPBoAAbBACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482896911,"flow_last_seen":1646482896921,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482896921,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Deezer","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.2","client_requested_server_name":"deezer.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":438,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482896911,"flow_last_seen":1646482896928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646482896928,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Deezer","breed":"Fun","category":"Music"},"tls": {"version":"TLSv1.3","client_requested_server_name":"deezer.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482916232,"flow_last_seen":1646482916232,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482916232,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.65.82.67","src_port":52070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1646482916232,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482916232,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ooZAAEAGcYnAqAGAEkFSQ8tmAFAueWmfAAAAAKAC+vBogwAAAgQFtAQCCApZaACoAAAAAAEDAwc="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1646482916249,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482916249,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8Lu8AAPcGbiASQVJDwKgBgABQy2YtbN9PLnlpoKAS\/\/+hEQAAAgQFoAQCCAqviQYeWWgAqAEDAwk="}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482940480,"flow_last_seen":1646482940480,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482940480,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1646482940480,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482940480,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA806FAAEAGYWnAqAGAjvq0jpfKAbsw63pbAAAAAKAC+vDytAAAAgQFtAQCCAoU3PsAAAAAAAEDAwc="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1646482940487,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482940487,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8FycAAHkGJGSO+rSOwKgBgAG7l8rhydulMOt6XKAS\/\/9c9AAAAgQFlgQCCAqRbEHhFNz7AAEDAwg="}
01167{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1646482940491,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482940491,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI506NAAEAGX2rAqAGAjvq0jpfKAbsw63pc4cnbpoAYAfb+6AAAAQEIChTc+wqRbEHhFgMBAgABAAH8AwO7ribOnVQsY1sOMkcbEYXbLY3qPQQ51Elay7+WtVSrNSAVw+m3VKjUN5Kg0hk0Rcql0l9JhorDl+A6BcRaD2MOQwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAUABIAAA9tYXBzLmdvb2dsZS5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgZi1V3KN\/7YwDfK8H3VIJ+hl8oG\/pcyHsJbGlMXjOc2MAFwBBBJu4yUB5A9M8e+22tNqv37PZXfAJovqkKxk\/cRDsm65QH7HDIBoXPUoAJy1c6x2wwBosAz8dzXVrLnN4Hqic9PsAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482940480,"flow_last_seen":1646482940491,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482940491,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleMaps","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"maps.google.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00934{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":444,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482940480,"flow_last_seen":1646482940513,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646482940513,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleMaps","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"maps.google.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646482995689,"flow_last_seen":1646482995689,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646482995689,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1646482995689,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482995689,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8enxAAEAGb8fAqAGAAhGMP78GAburV\/8MAAAAAKAC+vDqEgAAAgQFtAQCCArEqeKzAAAAAAEDAwc="}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1646482995709,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646482995709,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADgG8kMCEYw\/wKgBgAG7vwYhgnsXq1f\/DaAS\/ohOCgAAAgQFtAQCCAocht8\/xKniswEDAwc="}
01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1646482995711,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646482995711,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5en5AAEAGbcjAqAGAAhGMP78GAburV\/8NIYJ7GIAYAfY3gAAAAQEICsSp4socht8\/FgMBAgABAAH8AwNFE1YF0dNQQhTDT2LTts3l72ip1ON6WYuBYFjp45zAOSCfsggN3rEBQ1caacueVCEG9V0G2r03kBuc\/FQ9ILx8tQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAVABMAABBhY2NvdW50Lnhib3guY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIKOdg7M8WplrJ1dHmYhafGTWEV65\/XHCmgpJRZB9OyhxABcAQQSUMlyZp7X5PylQs43MbEemG5LZD4aMK86EfSyduzhW1kr6wtZBIJI7MJb\/MCOqF0\/ebXOaYXIP5autWsClQmu8ACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00884{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646482995689,"flow_last_seen":1646482995711,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646482995711,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Xbox","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"account.xbox.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00925{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":448,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646482995689,"flow_last_seen":1646482995732,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646482995732,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Xbox","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.3","client_requested_server_name":"account.xbox.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":449,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646483012464,"flow_last_seen":1646483012464,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646483012464,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1646483012464,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646483012464,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8NmFAAEAGec\/AqAGAKGGgApuUAbvrsR4tAAAAAKAC+vCXKwAAAgQFtAQCCAqLefivAAAAAAEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1646483012642,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646483012642,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0h61AAOYGgoooYaACwKgBgAG7m5Tksd5d67EeLoAS\/\/96NQAAAgQFtAEDAwgBAQQC"}
01149{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1646483012643,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646483012643,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItNmNAAEAGd9zAqAGAKGGgApuUAbvrsR4u5LHeXlAYAfZhOgAAFgMBAgABAAH8AwO1u+oefRTEOwSLQjLjHhVV0xmNEBLIePou\/aAHVOd2CCAPyrTST2MnYmbxM2VIZnvQo7xJWWszq6XT0HB3y7IoMAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAQAA4AAAtvdXRsb29rLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACBWvkXIQj27ydSlWNcrtPVAAtDjckdSwzserfJQbjqaWAAXAEEEmLcB97hFECojXeQm9a5elnWgKYRExdFmjiW10ZfBGP+icRnFpjaWBz97zhMeOCLZ79LJYWeVZvs9jOUTVoTTCAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646483012464,"flow_last_seen":1646483012643,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646483012643,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Outlook","breed":"Acceptable","category":"Email"},"tls": {"version":"TLSv1.2","client_requested_server_name":"outlook.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01697{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1646483012464,"flow_last_seen":1646483012821,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4952,"flow_avg_l4_payload_len":707,"midstream":0,"thread_ts_msec":1646483012821,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"outlook.com","server_names":"*.internal.outlook.com,*.outlook.com,outlook.com,office365.com,*.office365.com,*.outlook.office365.com,*.office.com,outlook.office.com,substrate.office.com,attachment.outlook.live.net,attachment.outlook.office.net,attachment.outlook.officeppe.net,attachments.office.net,*.clo.footprintdns.com,*.nrb.footprintdns.com,ccs.login.microsoftonline.com,ccs-sdf.login.microsoftonline.com,substrate-sdf.office.com,attachments-sdf.office.net,*.live.com,mail.services.live.com,hotmail.com,*.hotmail.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"71d9ce75f347e6cf54268d7114ae6925","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"4E:39:B4:13:4B:8C:77:57:7D:80:3D:76:40:E8:88:22:05:00:1C:58"}}
00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":458,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":458,"packets-processed":457,"total-skipped-flows":0,"total-l4-data-len":197833,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":32,"total-detection-updates":38,"total-updates":0,"current-active-flows":27,"total-active-flows":36,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":230,"global_ts_msec":1646495488872}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495488872,"flow_last_seen":1646495488872,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488872,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1646495488872,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495488872,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8\/MhAAEAGRHDAqAGAD6Anu7NKAbvmP22QAAAAAKAC+vBpUQAAAgQFtAQCCAoE\/txmAAAAAAEDAwc="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1646495488880,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495488880,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADIGTzkPoCe7wKgBgAG7s0optQbo5j9tkaAS9LPzBQAAAgQFtAQCCAoEQEeaBP7cZgEDAwc="}
01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1646495488882,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646495488882,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5\/MpAAEAGQnHAqAGAD6Anu7NKAbvmP22RKbUG6YAYAfaZtgAAAQEICgT+3HEEQEeaFgMBAgABAAH8AwO25geT89HZVQIHdAvPqVcdroWBp1YfQbaMJ\/IT9jA01iAQ9v2Qg1QtgoSL\/wrZgtn2pCmqUafGB71JcGJ1a5vPpQAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABFndXp6b25pLmFwcGxlLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACAfoSMbRE149N9PW6YpT\/B1gLVQ\/izORnimYk5vzkOPIwAXAEEEYgA3US97mm0LBVaj+yl1ih4nt3Ma4wqV+qwTQtcgUnIu95ynuvYl8aODuWCNRrQ8KDDItT25yW1YelOufG9kvAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495488872,"flow_last_seen":1646495488882,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495488882,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"tls": {"version":"TLSv1.2","client_requested_server_name":"guzzoni.apple.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":461,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495488872,"flow_last_seen":1646495488890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"},"tls": {"version":"TLSv1.3","client_requested_server_name":"guzzoni.apple.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482791144,"flow_last_seen":1646482791191,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.101.195.214","src_port":51432,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Hulu","breed":"Fun","category":"Streaming"}}
00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482801387,"flow_last_seen":1646482801394,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"34.96.123.111","src_port":44954,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.GoogleCloud","breed":"Acceptable","category":"Cloud"},"http": {}}
00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482801387,"flow_last_seen":1646482801394,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"34.96.123.111","src_port":44954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1646482825245,"flow_last_seen":1646482890325,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"69.191.252.15","src_port":39036,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Bloomberg","breed":"Acceptable","category":"Network"},"http": {}}
00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1646482825245,"flow_last_seen":1646482890325,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"69.191.252.15","src_port":39036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482623895,"flow_last_seen":1646482623982,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":474,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Badoo","breed":"Fun","category":"SocialNetwork"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646482844787,"flow_last_seen":1646482844825,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":5346,"flow_avg_l4_payload_len":594,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.193.73","src_port":43412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646482646628,"flow_last_seen":1646482646693,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5845,"flow_avg_l4_payload_len":649,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.128","src_port":42580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Activision","breed":"Fun","category":"Game"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482659915,"flow_last_seen":1646482659961,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":1857,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.167","src_port":46084,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Twitch","breed":"Fun","category":"Video"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482879964,"flow_last_seen":1646482879998,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.51.246.65","src_port":46264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"}}
00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482686914,"flow_last_seen":1646482687080,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":45936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482686914,"flow_last_seen":1646482687080,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":45936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482995689,"flow_last_seen":1646482995732,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.140.63","src_port":48902,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Xbox","breed":"Fun","category":"Game"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482759960,"flow_last_seen":1646482760002,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"2.17.141.49","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.eBay","breed":"Safe","category":"Shopping"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646482879566,"flow_last_seen":1646482879632,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4764,"flow_avg_l4_payload_len":595,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.68.189","src_port":57336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Playstation","breed":"Fun","category":"Game"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646482860064,"flow_last_seen":1646482860150,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5476,"flow_avg_l4_payload_len":608,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.14","src_port":48654,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LinkedIn","breed":"Fun","category":"SocialNetwork"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482802720,"flow_last_seen":1646482802742,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"35.201.112.136","src_port":47122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.LastFM","breed":"Fun","category":"Music"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482845216,"flow_last_seen":1646482845260,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.139.210.102","src_port":57014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Bloomberg","breed":"Acceptable","category":"Cloud"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646482734324,"flow_last_seen":1646482734359,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1340,"flow_tot_l4_payload_len":4476,"flow_avg_l4_payload_len":559,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.192.92","src_port":56468,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Vevo","breed":"Fun","category":"Music"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482940480,"flow_last_seen":1646482940513,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.180.142","src_port":38858,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleMaps","breed":"Safe","category":"Web"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482896911,"flow_last_seen":1646482896928,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.199.67","src_port":43150,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Deezer","breed":"Fun","category":"Music"}}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482916232,"flow_last_seen":1646482916249,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.65.82.67","src_port":52070,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {}}
00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1646482916232,"flow_last_seen":1646482916249,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.65.82.67","src_port":52070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482866432,"flow_last_seen":1646482866473,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.23.98.190","src_port":39934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Pastebin","breed":"Potentially Dangerous","category":"Download"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646482785304,"flow_last_seen":1646482785442,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4008,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.169.91","src_port":51248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482724450,"flow_last_seen":1646482724472,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.66.196.102","src_port":51806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.SoundCloud","breed":"Fun","category":"Music"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482634412,"flow_last_seen":1646482634459,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":494,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"172.65.251.78","src_port":53998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GitLab","breed":"Fun","category":"Collaborative"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646483012464,"flow_last_seen":1646483013011,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5436,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646482786097,"flow_last_seen":1646482786234,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4008,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"95.131.170.91","src_port":39302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Tuenti","breed":"Acceptable","category":"VoIP"}}
00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482753482,"flow_last_seen":1646482753526,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.1.66.79","src_port":48140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.CNN","breed":"Safe","category":"Web"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646482772264,"flow_last_seen":1646482772325,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646495488890,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"185.125.190.21","src_port":42884,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.UbuntuONE","breed":"Acceptable","category":"Cloud"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495650748,"flow_last_seen":1646495650748,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495650748,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1646495650748,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495650748,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8GIFAAEAGaR3AqAGANHHChOIWAbvSHIRRAAAAAKAC+vCUIQAAAgQFtAQCCApnoF3vAAAAAAEDAwc="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1646495650768,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646495650768,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0H0NAAHQGLmM0ccKEwKgBgAG74hatJvO00hyEUoAS\/\/\/a2QAAAgQFoAEDAwgBAQQC"}
01153{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1646495650768,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646495650768,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItGINAAEAGZyrAqAGANHHChOIWAbvSHIRSrSbztVAYAfbGZQAAFgMBAgABAAH8AwO6eoC9IxGTkdV9vVeJGWk4znzi7kZuVq2WW+Nl\/2Sg0SCU+jy21h8ySE7r\/PfMeW\/+6AejiqSkX1JQLDj\/qy1dewAgSkoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTCgoAAAAAABUAEwAAEHRlYW1zLm9mZmljZS5jb20AFwAA\/wEAAQAACgAKAAjKygAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKcrKAAEAAB0AIP361tTnT+5yNMG5uzlpGoadVy4F1\/ksgWxYfkq0hvgPAC0AAgEBACsABwYaGgMEAwMAGwADAgACRGkABQADAmgyWloAAQAAFQDHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495650748,"flow_last_seen":1646495650768,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495650768,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.office.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}
01176{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":467,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646495650748,"flow_last_seen":1646495650804,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4443,"flow_avg_l4_payload_len":740,"midstream":0,"thread_ts_msec":1646495650804,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.office.com","server_names":"teams.office.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"104071bf77c5f0d7bae5f17542ba9428","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01","subjectDN":"CN=teams.office.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"27:20:65:85:4C:34:BF:09:F0:25:56:B8:50:A7:4D:38:8C:45:82:80"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495669804,"flow_last_seen":1646495669804,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495669804,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1646495669804,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495669804,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8GxZAAEAGN4nAqAGAbIq5aoOAAbvmWe+jAAAAAKAC+vCvxQAAAgQFtAQCCAqEU9WfAAAAAAEDAwc="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1646495669812,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495669812,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8yYIAAPcGEhxsirlqwKgBgAG7g4CERzW35lnvpKAS\/\/\/nPAAAAgQFoAQCCArIqUDThFPVnwEDAwg="}
01164{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1646495669817,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646495669817,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5GxhAAEAGNYrAqAGAbIq5aoOAAbvmWe+khEc1uIAYAfZdLwAAAQEICoRT1avIqUDTFgMBAgABAAH8AwN96ffJWUDTazcjPKRqPmlOCDA7EP6e0q+5Knlqzgn4siDXwLeA2RnsV46x7ZH7OaLw+Chjc3EP4ZBJc+xWJC0l1wAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAXABUAABJ3d3cucHJpbWV2aWRlby5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgGExhTuOW51jqeKeMnZIkirN5TNVDUu2atdTJKyWyDBgAFwBBBNa6zHPDKyGGZ8TLrmG8xe75hAb+vBq5zYOy2EFwzMFPukEZchYJ5onOljVZmDEEihxmPvbweI2eyfjNpyF4jCAAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495669804,"flow_last_seen":1646495669817,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495669817,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.primevideo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":473,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495669804,"flow_last_seen":1646495669824,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646495669824,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.primevideo.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495697787,"flow_last_seen":1646495697787,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495697787,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1646495697787,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495697787,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TvVAAEAG4RXAqAGAjvq5jtyKAbuisGnHAAAAAKAC+vDU+wAAAgQFtAQCCAq56si5AAAAAAEDAwc="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1646495697803,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495697803,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8kPwAAHIGrI6O+rmOwKgBgAG73IpV9E4KorBpyKAS\/\/903wAAAgQFlgQCCAoX\/J8euerIuQEDAwg="}
01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1646495697805,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646495697805,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5TvdAAEAG3xbAqAGAjvq5jtyKAbuisGnIVfROC4AYAfb\/+QAAAQEICrnqyMsX\/J8eFgMBAgABAAH8AwMm2R5Ju93q7BO1hUBCbI67+PD2u7\/isSvjCgLKpqok\/yCAWXfAe1hCLkH2e7v9afeyqpqQSwrsncirtbeBJ9H19AAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAVABMAABBkcml2ZS5nb29nbGUuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIN3ozE7d4X5ID5WvLeFvcVfA+y6MygI54w6MzPaYwOcyABcAQQTFpbayzL1z3QPN8cTTIDg5o4CXfe8\/xuT5UCf9QOlCuSljPogKq5ahl7f7neEgUhdrgF5Z8PWW8a+71cG5NS4HACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495697787,"flow_last_seen":1646495697805,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495697805,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleDrive","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"drive.google.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":477,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495697787,"flow_last_seen":1646495697827,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646495697827,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleDrive","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.3","client_requested_server_name":"drive.google.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":478,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495710343,"flow_last_seen":1646495710343,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495710343,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1646495710343,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495710343,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8tchAAEAGPx\/AqAGADVF2W4FOAbtTwyfkAAAAAKAC+vBryAAAAgQFtAQCCAom4HXhAAAAAAEDAwc="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1646495710376,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646495710376,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0mxFAAG4GK94NUXZbwKgBgAG7gU7a1m2vU8Mn5YAS\/\/\/iBwAAAgQFoAEDAwgBAQQC"}
01150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1646495710381,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646495710381,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAIttcpAAEAGPSzAqAGADVF2W4FOAbtTwyfl2tZtsFAYAfZlCgAAFgMBAgABAAH8AwMcPgJU1zrnl+hPKuEgTOmCA8DSxG0x4ZP+nrnS1ukwmSB2tLYK4RsCmYHQ+tv7RzCytXVHC3ipih0buXJEGgMzzAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAARAA8AAAxvbmVkcml2ZS5jb20AFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAACIACgAIBAMFAwYDAgMAMwBrAGkAHQAgkhEItWzjEiug\/WBaiPCJVLwOMCFSobcq6gZ3ZM5d7hUAFwBBBKUDUTjCPdZ8Ll1S+z857hqnZsJZ3Vatea3adXIfU3XxBdTrso0nY7PLm8teDMagz\/bdRE3yXoqXxIphrdW4ROsAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495710343,"flow_last_seen":1646495710381,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495710381,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"onedrive.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01315{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":484,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1646495710343,"flow_last_seen":1646495710415,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6356,"flow_avg_l4_payload_len":908,"midstream":0,"thread_ts_msec":1646495710415,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"onedrive.com","server_names":"onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"67bfe5d15ae567fb35fd7837f0116eec","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01","subjectDN":"CN=onedrive.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"50:2F:33:10:92:AC:27:7B:17:BE:82:68:3B:E2:29:AD:97:41:B7:BB"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495710534,"flow_last_seen":1646495710534,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495710534,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1646495710534,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495710534,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8CqVAAEAGNnfAqAGADWsqDd4EAbvOscftAAAAAKAC+vD21AAAAgQFtAQCCArXIg8YAAAAAAEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1646495710555,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646495710555,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0VKNAAHUGt4ANayoNwKgBgAG73gT+RZAmzrHH7oAS\/\/9wpwAAAgQFoAEDAwgBAQQC"}
01151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1646495710557,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646495710557,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItCqdAAEAGNITAqAGADWsqDd4EAbvOscfu\/kWQJ1AYAfaM8QAAFgMBAgABAAH8AwNoOd\/HU8dseMv53a0gjDg57feHmv3ZKYt3PSUCEOAz7yDC+9qh9Lsnn2pjQO0NmdEK9+51DwzlDpkQTXJ0hGSXhgAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAWABQAABFvbmVkcml2ZS5saXZlLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACAI7FYCMeLngdMxbkPLy3IoQelSFCsyCvetq1oFf6z+UQAXAEEEWlI8xcTn+Mao6N7i2Le6X1KJI9pYZKIE\/2dqJMzsIrHC0C7HZlpYDP5BCM3Qrb983QL8azL17uscE+MtJARpvAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495710534,"flow_last_seen":1646495710557,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495710557,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.MS_OneDrive","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"onedrive.live.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01328{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":494,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1646495710534,"flow_last_seen":1646495710577,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6361,"flow_avg_l4_payload_len":795,"midstream":0,"thread_ts_msec":1646495710577,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.MS_OneDrive","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"onedrive.live.com","server_names":"onedrive.com,p.sfx.ms,*.live.com,*.live.net,*.skydrive.live.com,*.onedrive.live.com,*.onedrive.com,d.sfx-df.ms,*.odwebb.svc.ms,*.odwebp.svc.ms,*.odwebdf.svc.ms,*.odwebpl.svc.ms","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02","subjectDN":"CN=onedrive.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"77:7F:F2:95:29:A7:E3:CC:0F:BF:2F:BA:2E:6F:2A:38:62:8B:48:4D"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495749875,"flow_last_seen":1646495749875,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495749875,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1646495749875,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495749875,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8bgJAAEAGHN3AqAGAgeJr0q\/WAbvpKcA1AAAAAKAC+vDq5gAAAgQFtAQCCAoyACVaAAAAAAEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1646495750196,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1646495750196,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAAC8Gm+eB4mvSwKgBgAG7r9bNFCqu6SnANoASOQgzewAAAgQFoAEBBAIBAwMH"}
01153{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1646495750202,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_msec":1646495750202,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAItbgRAAEAGGurAqAGAgeJr0q\/WAbvpKcA2zRQqr1AYAfYZ+QAAFgMBAgABAAH8AwMSMXO4WcNq177CYxST5Cayi57AGXeQdEMNPed0f\/vO+CBsnRDIIeROJeOlCByvk7lr9pRUbeR06Cs4dVzQT0oYEAAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAASABAAAA13d3cuaWZsaXguY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAiAAoACAQDBQMGAwIDADMAawBpAB0AIOmUL4m7jSQuaHGCv6++\/yOU0VJCaPyexIMcIsguXG5nABcAQQTHBHql0\/iCD7AqH7jE0qyA2MF\/+\/iD9HNmfv2msqiXNFGoZilNx52dlYpSngcjMahYCZatuJxecuXUWxhAYPfzACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":499,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495749875,"flow_last_seen":1646495750202,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495750202,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.IFLIX","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iflix.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495749875,"flow_last_seen":1646495750523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1949,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1646495750523,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.IFLIX","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iflix.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01507{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646495749875,"flow_last_seen":1646495750523,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":4189,"flow_avg_l4_payload_len":698,"midstream":0,"thread_ts_msec":1646495750523,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.IFLIX","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iflix.com","server_names":"jan18-2022-1.ias.iflix.com,access.iflix.com,accounts.iflix.com,debugaccess.iflix.com,hwvip.iflix.com,iflix.com,live.iflix.com,pbaccess.iflix.com,pbdebugaccess.iflix.com,test.iflix.com,testupload.iflix.com,tv.iflix.com,upload.iflix.com,vplay.iflix.com,www.iflix.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3","subjectDN":"C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=jan18-2022-1.ias.iflix.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"6F:FD:C1:38:F4:2A:0B:65:51:9C:0E:11:86:63:B5:58:52:FC:96:B0"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495785326,"flow_last_seen":1646495785326,"flow_idle_time":200000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646495785326,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02271{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1646495785326,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_msec":1646495785326,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAVpAABAAEARxpLAqAGA2DrUjpbyAbsFVWFvygAAAAEIEaJhA\/pmmGIDGZVnAEJ9k4MXlQzkENByBWBPG6JdLnJ97tZTge\/8kX\/RhzOqc4jakqIni2HiqmCs6hTSmZEhkbOUs3lvKsO9F9+XIhOeXqIykOCxzeDPOvDHVnxP2ftNUD1lroHjevW4+JYs\/R0VPIgtCayG\/meCf7Lef9QhWL6YQmXx48ui2W6tYfyIEiaXDMtExoqL+hacVg2HpNlIwJe4PE0\/HEg3ezCS0HD8j4RVM2gk+MitT95qpQmfRz8ntx5WznfpVZvMxU23bid9\/dO3KP4LRTXApe0VNoqcMS8eAgkUyCgd5nSQ87LPgFqnkCEFratISm41sDhhr7ve32C1I\/TlAIhgBRfW87C3WFDVCBagaYOeonExydEo\/D28evz\/tjH6aV7xu0wNblTQywt3lynmNkuwCW7cnmeQuau6oQOA9GiSOfN51L3rFmCObunfGa2ezZE4y2FjFlEEKO\/QIf2CassSbDJm49YK5w7PoSq58kn\/6qIb0Tn5xVj\/LonVQw1HAkNmcP8ql0C7shrF43UdoYXvT\/hOCOA\/VAd6JiIod3M38vXNHkTBOnLJf9TfjJE64UfVXvq5UqVG0r6WldLJGu2xtNgpeDi11dyXdfvaPJX4DN1wutu28hbCiIktfSp6wZpMBmAyygGuO73TqglRovt2xSE4EHwrJMCD4O2TYEurb9uUa0gMyyJFr9\/L+BwLQIYk52z2VLzFmq3EMYlrlu4r\/zm7z83+qa7ryx2Qegl3wdMjyEciWgqgcac28uJhD3lOGWLmvmFxM9fEY1jJKzrVnaWs\/i+ophLeLFpkmeSef74TmyzGpEZIsuPNpoyrlLRH7YPjpxJQS81Wg3bRzpRPypt93N8AAAABCBGiYQP6ZphiAxmVZ0A7KMwiGjnAKddrCOyv2PDiBRWs1qpECiw2xTVInm4f3DIdG9S3r6Co1Q+QqgROt51vL3O9dOvlXAZmpcYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00824{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495785326,"flow_last_seen":1646495785326,"flow_idle_time":200000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646495785326,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"hangouts.google.com","version":"TLSv1.3","alpn":"h3","ja3":"2a18e6bf307f97c5e27f0ab407dc65db","tls_supported_versions":"TLSv1.3"}}
02279{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1646495785351,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_msec":1646495785351,"pkt":"PKn0qB\/spJGxgjQ5CABFgAVpAABAADMR0xLYOtSOwKgBgAG7lvIFVdbOwgAAAAEDGZVnCBGiYQP6ZphiAEPst9JjIfZ6zFXkACoVjtJE04mEvUBO80J9CXDI1AzGWloBOqzPXI+URdYvHEecgUeYllSRgTGQ\/pdzmzfdkga4V0DlNh9sMthgcZTrWfMiNpOkeHh+8VGEpoSOyr5bTtr6qKEGYg7ZZM+3g8CNri4\/Y4rmU\/u2ucvFt3wUyTEBNlGlntUryhGUoERRNT55NmFJqVuhU\/GueMTfSHsKfOOCMhdksMgHmrVyRumUWVrccMpyqwcE3vpmgCs+uFNthYNXlEj8FMdYAA6FIKpTcrXTgZ3Nm3DRRlDCt76rYa9Ed5zm8JxO+MhvWTGGpqVfgXpQEWyeWMNxG693XFsxTB07PJ3\/YeWP9LrYnM2HgdinrEmJ9dHI16vwi5FQ0cWQJ92cHEvIGKGiq8SA5HEgTnQVmdK2xOmx7dj0KaicL3ol58t8ltkbIXgfkxYhp5yyTHcH3z0UKdCT7GAS6tTRIUS1R7xH75rixlq6B8ZSkGHfajnn6P2ZcdZ\/x0f91Ed0FleO4gdbHHIHetNxBiPPjmSYid1gKObR53SjxAV83g\/W5uVBPG0cabwLojDjBF4yItmMF8ard0uchzKjL7+VPzEBpyA8VAKvlvVbjeonWQ9zdLjCu+3DI5DnZF04lHG772bPMCDbbp1L2TwHKUlogQBjbGpHA7cGqXQ+7rgXzsp8A1LJ4M7UOfhwAhpEZinbjHrtptlKXt3FIxug5QT3rZRFmRCTzNoEN+lueCUbvABz5ahUadsFXVwk+QV6y6OfittlgN9FPzvu2wbXQsdpR7HuGw5be5n5hrjM\/gt9Cn1qYtj8W7tpYyeOF6J2KVyL\/JC\/QJoDFTRmNJOaSu8I9GPipG+PZyHfbkz460Q5SYy9J6Yty8H0OpgvMOxAZyJfdY6HpBJ73a3hMG\/oeLH2XJGbp7tfnJSbIrw7OjnmUjZjC3QFC5ZT\/D9lfLZQtLioZhFU2dvfGzIgp3e6A6JbEE0vFluuvChl2C+0rBUUI4BDQaLDC36yd\/nqeU9YkBNuGMLNwmS1nu9FZU8mcDANqVoY5yVLg2kamNS5X1hNq7e0ZttiC++uqF2vAilhDlKm4Sn9UjPckZuiZBomYpyg0Mx2VTEwtpKds6MA+UAswT6IhWCQVBWewjai+fOWFc9I1PVuJXv6wszew3Hcqcb00f6u5LLpYQLzSeihJuZrVlM1j6lGBHe0EhJ6DL1teURdZuXWHdzyDqDjp983xiqcs411z8ivoxsAQrnJoCWJxd7jZsORlrj+qRu70MzdRwWows6Ir5D2WLnk\/xr5xZXlxc0qq35KzQxuScxBBYPpS5ZzPphWbiD4nd3CHT+adzTjAAAAAQMZlWcIEaJhA\/pmmGJA9VVpI4dKlmrgeF\/YggQi8sjf99E3nv5OtPvRrtZcyuW01yoBM35YdPwOsg50xXr\/BiQRHRmpg5AI\/Gxv40hVq1L2PZoVADVhqqGncF1oScVHTbM9W4m3oXbHay1EHfQ5lAWTWpN49l9Tiv7IrVgj7Dp+73Bh+\/I4be++4+GN0yWQOqn0T+ijD3iAvjW07u4KFggANU2wFU17wsvlJuMqKoty0iSiIcZD1Fpv8YeBupA3Jd5TcFAQxL\/\/amaXv8CyobSjSega7I6w3iSVpXXusfvcoL9IwMGqCbpjl4yujE+\/2nPBKVvs4iEZolT1zqdJU8Q5tR5vWxmVZ56Vkqmz6hVG35AqABKCyEo\/gk\/PneTs58wsy3Z+6AWG31mbKVGDVWKfuUivH9e1GriPy0Y1T2Vi68\/VxrxY\/w=="}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495836963,"flow_last_seen":1646495836963,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646495836963,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1646495836963,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495836963,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8O4hAAEAG9ELAqAGAjvq5zsWwAbtVp40sAAAAAKAC+vA0nQAAAgQFtAQCCApsJfcbAAAAAAEDAwc="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1646495836979,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646495836979,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8r34AAHIGjcyO+rnOwKgBgAG7xbDcn6Z3VaeNLaAS\/\/\/zpwAAAgQFlgQCCApyIEa6bCX3GwEDAwg="}
01166{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1646495836983,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646495836983,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5O4pAAEAG8kPAqAGAjvq5zsWwAbtVp40t3J+meIAYAfYRowAAAQEICmwl9zByIEa6FgMBAgABAAH8AwOIf7nJ5breQpxi5aty74p4A0tH8s+YhJ7uQwoAchgbeyDiYRrjyIJgoj6ghTCikRuTluEoGumBBaOR1N7eUGiD\/gAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAATABEAAA5nb29nbGVwbHVzLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACBQQOMOQqFJCXmUicpi9d2kYaSiqPqeBjWpdYiUO92OBgAXAEEEwEm0an4CaV7UYrRD1yMS8F4iZzs0QylP5VOKPX+Fji27U1gjEJPJGZS7PVMPfJS0GsqWWRpHV\/lDyKacoCtA0wArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00894{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646495836963,"flow_last_seen":1646495836983,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646495836983,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"googleplus.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646495836963,"flow_last_seen":1646495837006,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646495837006,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"googleplus.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":511,"source":"sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495837086,"flow_last_seen":1646495837086,"flow_idle_time":200000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646495837086,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1646495837086,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_msec":1646495837086,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAVpAABAAEARLnPAqAGAjvq17o\/gAbsFVdqKwQAAAAEIGskra7CKZYEDuYLxAEIVFxxqmZ08lCd3LEamnRnTwqMewjQTOXHJ+bQBCnc75qyddTeYHQ3SnzAULSCTOvy9BuronZfx+Rok2NEb\/1BsWpwM7HvouqIbg\/UM9rh+Oz94fTVRKCbJSe1Rt9Wi3IS3cTWhF88qqkbPlVNVfTP6qf147kmXwAclEb200UQEzcAZIv3o++EPu3L79R8FmBpBYJnCKkgaxbqODau1mi\/955te0zmkf2846gwZzwMXzDwbr6\/3HnP3h8OfoVM0MIFN9x7Ds+vGpVKDRpQM0NlvNQfFfblQvgPKr6\/wJHgowwd40oBCNI3FTXFgafKbw2f8iXs1MuIi6dbw5qDMfDg7neN7v6\/vcX4HSf8y6PVeyxCvA4+7q957ap\/3PII07iu47YhDzCD0lwTDjfi\/a1raoLz70\/SPK9NEbeWnxibfZXFeg8+E6Qmd9DFP4zQ2QPKahjqlPM4ZePdB1N+sWTrGnHY+e5VOY4qYOyABuFGeuadAN35ZvnTav7s\/+rzxtiAo1AWyqO5W85hkYntoGdWyMOzcrhaGvKoJNlyQWa3gWJkpY39Z1uzVJ9G3lDdAsC9\/zRJfbRKvAouMAfcWbKNWIPlVEx425CNhqzWnjNjSzKi5ec4e5C4us09IcxcJ6YiARP3HINF5Ycp8CM+O3SAPpWjAj1wgjVCtDNLk+H+lVLgNqHb0nSuRRFGscCZoJV0VpfhM0MYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646495837086,"flow_last_seen":1646495837086,"flow_idle_time":200000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646495837086,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GooglePlus","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"plus.google.com","version":"TLSv1.3","alpn":"h3","ja3":"b719940c5ab9a3373cb4475d8143ff88","tls_supported_versions":"TLSv1.3"}}
02275{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1646495837102,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_msec":1646495837102,"pkt":"PKn0qB\/spJGxgjQ5CABFgAVpAABAADMROvOO+rXuwKgBgAG7j+AFVSXtyAAAAAEDuYLxCBrJK2uwimWBAEU4Tznrzq28hb1XmRDs0MFqelTnhcFUZ84H4q1aY4G8iO4oHDfc48pBHn\/VwFJa95gqSHvH4Ev8Om2dP0drKfHTm5RIabnMUwABEpNiK30Wb+s0DC1P8fJqrYirSkcMUtk+OScepXvvMoUJqb3oK\/SHueY\/CR+1r94ahlb+lQ5CMkRrFEpV8Y80c9Tk558ky1YvZroBJocv+D8x22dTrB3Nr2zV5BXUe4IfZjyM1uOvrGOzm7BFlSrMgOj6FKIkCgp\/pf+jrmIN6zoTCYHljLfpxOi3CtJlotE5kvBNJfYTIlpV6ePxOeaBHnLAnR8AUiLMe4EQhoCyafpPSu2uRilBt0zY24SPHj+Vr1q8JDD3+tdbrEpwnhqALSf4fMlI0nlCiW6KDCz9YYUL75K4IS9444yNzf1Yr99Mh0kbqbRkqVD2lz0sc+tejmla91jt2s1ymwqM2Dkc57wq\/ZGL2qTvHoCDCrWXzzSFq2DtMODbeFddKrW7D2S\/WC6gNpi8CkmnUEfrksPztXbMxr+4svM2m36IzD+uTDtBonQOeeetS42fSNmayHtkfbHFRhxhKIWxbXnDeYhaHVYjCQ+4X0zwkTVPladnLIcVEBYqwYQv5\/bz9ieX8wyoykaDLtE9CrJi2EKtZ8wkCC7Z741Zd+Wml1GFTEX8vTPcXOs4jWXGa8by36ak7R21cVgtCbMzCsX51MXYO9rxKpqzQ90YL3ZJybESTLyCZVaetnFQQy0zj9i3aMbEeaF1GIY8fpv41LJIfBTcuddEsku5mHk0ET+hIJRQHhrqv3\/7dLCFIB8IbFzqoMNXvst3vFd153RNd4+wDFw0PTKp3WxAax7aH3o4vpIKkH5MYZZm6QdYg4AXeCOVs+yOQckfo449mppsZnBCauNFwyGHgfdImQc5ChUcBackKfZKPm+8gpfez3Lh5cIH5TVZfBcX2049yxCxwBIQNMHRFZ\/l6px98JrGqv9wlLvZ9x05f9o+OBwqtGjSma1n6CqkHTjCKDb9wEKbD27oXi\/IB1KPHp2u9d\/c+7X2RVtjWmizhI43eqsfAt6YQSI\/I6i5XWGJRa1qw\/6lLbvQvj\/jHqXTS68GWhBdBLJUtfTko6qCsN7rqu1qRzGoIhl0BkGE92lNyYY\/ZTU6\/hdcvPHH\/gVolLu3hFDPu+ipgvDDLIZuRl+UaoOI4gJccnN1m37oKsX6NQtnyeGSc2tM6+62ei3A6X8waSaElCusvteiUGCHQxwaHmAxN+l0Fnrtj2W9v8HqhbG8zavLaMSK9TCSurpq1GtTp5SAztNP1KCrvVnqVhJrjpPBsMoRZgIibHU+b02bSrZ5vLUq8fMRq1DHjSpmxuFXNZXv4gyNl3Dl6lhcF466Vu3DVIKOpmXUnOt94P9drBleL2pc6g\/Rsi+uKui90velUE0hGPgoOIhhDJ0ymy34LYnDdDZuGwprFKEAglwy2+YC1sXbba6gKVjcOV1Ca5zHuLIWZHit470RXXzr7m1Xi\/5cXZYyKSyJACVo6ge6ve+Upi7YI+aW+jgyPqmHMKb+I\/eIOcKZeHyih24R2l7AgjvcvMggC5W8nbNUSu9cpnGWdlPqjTB0D+d7oT5+bGyUabkzh3dJ2t9fzH8gnGtlT1zFzufTmcBCKpbCY6sP\/0lUq7vHjuvu650M0IhuYA8e9G78Y8vHGY8YN9zIOLD+CF2bDXHwqf3VW0Z0KdlLeLkOH0oqFJ9UgLOZLQqYMUReoZ97In3a7hJ65ZurIhpFxCeAoO9kMhJrGIJTN\/Ls9g=="}
00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":513,"packets-processed":512,"total-skipped-flows":0,"total-l4-data-len":233934,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":42,"total-detection-updates":47,"total-updates":0,"current-active-flows":10,"total-active-flows":46,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":319,"global_ts_msec":1646568788171}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1646568788171,"flow_last_seen":1646568788171,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646568788171,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1646568788171,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646568788171,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8AQRAAEAGfpzAqAGA0FUontLaAbs4n4KKAAAAAKAC+vB1NgAAAgQFtAQCCArSjLpwAAAAAAEDAwc="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1646568788337,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1646568788337,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8Ke1AAPAGpbLQVSiewKgBgAG70tpN2CtOOJ+Ci6ASOQiNqgAAAgQFtAEDAwAEAggKXyXRHtKMunA="}
01169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1646568788341,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_msec":1646568788341,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAI5AQZAAEAGfJ3AqAGA0FUontLaAbs4n4KLTdgrT4AYAfYOtAAAAQEICtKMuxtfJdEeFgMBAgABAAH8AwNyi5pZnYizmESRNRsWFzLDUgF4AIT\/tX3zYbufDRkzzyDMV\/FK528iuv6PxN\/1DD4BU1TMzFBPBIF01ZAvPFWIVwAiEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQEAAZEAAAAQAA4AAAtwYW5kb3JhLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAKAAgEAwUDBgMCAwAzAGsAaQAdACBUk5TxRwMmI7m3PUpmyv2jiTq1G62x80KdY2tfOvxfVgAXAEEEr8O4oznU2jNZk5ZC+\/pUpJeqcDtGn2NikTZa2J69CfKpIdzohOHLj9fffI5zTez3ppU6JIFTO2\/VBVQmSVbRwwArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1646568788171,"flow_last_seen":1646568788341,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1646568788341,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pandora","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pandora.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":516,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1646568788171,"flow_last_seen":1646568788508,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646568788508,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pandora","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pandora.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"7047b9d842ee4b3fba6a86353828c915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01231{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":518,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1646568788171,"flow_last_seen":1646568788673,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3789,"flow_avg_l4_payload_len":631,"midstream":0,"thread_ts_msec":1646568788673,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pandora","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pandora.com","server_names":"*.pandora.com,pandora.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"7047b9d842ee4b3fba6a86353828c915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1","subjectDN":"C=US, ST=California, L=Oakland, O=Pandora Media, LLC, CN=*.pandora.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"40:BB:03:6C:E8:D4:7C:D7:72:59:2F:8D:DB:4B:64:4F:8F:C4:EB:AF"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646495669804,"flow_last_seen":1646495669824,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1945,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"108.138.185.106","src_port":33664,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646495697787,"flow_last_seen":1646495697827,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.142","src_port":56458,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleDrive","breed":"Acceptable","category":"Cloud"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646495836963,"flow_last_seen":1646495837006,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":483,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646568788171,"flow_last_seen":1646568788847,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4237,"flow_avg_l4_payload_len":529,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Pandora","breed":"Fun","category":"Streaming"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1646495710534,"flow_last_seen":1646495710610,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6845,"flow_avg_l4_payload_len":684,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.107.42.13","src_port":56836,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.MS_OneDrive","breed":"Acceptable","category":"Cloud"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1646495785326,"flow_last_seen":1646495785351,"flow_idle_time":200000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":2714,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646495749875,"flow_last_seen":1646495750848,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":4556,"flow_avg_l4_payload_len":569,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.IFLIX","breed":"Fun","category":"Video"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1646495710343,"flow_last_seen":1646495710456,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6565,"flow_avg_l4_payload_len":729,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.81.118.91","src_port":33102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"}}
00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1646495837086,"flow_last_seen":1646495837102,"flow_idle_time":200000,"flow_min_l4_payload_len":1357,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":2714,"flow_avg_l4_payload_len":1357,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GooglePlus","breed":"Fun","category":"SocialNetwork"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1646495650748,"flow_last_seen":1646495650832,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4927,"flow_avg_l4_payload_len":615,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"}}
00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1646495488872,"flow_last_seen":1646495488890,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1646568788847,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleSiri","breed":"Acceptable","category":"VirtAssistant"}}
00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":520,"source":"sites.pcapng","alias":"nDPId-test","packets-captured":520,"packets-processed":520,"total-skipped-flows":0,"total-l4-data-len":238171,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":43,"total-detection-updates":49,"total-updates":0,"current-active-flows":0,"total-active-flows":47,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":338,"global_ts_msec":1646568788847}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 520/520
~~ skipped flows.............: 0
~~ total layer4 data length..: 238171 bytes
~~ total detected protocols..: 43
~~ total active/idle flows...: 47/47
~~ total timeout flows.......: 4
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6242894 bytes
~~ total memory freed........: 6242894 bytes
~~ total allocations/frees...: 119202/119202
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 463 chars
~~ json string max len.......: 2306 chars
~~ json string avg len.......: 1384 chars
|