aboutsummaryrefslogtreecommitdiff
path: root/test/results/tls_heuristics_enabled/tls_heur__vmess-tcp.pcapng.out
blob: 6cdd01df3fc18f6b3b8665b353cad1bb1abb6b05 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

00641{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00862{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1725108604542518}
00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725108604542518,"flow_src_last_pkt_time":1725108604542518,"flow_dst_last_pkt_time":1725108604542518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108604542518,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37218,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1725108604542518,"flow_dst_last_pkt_time":1725108604542518,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725108604542518,"pkt":"AAADBAAGAAAAAAAAClUIAEUAADwueUAAQAYOQX8AAAF\/AAABkWIEOC0ia0MAAAAAoAL\/1\/4wAAACBP\/XBAIICoL13hcAAAAAAQMDBw=="}
00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1725108604542518,"flow_dst_last_pkt_time":1725108604542542,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725108604542542,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBDiRYncsq\/stImtEoBL\/y\/4wAAACBP\/XBAIICoL13heC9d4XAQMDBw=="}
00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1725108604542557,"flow_dst_last_pkt_time":1725108604542542,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725108604542557,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADQuekAAQAYOSH8AAAF\/AAABkWIEOC0ia0R3LKv8gBACAP4oAAABAQgKgvXeF4L13hc="}
00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1725108604542632,"flow_dst_last_pkt_time":1725108604542542,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":72,"pkt_l4_len":36,"thread_ts_usec":1725108604542632,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADgue0AAQAYOQ38AAAF\/AAABkWIEOC0ia0R3LKv8gBgCAP4sAAABAQgKgvXeF4L13hcFAgAB"}
00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1725108604542632,"flow_dst_last_pkt_time":1725108604542639,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725108604542639,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADREJUAAQAb4nH8AAAF\/AAABBDiRYncsq\/wtImtIgBACAP4oAAABAQgKgvXeF4L13hc="}
00942{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1725108604542518,"flow_src_last_pkt_time":1725108604542632,"flow_dst_last_pkt_time":1725108604543203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1725108604543203,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37218,"dst_port":1080,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725108604543910,"flow_src_last_pkt_time":1725108604543910,"flow_dst_last_pkt_time":1725108604543910,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108604543910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":35957,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5}
00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1725108604543910,"flow_dst_last_pkt_time":1725108604543910,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725108604543910,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEgVJkAAQBEnSX8AAAF\/AAA1jHUANQA0\/nvdIwEgAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAABAAEAACkEsAAAAAAAAA=="}
01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725108604543910,"flow_src_last_pkt_time":1725108604543910,"flow_dst_last_pkt_time":1725108604543910,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108604543910,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":35957,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr": []}}}
00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1725108604543926,"flow_dst_last_pkt_time":1725108604543910,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":88,"pkt_l4_len":52,"thread_ts_usec":1725108604543926,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAEgVJ0AAQBEnSH8AAAF\/AAA1jHUANQA0\/nvRJgEgAAEAAAAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAEAACkEsAAAAAAAAA=="}
01241{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1725108604543910,"flow_src_last_pkt_time":1725108604543926,"flow_dst_last_pkt_time":1725108604543910,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108604543926,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":35957,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr": []}}}
01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1725108604543926,"flow_dst_last_pkt_time":1725108604544468,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":490,"pkt_l4_len":454,"thread_ts_usec":1725108604544468,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAdo9I0AAARE8un8AADV\/AAABADWMdQHGAA7dI4GAAAEAEQAAAAUDd3d3B3lvdXR1YmUDY29tAAABAAHADAAFAAEAAAAOABYKeW91dHViZS11aQFsBmdvb2dsZcAYwC0AAQABAAAADgAErNkSLsAtAAEAAQAAAA4ABI77Jc7ALQABAAEAAAAOAASO+yUuwC0AAQABAAAADgAE2DrUbsAtAAEAAQAAAA4ABKzZEy7ALQABAAEAAAAOAASO+sjOwC0AAQABAAAADgAErNkVDsAtAAEAAQAAAA4ABKzZEu7ALQABAAEAAAAOAASs2avuwC0AAQABAAAADgAEjvrI7sAtAAEAAQAAAA4ABI76yQ7ALQABAAEAAAAOAASO+yXuwC0AAQABAAAADgAEjvrJLsAtAAEAAQAAAA4ABKzZE47ALQABAAEAAAAOAASO+svuwC0AAQABAAAADgAEjvslrsAtABwAAQAAAA4AECoAFFBABggNAAAAAAAAIA7ALQAcAAEAAAAOABAqABRQQAYIDgAAAAAAACAOwC0AHAABAAAADgAQKgAUUEAGCAYAAAAAAAAgDsAtABwAAQAAAA4AECoAFFBABggMAAAAAAAAIA4AACn\/1gAAAAAAAA=="}
01215{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1725108604543910,"flow_src_last_pkt_time":1725108604543926,"flow_dst_last_pkt_time":1725108604544468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":446,"midstream":0,"thread_ts_usec":1725108604544468,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":35957,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com","domainame":"www.youtube.com","dns": {"num_queries":1,"num_answers":22,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr": ["172.217.18.46,ttl=14","142.251.37.206,ttl=14","142.251.37.46,ttl=14","216.58.212.110,ttl=14"]}}}
00801{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1725108604543926,"flow_dst_last_pkt_time":1725108604544652,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":234,"pkt_l4_len":198,"thread_ts_usec":1725108604544652,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAANo9JEAAARE9uX8AADV\/AAABADWMdQDG\/w3RJoGAAAEABQAAAAEDd3d3B3lvdXR1YmUDY29tAAAcAAHADAAFAAEAAAAOABYKeW91dHViZS11aQFsBmdvb2dsZcAYwC0AHAABAAAADgAQKgAUUEAGCA0AAAAAAAAgDsAtABwAAQAAAA4AECoAFFBABggOAAAAAAAAIA7ALQAcAAEAAAAOABAqABRQQAYIDAAAAAAAACAOwC0AHAABAAAADgAQKgAUUEAGCAYAAAAAAAAgDgAAKf\/WAAAAAAAA"}
00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725108604546168,"flow_src_last_pkt_time":1725108604546168,"flow_dst_last_pkt_time":1725108604546168,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108604546168,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40818,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1725108604546168,"flow_dst_last_pkt_time":1725108604546168,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725108604546168,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADzAV0AAQAZ8Yn8AAAF\/AAABn3IE0qMX\/XsAAAAAoAL\/1\/4wAAACBP\/XBAIICoL13hsAAAAAAQMDBw=="}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1725108604546168,"flow_dst_last_pkt_time":1725108604546180,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1725108604546180,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADwAAEAAQAY8un8AAAF\/AAABBNKfcgFEedujF\/18oBL\/y\/4wAAACBP\/XBAIICoL13huC9d4bAQMDBw=="}
00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1725108604546189,"flow_dst_last_pkt_time":1725108604546180,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725108604546189,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADTAWEAAQAZ8aX8AAAF\/AAABn3IE0qMX\/XwBRHncgBACAP4oAAABAQgKgvXeG4L13hs="}
01510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1725108604628158,"flow_dst_last_pkt_time":1725108604546180,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":749,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":749,"pkt_l4_len":713,"thread_ts_usec":1725108604628158,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAt3AWUAAQAZ5v38AAAF\/AAABn3IE0qMX\/XwBRHncgBgCAADSAAABAQgKgvXebYL13htR2QiOiIPSVg+qVxOKC2E2ejANDkkG7BFUCbyENDsaf3O1BLMjQJvyv6Zy8n7cIEIbmfXSrurAfx+TD8EF5zj\/gzxDqjxKOzss0PvwBj7fpGOTqYc\/0A4tR0Z2+OznjQpsJFOX3QoJr6HCPKNEUM2DmU8wm91TLhaiupGazJ59ORPBdvlSEjCZ1Fr+68ZAMrjRJLPjTO6RTnpqpDxqyXSGiEsBo\/nvvNPjXJcx+SO2GjBTPo7fNpDW2AcT7fJy7Rk8aMfoyUaSu\/McXFda0ScdgqfBqxUrzf2YfDExS\/\/WtYpe14eDrqAN0bEnMmwm\/gdjl8\/51qKoVWbtnAvRnHft6wi32zLtq021c8iOaHQfDUrOhGT0ia8nsdPV4MSQ\/D\/B9fAe8YZYT8Lu4uBCa5DiPbrv7CvVkbtPLdsv65cg\/pvSW1FR\/RGFlcz5vbIpHe0UX2D5wnI8oTjH0xZuCeEpj+BxDH+IBtT2KOwMEZPTXagMswVIHmJU1ZHgpM\/HWV10q6shQ2KESK7isLgmt5lmSXmdcfU9\/NQerKIKQs3Aeg5orSBjYppQUkI9qvayFxL1zYDWT4TleQSyWpt6iUgqBS1WSHf8vZzXKTUWOMZvqyRq5q\/dZEzQ0P3kdtWRqjatVLcc8tctaXiZ6g7BIdauVlKib\/GIr2YFwdx5Cu9RfAfrR9yw\/LmlRYK0M\/gjKcH1nu5EqzQImq0Zka10a7g3gRj8aKzC9A+Ng9\/3GT7T+Hu6EF5th8yybaUPIa0QfvjDEDz4jmGZU11F2i96nho7kBkiNQ+ovYZTVSGnReZDnJnC\/izlQgRYL\/jXj46gp+pxW+awTAQwf3uB83QFp67klbd2VyUDvWamZBCtvwirjf+5uWvXG12TMxVLkCWbBn2fXTi9U38XW3o="}
00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1725108604628158,"flow_dst_last_pkt_time":1725108604628205,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1725108604628205,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAADRAGUAAQAb8qH8AAAF\/AAABBNKfcgFEedyjGAAlgBAB+\/4oAAABAQgKgvXebYL13m0="}
00841{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108604629032,"flow_dst_last_pkt_time":1725108604629032,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108604629032,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1725108604629032,"flow_dst_last_pkt_time":1725108604629032,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":96,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":96,"pkt_l4_len":40,"thread_ts_usec":1725108604629032,"pkt":"AAQAAQAGCAAn\/ADWAACG3WAMqq0AKAZAIAELBwo9wRKGKIiqiwCRPCoAFFBABggNAAAAAAAAIA68rgG7EjfG2QAAAACgAv8oyAcAAAIEBYwEAggKdV18TAAAAAABAwMH"}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1725108605648857,"flow_dst_last_pkt_time":1725108604629032,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":96,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":96,"pkt_l4_len":40,"thread_ts_usec":1725108605648857,"pkt":"AAQAAQAGCAAn\/ADWAACG3WAGAvMAKAZAIAELBwo9wRKGKIiqiwCRPCoAFFBABggNAAAAAAAAIA68rgG7EjfG2QAAAACgAv8oyAcAAAIEBYwEAggKdV2ASAAAAAABAwMH"}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1725108606672884,"flow_dst_last_pkt_time":1725108604629032,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":96,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":96,"pkt_l4_len":40,"thread_ts_usec":1725108606672884,"pkt":"AAQAAQAGCAAn\/ADWAACG3WAO6GIAKAZAIAELBwo9wRKGKIiqiwCRPCoAFFBABggNAAAAAAAAIA68rgG7EjfG2QAAAACgAv8oyAcAAAIEBYwEAggKdV2ESAAAAAABAwMH"}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1725108606672884,"flow_dst_last_pkt_time":1725108606682534,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":96,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":96,"pkt_l4_len":40,"thread_ts_usec":1725108606682534,"pkt":"AAAAAQAGILAB4IZiAACG3WgIzOgAKAZ6KgAUUEAGCA0AAAAAAAAgDiABCwcKPcEShiiIqosAkTwBu7yuGkObbhI3xtqgEv\/\/GcUAAAIEBMQEAggKzLRTuXVdhEgBAwMI"}
00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1725108606682587,"flow_dst_last_pkt_time":1725108606682534,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":88,"pkt_l4_len":32,"thread_ts_usec":1725108606682587,"pkt":"AAQAAQAGCAAn\/ADWAACG3WAO6GIAIAZAIAELBwo9wRKGKIiqiwCRPCoAFFBABggNAAAAAAAAIA68rgG7EjfG2hpDm2+AEAH\/x\/8AAAEBCAp1XYRRzLRTuQ=="}
01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606682993,"flow_dst_last_pkt_time":1725108606682534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1725108606682993,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.2","ja3s":"","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606682993,"flow_dst_last_pkt_time":1725108606707789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1725108606707789,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","domainame":"www.youtube.com","tls": {"version":"TLSv1.3","ja3s":"907bf3ecef1c987c889946b737b43de8","ja4":"t13d3113h2_e8f1e7e78f70_ce5650b735ce","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","blocks":0}}}
02231{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":87,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606811390,"flow_dst_last_pkt_time":1725108606811354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":17178,"midstream":0,"thread_ts_usec":1725108606811390,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":140796.1,"max":2053502,"stddev":429032.8,"var":184069177344.0,"ent":1.9,"data": [1019825,1024027,2053502,9703,406,10463,14792,0,24842,18,170,0,116,29,3354,490,13422,1,9609,1757,11412,77711,1,0,87369,366,324,304,298,178,191]},"pktlen": {"min":72,"avg":635.5,"max":2488,"stddev":846.4,"var":716345.8,"ent":3.9,"data": [80,80,80,80,72,589,72,2488,1280,72,72,1280,1840,72,72,152,202,720,103,135,103,72,1280,307,1280,72,2488,72,2488,72,2488,72]},"bins": {"c_to_s": [13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,5]},"directions": [0,0,0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,1,1,0,0,1,1,1,1,0,1,0,1,0,1,0],"entropies": [4.850302696,4.800302982,4.850302696,5.367949963,5.219669819,4.818557739,5.209185123,7.915221691,7.834231853,5.219669819,5.247447491,7.848894119,7.900642872,5.219669819,5.219669819,6.392518997,6.617354393,7.706577778,5.915785313,6.435108185,5.884278774,5.236962795,7.850246906,7.152086258,7.852072716,5.247447491,7.906479836,5.247447491,7.917565346,5.247447491,7.928373814,5.247447491]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}}
01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1725108604543910,"flow_src_last_pkt_time":1725108604543926,"flow_dst_last_pkt_time":1725108604544652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":636,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.53","src_port":35957,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.YouTube","proto_id":"5.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.youtube.com"}}
00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1725108604542518,"flow_src_last_pkt_time":1725108606812524,"flow_dst_last_pkt_time":1725108606812503,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":7115,"flow_src_tot_l4_payload_len":847,"flow_dst_tot_l4_payload_len":18442,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37218,"dst_port":1080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}}
01027{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":16,"flow_first_seen":1725108604546168,"flow_src_last_pkt_time":1725108606812347,"flow_dst_last_pkt_time":1725108606812408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":681,"flow_dst_max_l4_payload_len":4726,"flow_src_tot_l4_payload_len":1234,"flow_dst_tot_l4_payload_len":19321,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40818,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully Encrypted Flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":16,"flow_first_seen":1725108604546168,"flow_src_last_pkt_time":1725108606812347,"flow_dst_last_pkt_time":1725108606812408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":681,"flow_dst_max_l4_payload_len":4726,"flow_src_tot_l4_payload_len":1234,"flow_dst_tot_l4_payload_len":19321,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":40818,"dst_port":1234,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5}
01074{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":18,"flow_first_seen":1725108604629032,"flow_src_last_pkt_time":1725108606831814,"flow_dst_last_pkt_time":1725108606831771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":20846,"midstream":0,"thread_ts_usec":1725108606831814,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:8628:88aa:8b00:913c","dst_ip":"2a00:1450:4006:80d::200e","src_port":48302,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com"}}
00875{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/tls_heuristics_enabled\/pcap\/tls_heur__vmess-tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":100,"packets-processed":100,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62235,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":38,"global_ts_usec":1725108606831814}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 100/100
~~ skipped flows.............: 0
~~ total layer4 data length..: 62235 bytes
~~ total detected protocols..: 3
~~ total active/idle flows...: 4/4
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 7605608 bytes
~~ total memory freed........: 7605608 bytes
~~ total allocations/frees...: 126023/126023
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 581 chars
~~ json message max len.......: 2236 chars
~~ json message avg len.......: 1405 chars
Powered by cgit, Themed by Ted Yin.