1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
00394{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"max-idle-time":600000,"tcp-max-post-end-flow-time":60000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1252380859868,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1252380859,"pkt_ts_usec":868541,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABTRQblQABy\/OaVJCABFAAA0MFlAAIAG8ynAqAplziE9cQ9\/AbtzVLVxAAAAAIAC+vBjhwAAAgQFtAEDAwABAQQC"}
00395{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1252380859,"pkt_ts_usec":884558,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":66,"pkt_l4_len":0,"pkt":"ABy\/OaUlABTRQblQCABFIBA0ZLoAADYGSUrOIT1xwKgKZQG7D3++yAIvc1S1coASFtCGmAAAAgQFtAEBBAIBAwMx"}
00181{"basic_event_id":8,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","l4_data_len":32}
00418{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1252380859,"pkt_ts_usec":884593,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABTRQblQABy\/PaVxCABFAAAoMP9AAIAG8zDAqAplziE9cQ9\/AbtzVLVyvsgCMFAQ+vDjSQAA"}
00558{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1252380859,"pkt_ts_usec":885010,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"ABTRQblQABy\/OaVxCABFAACOMQBAAIAG8snAqAplziE9cQ9\/AbtzVLVyvsgCMFAY+vBuTgAAFgMBAGEBAABdAwFKpdC7WffXCrqul0rRyqlV7PYgfbDHC7SZ1YAJU4BSeiCCetHfydzbddwggCw2Ef4Y\/Wcmum3i+DV+RW7iw5bCGwAWAAQABQAKAAkAZABiAAMABgATABIAJQAA"}
00701{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1252380859868,"flow_last_seen":1252380859885,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":20,"flow_max_l4_data_len":122,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00425{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1252380859,"pkt_ts_usec":903858,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABy\/OaVxABTRQblQCABFIAAoZLsAADcGSFXOIT1xwKgKZQG7D3++yAIwc1S12FAQAC7dpgAAAAAAAAAA"}
01560{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1252380859,"pkt_ts_usec":904145,"pkt_caplen":905,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":905,"pkt_l4_len":871,"pkt":"ABy\/OaVxABTRQblQCABFIAN7ZLwAADcGRQHOIT1xwKgKZQG7D3++yAIwc1S12FAYAC7UaQAAFgMBAEoCAABGAwFKpdC6H6OgW9P9+36ZeylFdZAhIjuWsoYXgfHuBoY2PiAghstWnalLtI\/GEpEEY1X3TGy25\/uiN5Y0TJRzRBFccAAEABYDAQL2CQAC8gAC7wAC7DCCAugwggJRoAMCAQICAwu3YDANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCDUZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA5MDYyOTEzNDQ0NloXDTEkMDgyODIyMTgyOFowczELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMRQwCgYDVQQKFAtZYWhvbyEgSW5jLjEOMAwGA1UECxMFWWFpb28xEzARBgNVBAMTCnMueW1tZy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALnpMjPO31hCPv8BaeHQppL8BxWSjK5J1JC194ULNrexmx\/9huNLACC8bEsR4XEORh5PXVgYjadRupRmp4Fk\/wO6LnB9xj1ao2h2hOESKvNr693GGL2wYzpGMV++q7LTHqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00744{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1252380859868,"flow_last_seen":1252380859904,"flow_tot_l4_data_len":1065,"flow_min_l4_data_len":20,"flow_max_l4_data_len":871,"flow_avg_l4_data_len":213,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"53611273a714cb4789c8222932efd5a7","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
01074{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1252380859,"pkt_ts_usec":942787,"pkt_caplen":532,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":532,"pkt_l4_len":498,"pkt":"ABy\/OaVxABTRQblQCABFIAIGZL8AADcGRnPOIT1xwKgKZQG7D3++yAWuc1S4s1AYAD+2RgAAFwMBAdnfDz1\/fsHWlLraecMKERmy3J\/aTnu8qf5UYWNcHyHe\/qLYOhjPv+73wFgm\/NQ9xAw+HPWJk6a+787AdoTyhWmWkYYwGplZQvyne3xd8TlaymfOL3kGwbDQN6p7B+VuJieqYvZhXWBwYuk3GjgcQ15a6NIYL4kMviWwqdKeGwxe+20EWBBJeSUAiPB01mEftaF+JQCyYRjqI49OmGKPNdZFNHvDJ1wbRuZb9fmNhM2UszF5Fds3I99p3c4lAPpv5Mdv\/34G3uEQ6ECuLEqFQm9dWwbzVXfhnuotvuNPS5zvX7D9CMYE6FLx\/JguS20EShZI5qELNPOb2Gxo9Ukg0wP6o9uEI\/QZ5WhPpoVMqYV0MxwsoIWJsuqkW51LGVdDu1cE9hCQR1ZX9mEznDh9\/PSKM5J27PVWnUmpMF0OMXWbFnGUTiUkt14118eqReZtxmXVEPK9C89tTw505sMtq4LMlvTvAMnirHYg9Q6z\/BqhHsZXYg\/NUNdyNPCCqKafx2GQngk\/hS89haID5VtPt7swOqv0643PI4Tn5KYlAIReWeOHSY8L\/LYwEMI8Jvti+nv\/n8QFL\/2VUkKpzE0C0fCD4axHKR8Cm6SjDcr45H+sIA6EWxhDoKgaxg=="}
00418{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1252380859,"pkt_ts_usec":943054,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABTRQblQABy\/OaVxCABFAAAoMRFAAIAG8x7AqAplziE9cQ9\/AbtzVLizvsgHo1AQ9X3gCAAA"}
00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1252380859868,"flow_last_seen":1252380859943,"flow_tot_l4_data_len":1583,"flow_min_l4_data_len":20,"flow_max_l4_data_len":871,"flow_avg_l4_data_len":226,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1421985541772,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1421985541,"pkt_ts_usec":772794,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"AAOf2SAhEFbKCIWJCABFAAAyM2VAAH8GFrhKUKBjQ9lNHAy6AbvQcb+g7Sa+J1AY\/QKZOwAlAAMBAAUBAAABAQ=="}
00501{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1421985541772,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1421985541772,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00136{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test"}
|