1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_long_cert.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1553619078033,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":33240,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"BBjWMe9aeDHBvV4kCABFAABAAABAAEAGN8XAqAJ+aG\/XXesOAbssL+yBAAAAALAC\/\/8wZwAAAgQFtAEDAwYBAQgKJK\/ZdwAAAAAEAgAA"}
00441{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":58439,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eDHBvV4kBBjWMe9aCABFAAA8AABAADYGQclob9ddwKgCfgG76w4xmkZeLC\/sgqAScSAcqQAAAgQFtAQCCArQt2rgJK\/ZdwEDAwc="}
00428{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":58524,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"BBjWMe9aeDHBvV4kCABFAAA0AABAAEAGN9HAqAJ+aG\/XXesOAbssL+yCMZpGX4AQCAq0dAAAAQEICiSv2Y7Qt2rg"}
01125{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":58827,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"BBjWMe9aeDHBvV4kCABFAAI5AABAAEAGNczAqAJ+aG\/XXesOAbssL+yCMZpGX4AYCAq5aAAAAQEICiSv2Y7Qt2rgFgMBAgABAAH8AwNIXs7ENgjZTiNTE9f7O6LZiEI6uIc1pNyGFGqcdf\/LQyBdW5a1Bj3nkJn1H8mNAZlpujswEx54IJ8raTCHYls3FgAi+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZGKigAAAAAAFgAUAAARd3d3LnJlcHViYmxpY2EuaXQAFwAA\/wEAAQAACgAKAAhKSgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAEgAAADMAKwApSkoAAQAAHQAgHx3Qgw74Ok9EJ4ixjMksToTJ1f0PfjMmJ83bCaqtyGQALQACAQEAKwALCgoKAwQDAwMCAwEAGwADAgACCgoAAQAAFQDHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00797{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1553619078033,"flow_last_seen":1553619078058,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00428{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":88544,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eDHBvV4kBBjWMe9aCABFAAA0ITlAADYGIJhob9ddwKgCfgG76w4xmkZfLC\/uh4AQAOu5bwAAAQEICtC3av8kr9mO"}
02376{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":91883,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"eDHBvV4kBBjWMe9aCABFAAXcITpAADYGGu9ob9ddwKgCfgG76w4xmkZfLC\/uh4AQAOuDIAAAAQEICtC3awAkr9mOFgMDAE4CAABKAwNVMtps0XtokkjC1gPE4\/KUJ6lo4L6JfLUX\/EQs\/RZj3ADAMAAAIv8BAAEAAAAAAAALAAQDAAECACMAAAAFAAAAEAAFAAMCaDIWAwMPfgsAD3oAD3cACuIwggreMIIJxqADAgECAhAHrG10aT6YsaH2msNNW\/HcMA0GCSqGSIb3DQEBCwUAMF4xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xHTAbBgNVBAMTFEdlb1RydXN0IFJTQSBDQSAyMDE4MB4XDTE5MDMwNzAwMDAwMFoXDTIwMDUwNTEyMDAwMFowZDELMAkGA1UEBhMCSVQxDTALBgNVBAgTBFJvbWExDTALBgNVBAcTBFJvbWExHDAaBgNVBAoTE0dFREkgRGlnaXRhbCBTLnIubC4xGTAXBgNVBAMTEHd3dy5yZXBzdGF0aWMuaXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV+MoTBM9TK0OoJt5QuApA9tPXya0zX1a3Ag59txQIELvplH2CUI0yPk6MwlUfk\/QyB9VJwP5ynDZulBq+PhC6m+ahoGcKrSSR22gBsGAaQ6CStsVpuQYre1BQCuOkzyHA6qdEhCOwn3lpMMaU2v5rAArYgOlI6q9E0FALF73FSHRzTan9MjcennBUYmGDNqjkvspY0oO37dFO6zbNfZHlbVANbvbKGBll10AGMHR\/W\/+WpodtUD8TaFInXBFlfGdOAeUXAN1a90MpS6947KQDst1elD\/R\/MU5ndBWKX2i4xodj56emiB+7Oj67\/EMg7iyXoZGJS2MS8+LWOMXPgezAgMBAAGjggeQMIIHjDAfBgNVHSMEGDAWgBSQWP+wnHWoUVR3se3yo0MWOJ5sxTAdBgNVHQ4EFgQU55+91g3brgkpANCGNzfwge0PHBMwggUBBgNVHREEggT4MIIE9IIQd3d3LnJlcHN0YXRpYy5pdIIMcmVwc3RhdGljLml0ghVhbXAtdmlkZW8ubGFzdGFtcGEuaXSCEXd3dy5yZXB1YmJsaWNhLml0ghNhbXAtdmlkZW8uZGVlamF5Lml0ghlhbXAtdmlkZW8uZC5yZXB1YmJsaWNhLml0ghF3d3cuZ2VsZXN0YXRpYy5pdIIQb2FzanMua2F0YXdlYi5pdIIVdmlkZW8uZC5yZXB1YmJsaWNhLml0ghN3d3cudGVzdC5jYXBpdGFsLml0ghRuYXBvbGkucmVwdWJibGljYS5pdIIUdmlkZW8uaWxzZWNvbG94aXguaXSCFGdlbm92YS5yZXB1YmJsaWNhLml0ghFjZG4uZ2VsZXN0YXRpYy5pdIIQdmlkZW8uZ2Vsb2NhbC5pdIIPbWVkaWEuZGVlamF5Lml0ggxtZWRpYS5tMm8uaXSCIGFtcC12aWRlby5lc3ByZXNzby5yZXB1YmJsaWNhLml0ghNkb3dubG9hZC5nZWxvY2FsLml0ghBhbXAtdmlkZW8ubTJvLml0ghVib2xvZ25hLnJlcHViYmxpY2EuaXSCFHRvcmluby5yZXB1YmJsaWNhLml0ghJzY3JpcHRzLmthdGF3ZWIuaXSCFXBhbGVybW8ucmVwdWJibGljYS5pdIIScm9tYS5yZXB1YmJsaWNhLml0ghZ2aWRlby54bC5yZXB1YmJsaWNhLml0ghRhbXAtdmlkZW8uZ2Vsb2NhbC5pdIIcdmlkZW8uZXNwcmVzc28ucmVwdWJibGljYS5pdIIOd3d3LmNhcGl0YWwuaXSCFXZpZGVvLmxpbWVzb25saW5lLmNvbYIQbWVkaWEuY2FwaXRhbC5pdIIrc3luZGljYXRpb24tdm9kLXByby5ha2FtYWkubWVkaWEua2F0YXc="}
00853{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1553619078033,"flow_last_seen":1553619078091,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02378{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":92957,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"eDHBvV4kBBjWMe9aCABFAAXcITtAADYGGu5ob9ddwKgCfgG76w4xmkwHLC\/uh4AQAOt2FwAAAQEICtC3awAkr9mOZWIuaXSCD3Rlc3QuY2FwaXRhbC5pdIIPdmlkZW8uZGVlamF5Lml0ghN2aWRlby5yZXB1YmJsaWNhLml0ghRtaWxhbm8ucmVwdWJibGljYS5pdIIYdmlkZW8ubGFudW92YXNhcmRlZ25hLml0ggx2aWRlby5tMm8uaXSCE3Bhcm1hLnJlcHViYmxpY2EuaXSCDHZpZGVvLjNuei5pdIIrc3luZGljYXRpb24tdm9kLWhkcy5ha2FtYWkubWVkaWEua2F0YXdlYi5pdIIXYW1wLXZpZGVvLnJlcHViYmxpY2EuaXSCEXZpZGVvLmxhc3RhbXBhLml0ghp3ZWJmcmFnbWVudHMucmVwdWJibGljYS5pdIIaYW1wLXZpZGVvLnhsLnJlcHViYmxpY2EuaXSCGWFtcC12aWRlby5saW1lc29ubGluZS5jb22CEG1lZGlhLmthdGF3ZWIuaXSCEmJhcmkucmVwdWJibGljYS5pdIIrc3luZGljYXRpb24tdm9kLWhscy5ha2FtYWkubWVkaWEua2F0YXdlYi5pdIIQYW1wLXZpZGVvLjNuei5pdIIuc3luZGljYXRpb24zcmQtdm9kLXByby5ha2FtYWkubWVkaWEua2F0YXdlYi5pdIIVZmlyZW56ZS5yZXB1YmJsaWNhLml0ghhhbXAtdmlkZW8uaWxzZWNvbG94aXguaXSCHGFtcC12aWRlby5sYW51b3Zhc2FyZGVnbmEuaXSCEmNkbi5mbHYua2F0YXdlYi5pdDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly9jZHAuZ2VvdHJ1c3QuY29tL0dlb1RydXN0UlNBQ0EyMDE4LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB1BggrBgEFBQcBAQRpMGcwJgYIKwYBBQUHMAGGGmh0dHA6Ly9zdGF0dXMuZ2VvdHJ1c3QuY29tMD0GCCsGAQUFBzAChjFodHRwOi8vY2FjZXJ0cy5nZW90cnVzdC5jb20vR2VvVHJ1c3RSU0FDQTIwMTguY3J0MAkGA1UdEwQCMAAwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWlYkSnQAAAEAwBHMEUCIEDvaleIrTBvK6FB\/OkCqlyXj09JkUG\/tby2JJZ\/t2VOAiEAqSEut\/LfPM4oFW7QXn9fPaZecEo0viGqwKjcSP9jXhYAdgCHdb\/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr\/XqCDDwAAAWlYkSsZAAAEAwBHMEUCIQC9+CIErtWpgJN+vZlgoV5iFQL45uxlhFYyw13NhM\/bTgIgER+dLYRsxVMNJXOk\/kmtHPID7P7h3ACnRH7kZ2OdOokwDQYJKoZIhvcNAQELBQADggEBACqaRawdxV9ZrfFCAyF9BSNjN9CTvrFe5o3HW1vIQ2WjItuB5mhb63OYja7a2FV5hBb4fCna6ppH8ld8iq1rVStXDO3OzLLmoK2FQ60tl3bG3vZWHDDav1yVb\/BrtJ4Rs\/P7DvkvOAg0uIFVGMUTi9dt6lVL0jdweZD33r3IsXeAyS19SovLEXcc2cwPU3fAzIhgZWoxHNTs4OqzLd8h7to7Rmz\/K5oKlZNlh95nTbuQNDhxEUcwP73aki5NZmKALZxFoVfqCjRGopkHvIomBt82WUpk87VAbBQuUbo3uaJO3Ag721FlAwGHyvWKD5A8Xl0C6zmMA288lm8EDMK+CmwABI8wggSLMIIDc6A="}
00429{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":93048,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"BBjWMe9aeDHBvV4kCABFAAA0AABAAEAGN9HAqAJ+aG\/XXesOAbssL+6HMZpRr4AQB+mm\/gAAAQEICiSv2bDQt2sA"}
02057{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":93749,"pkt_caplen":1266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1266,"pkt_l4_len":1232,"pkt":"eDHBvV4kBBjWMe9aCABFAATkITxAADYGG+Vob9ddwKgCfgG76w4xmlGvLC\/uh4AYAOuRsAAAAQEICtC3awAkr9mOAwIBAgIQBUb+GCP34ZQdo5\/OFMRhczANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xNzExMDYxMjIzNDVaFw0yNzExMDYxMjIzNDVaMF4xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xHTAbBgNVBAMTFEdlb1RydXN0IFJTQSBDQSAyMDE4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4rRY03hGOqHXegWPI9\/tr6HFzekDPgxP59FVEAh150Hm8oDI0q9m+2FAmM\/n4W57Cjv8oYi2\/hNVEHFtEJ\/zzMXAQ6CkFLTxzSkwaEB2jKgQK0fWeQz\/KDDlqxobNPomXOMJhB3y7c\/OTLo0lko7geG4gk7hfiqafapa59YrXLIW4dmrgjgdPstU0Nigz2PhUwRl9we\/FAwuIMIMl5cXMThdSBK66XWdS3cLX184ND+fHWhTkAChJrZDVouoKzzNYoq6tZaWmyOLKv23v14RyZ5eqoi6qnmcRID0\/i6U9J5nL1krPYbY7tNjzgC+PBXXcWqJVoMXcUw\/iBTGWzpwwIDAQABo4IBQDCCATwwHQYDVR0OBBYEFJBY\/7CcdahRVHex7fKjQxY4nmzFMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA4GA1UdDwEB\/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH\/BAgwBgEB\/wIBADA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEBCwUAA4IBAQAw8YdVPYQI\/C5earp80s3VLOO+AtpdiXft9OlWwJLwKlUtRfccKj8QW\/Pp4b7h6QAlufejwQMb455OjpIbCZVS+awY\/R8pAYsXCnM09GcSVe4ivMswyoCZP\/vPEn\/LPRhHhdgUPk8MlD979RGoUWz7qGAwqJChi28uRds3thx+vRZZIbEyZ62No0tJPzsSGSz8nQ\/\/jP8BIwrzBAUH5WcBAbmvgWfrKcuv+PyGPqRcc4T55TlzrBnzAzZ3oClo9fTvO9PuiHMKrC6V6mgi0s2sa\/gbXlPCD9Z24XUMxJElwIVTDuKB0Q4YMMlnpN\/QChJ4B0AFsQ+DU0NCO+f78Xf7FgMDAd8WAAHbAQAB1zCCAdMKAQCgggHMMIIByAYJKwYBBQUHMAEBBIIB"}
02318{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":9,"flow_first_seen":1553619078033,"flow_last_seen":1553619078093,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4613,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","server_names":"www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","issuerDN":"C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1"}}
00430{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":93790,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"BBjWMe9aeDHBvV4kCABFAAA0AABAAEAGN9HAqAJ+aG\/XXesOAbssL+6HMZpWX4AQB+2iSgAAAQEICiSv2bDQt2sA"}
01497{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":95599,"pkt_caplen":855,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":855,"pkt_l4_len":821,"pkt":"eDHBvV4kBBjWMe9aCABFAANJIT1AADYGHX9ob9ddwKgCfgG76w4xmlZfLC\/uh4AYAOu8PwAAAQEICtC3awUkr9mOuTCCAbUwgZ6iFgQUkFj\/sJx1qFFUd7Ht8qNDFjiebMUYDzIwMTkwMzI1MTYyMDU4WjBzMHEwSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW+2sabjf17QQUkFj\/sJx1qFFUd7Ht8qNDFjiebMUCEAesbXRpPpixofaaw01b8dyAABgPMjAxOTAzMjUxNjIwNThaoBEYDzIwMTkwNDAxMTUzNTU4WjANBgkqhkiG9w0BAQsFAAOCAQEAavnXjy432rmpzc6dwVO6eKJOSNsqguQZpGcyF4sV\/HIVmlWjRLlk1UJGnicGN2gzBOLk7VHdBHmOIK6k3aSmwaIj9G7Rwrs4h0+NIUBuvGMhZ6v8fDXi9NQ4+Zqd8+pvQNfFG7QfgkJETLaQB0bMPhCGlX7cZQnOah6+EcZGpWKZdNWMU\/\/E+Z6jYNI3VsmF5i80jEZI\/nkmhyTOqZEYtl0+xuwDg2GQS6OM6jXyrMcbhWw0cXG9F26qsCjajcLPiYO1z2e19GcNvD+y7LMATl0PKRIbR5l6TApQ9yJ1iQI06E\/Es\/BZgbsIHNNqVql+10lJ7BNzYcuuKVWud4vOyBYDAwFNDAABSQMAF0EEVracG9qNXtYKOXpaPv6J3gztVK0h8GoSY61HTcpTySyg7c8GmQuNX8SPxY1832t0AO6sywYL8zVeu1N68qVIvwgEAQBA\/QKQh5wvjlJxr2oZyvJRI5BJWrkE1DR3Llm96FOhqhGkBYFtrVcVmLWgJ3uyhss65kYP+gkV\/Aj0pwa7VoTYL3WkKCQXZh5ofXN5yYn8uV7alzaejpV\/vM+NLTHqZznT9x1QXgdz82FQYTX93Hfn7qlDOCIMQIpFPiafvBNNrWDat5ZO2Fh051I5Aou4213PhHh1ufxgQ1DEvxRKyVcvWGLfYD3JzBEu5qVe9V7kLs2fbSsrLJg7g5wdAwjW0GNvKaTAW5pehcTaLK5xuKyloOW3bStd3y6qa6TkhTrJNS0E3KzkNuTrd+rvs9gAwbV\/o7bOJ9+0NiqTgWSnpbP6FgMDAAQOAAAA"}
00431{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":95640,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"BBjWMe9aeDHBvV4kCABFAAA0AABAAEAGN9HAqAJ+aG\/XXesOAbssL+6HMZpZdIAQB\/OfKAAAAQEICiSv2bLQt2sF"}
00605{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":96422,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"BBjWMe9aeDHBvV4kCABFAACyAABAAEAGN1PAqAJ+aG\/XXesOAbssL+6HMZpZdIAYCAB8QwAAAQEICiSv2bLQt2sFFgMDAEYQAABCQQRP4nTO7t1gsI+sncz3jLxPpGhLzyoJgYH\/Heat+NBgLeKqEhe7mj2inNwoJCD5LV\/qCPQv+KYPvBQWRUBtB06EFAMDAAEBFgMDACgAAAAAAAAAAA4cTqcj7y\/hvDbKtXE0ElrDaudKH2f2AXwmK1WfLrv\/"}
00563{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":104774,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"BBjWMe9aeDHBvV4kCABFAACRAABAAEAGN3TAqAJ+aG\/XXesOAbssL+8FMZpZdIAYCABWXQAAAQEICiSv2bvQt2sFFwMDAFgAAAAAAAAAAb\/x0RnZJwH8uWLyU9jchZrDqEEG9N2hXfwbnHQL0G\/XqSw4vJO5tvQIFj88Tjie\/WjLQdGBWvdE9B6uhvyryoJCQ\/EEkL8iR\/LrKxkDArPO"}
01566{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":105197,"pkt_caplen":902,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":902,"pkt_l4_len":868,"pkt":"BBjWMe9aeDHBvV4kCABFAAN4AABAAEAGNI3AqAJ+aG\/XXesOAbssL+9iMZpZdIAYCACgXgAAAQEICiSv2bvQt2sFFwMDAz8AAAAAAAAAAuMmufqqvCfCAgI+Y8ziAqtHnha8l08vk42HEKw5f8DNApnAf8eKGbrx81Mau3Kmxm7mc51VsRf3eP8BKCREjqar62CkMs3353fhMkczdZrTQh04YZgdkMJnSYFA4IiBLU1ncL\/o7W5EdFOmDG80nxc+JX5TM5N8c\/68A8pL7d4\/SXNUhHxe6BYbqz1ca6V0ykfLrkBJfeIMsQX1HGuKEEVBqn4ldYw\/k4Hc7PjMH4SPmr5Eor\/tMJjXaJhp9Bo+WuiHzj+8r+qVGVESvVM5uAiGhFbV\/jTRSXhGemYw82ONxC+6sF137EptS2HXtf2+Q89WVpGM\/UqKRf0xutuxtqQgaj50Bo136z61I3zDp5DgRhPhbx7UmTMY6G3yG4D2C\/6ylHqdx8IwZxbf3txr1TnyZ6t6NEUGLPyRtff+UZinltNjRbDh0OeMHX6qgYfdh+mmJSxUItZc7CDFNjqeoSIK5duKt9Oh\/nL1tHm+ZqKSxfLuhJ3ohEAsQAES3V\/pC3OtgKA5W60oylVTTb5\/i4dxCH820+amYUnuY5nY93oDQifKZRf83pgimFeleqpIkko1q3+6G4oF64xQ2oU7TX41+jdTIt\/wMtO4bo85mmZKePkoS5Dq5W8LtVNMBzUhbMZHJjxK5vanJNtBQOT6Vgc1ts7Z3VUqKIHrbCkw+riLw5taZE7qi+G8+Kh54juPU9m63V5iVXtN6S60y+EkKeVI+nAxw+2qVfFHV7RAnrM8KkXjFxvnUdSPSEFVr\/YGrOy1R8ltnqncOwARaMuX+zBwS\/XV5N8iC8p4uJsKUWh0i9VWtZtQkThVs3QiX362SVnNNPocF0+IQy+zl+fhkUuQ4X5wfhipaWHAKjxCavdUYRgE7LBRhFBQ6y6aBJ+y61PNJdt4N7yU7gydERP1C0+C\/xTDZztQVRZNmNyfILw2mQVuoP8ICAbsjc7MhFI6qu+kcMxy2+L32f+JInMGFsDu\/mOves3MgjcTzzjivlqZ1EBBgY2vFvckrPKwnJNGye6e1H8jhmGRGsrq6Dc5YlcV0qstUWKAnYlX5noGh9TZ0AY7xXAldx5TQ40IiedW1b41+pyOgjQ="}
00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":182,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":182,"flow_first_seen":1553619078033,"flow_last_seen":1553619149372,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":105569,"flow_avg_l4_payload_len":580,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00134{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":182,"source":"tls_long_cert.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 182/182
~~ skipped flows.............: 0
~~ total layer4 data length..: 111413 bytes
~~ total detected protocols..: 1
~~ total active/idle flows...: 1/1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 4866199 bytes
~~ total memory freed........: 4866199 bytes
~~ total allocations/frees...: 58602/58602
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|