1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
00492{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1578254908457,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":457751,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"}
00451{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":469342,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="}
00440{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":469463,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnuXAqAGgl2VCMdYUAbur4+BF2Hadx4AQEAgJrQAAAQEICgG\/txJynbuC"}
01138{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":475203,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGnODAqAGgl2VCMdYUAbur4+BF2Hadx4AYEAjFKwAAAQEICgG\/txdynbuCFgMBAgABAAH8AwNreR1fucqnaT8n7FpnpsjcXpwujsf+X6\/m0ZYauF9Z+gAAhswUzBPMFcAwwCzAKMAkwBTACgCjAJ8AawBqADkAOP+FAMQAwwCIAIcAgcAywC7AKsAmwA\/ABQCdAD0ANQDAAITAL8ArwCfAI8ATwAkAogCeAGcAQAAzADIAvgC9AEUARMAxwC3AKcAlwA7ABACcADwALwC6AEHAEsAIABYAE8ANwAMACgD\/AQABTQAAABoAGAAAFWZlb2RvdHJhY2tlci5hYnVzZS5jaAALAAQDAAECAAoAOgA4AA4ADQAZABwACwAMABsAGAAJAAoAGgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAmACQGAQYCBgPv7wUBBQIFAwQBBAIEA+7u7e0DAQMCAwMCAQICAgMzdAAAABAACwAJCGh0dHAvMS4xABUAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00744{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1578254908457,"flow_last_seen":1578254908475,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00439{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":487025,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0JkBAADYGgqWXZUIxwKgBoAG71hTYdp3Hq+PiSoAQADgXbgAAAQEICnKdu4cBv7cX"}
02276{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":490162,"pkt_caplen":1434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1434,"pkt_l4_len":1400,"pkt":"KDc3AG3IEBMx8Tl2CABFAAWMJkFAADYGfUyXZUIxwKgBoAG71hTYdp3Hq+PiSoAQADhELwAAAQEICnKdu4cBv7cXFgMDAGwCAABoAwNlGU2AqRgtupr99CpElXpAX0W4mJRx0pamW+kBQCXRGiDAUaIPvzZxFDiZxCRHWTbQLdyz05DKtbn9EBVW9WPsz8AvAAAg\/wEAAQAAAAAAAAsABAMAAQIAEAALAAkIaHR0cC8xLjEWAwMUYQsAFF0AFFoAD8Uwgg\/BMIIOqaADAgECAgxmMNWPLPIdEd8O15QwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLTArBgNVBAMTJEdsb2JhbFNpZ24gQ2xvdWRTU0wgQ0EgLSBTSEEyNTYgLSBHMzAeFw0xOTExMTkwMTMxMjJaFw0yMDA4MjkxNzE5MzJaMHcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKDAxGYXN0bHksIEluYy4xJDAiBgNVBAMMG3AyLnNoYXJlZC5nbG9iYWwuZmFzdGx5Lm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKRn796CdKVNRaMO7f7VjfBoTnQrrAIXQyviFPuHVSEpART5JsFX\/FX2lg8AwXVM4jiLWrMNjxMeVkCBdAEsAIVPOLEW9qlmwEc+rbG7tej27SxcKaGyT5vtOiIf43vcHFRWC2SipuJzozDUKG62hG1Q5ILStfGEiuA41wI7qHkzLWhf\/HuUhCAVBHoRupDjsGZeZG1DDJBzwDL+7KpMfIOTSzNdvCWX5\/PNjIze9T+qETtgANuqALC19HeMl+0tmA6N9R9774Rm6Qj5cunUUrWzjDF6EL3rAGA04Ia\/0HZ1c4dfJlMcsBCkf5ue0BP2OEBnpeuvJdomQzLLtjFwo9kCAwEAAaOCDGswggxnMA4GA1UdDwEB\/wQEAwIFoDCBigYIKwYBBQUHAQEEfjB8MEIGCCsGAQUFBzAChjZodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9jbG91ZHNzbHNoYTJnMy5jcnQwNgYIKwYBBQUHMAGGKmh0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9jbG91ZHNzbHNoYTJnMzBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgIwCQYDVR0TBAIwADCCCf0GA1UdEQSCCfQwggnwghtwMi5zaGFyZWQuZ2xvYmFsLmZhc3RseS5uZXSCCyouMTJ3YnQuY29tghUqLjJibGVhY2hlcnJlcG9ydC5jb22CFSouM2JsZWFjaGVycmVwb3J0LmNvbYIVKi40YmxlYWNoZXJyZXBvcnQuY29tghUqLjhibGVhY2hlcnJlcG9ydC5jb22CCiouYWJ1c2UuY2iCGSouYWNkbi1pdC5wcy1wYW50aGVvbi5jb22CEyouY2RuLmxpdmluZ21hcC5jb22CFSouY29udGVudC5wbGFzdGlxLmNvbYIPKi5kaW1lbnNpb25zLmFpghcqLmRvbGxhcnNoYXZlY2x1Yi5jby51a4IVKi5kb2xsYXJzaGF2ZWNsdWIuY29tghEqLmRvbnRwYXlmdWxsLmNvbYIPKi5lYmlzdWJvb2suY29tghQqLmZvcmVpZ25hZmZhaXJzLmNvbYIPKi5mcy5qaWJqYWIuY29tghMqLmZzLnVuaXRwcmludHMuY29tggwq"}
00800{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1578254908457,"flow_last_seen":1578254908490,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1885,"flow_avg_l4_payload_len":314,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
02269{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":490366,"pkt_caplen":1434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1434,"pkt_l4_len":1400,"pkt":"KDc3AG3IEBMx8Tl2CABFAAWMJkJAADYGfUuXZUIxwKgBoAG71hTYdqMfq+PiSoAQADh9xwAAAQEICnKdu4cBv7cXLmdnbGVhcC5jb22CDiouZ29vZGVnZ3MuY29tghIqLmh1ZXZvc2J1ZW5vcy5jb22CFCouaW5keS5teW9tbmlnb24uY29tggwqLmp3YXRjaC5vcmeCGioua2luZ3Nmb3JkY2hhcmNvYWwuY29tLmF1ghAqLmxhbmNlbnRlcnMuY29tgg4qLm1hZGVieXdlLmNvbYIQKi5taW5pcm9kaW5pLmNvbYIOKi5tb2RjbG90aC5uZXSCDioub3Jpb25sYWJzLmlvghEqLnBzLXBhbnRoZW9uLmNvbYIMKi5zY29kbGUuY29tghEqLnN0ZWVsc2VyaWVzLmNvbYIQKi50aGVmb3JlbWFuLm9yZ4IWKi51cGxvYWRzLmV2ZXJzaWduLmNvbYIUKi51cGxvYWRzLnNjaG9veC5jb22CCSoudnRzLmNvbYIWKi54LnN0ZzEuZWJpc3Vib29rLmNvbYIOKi55YW5nMjAyMC5jb22CCTEyd2J0LmNvbYITMmJsZWFjaGVycmVwb3J0LmNvbYITM2JsZWFjaGVycmVwb3J0LmNvbYITNGJsZWFjaGVycmVwb3J0LmNvbYITOGJsZWFjaGVycmVwb3J0LmNvbYIIYWJ1c2UuY2iCCWJyaXRhLmNvbYINY2RuLmZ3dXBkLm9yZ4IRY2RuLmxpdmluZ21hcC5jb22CDmNkbi5zZWF0ZWQuY29tghRjZG4uc2tpbGxhY2FkZW15LmNvbYITY2xpbmljYWxvcHRpb25zLmNvbYIKY2xvcm94LmNvbYImY29udGVudC1wcmVwcm9kLmJlYXZlcmJyb29rc3dlYjIuY28udWuCGmNvbnRlbnQuYmVhdmVyYnJvb2tzLmNvLnVrghNjb250ZW50LnBsYXN0aXEuY29tghFjb29sbWF0aGdhbWVzLmNvbYIeY29wdGVycm95YWxlLmNvb2xtYXRoZ2FtZXMuY29tghhkOC1kZXYuY29vbG1hdGhnYW1lcy5jb22CGWRlZmx5aW8uY29vbG1hdGhnYW1lcy5jb22CGWRlbGl2ZXJ5LWFwaS5ldmFkYWNtcy5jb22CDWRpbWVuc2lvbnMuYWmCFWRvbGxhcnNoYXZlY2x1Yi5jby51a4ITZG9sbGFyc2hhdmVjbHViLmNvbYIPZG9udHBheWZ1bGwuY29tgg5lbHVuaXZlcnNvLmNvbYISZW1haWwuYW1nLWdyb3VwLmNvghdlbWFpbC50ZWtvZm9ybGlmZS5jby51a4INZmVlZG1hcmtldC5mcoINZnJlc2hzdGVwLmNvbYIKZ2dsZWFwLmNvbYIMZ29vZGVnZ3MuY29tggdoZWFwLmlvghBodWV2b3NidWVub3MuY29tghxpZGVudGl0eS5saW51eGZvdW5kYXRpb24ub3Jnggxqb2ViaWRlbi5jb22CCmp3YXRjaC5vcmeCD2tpbmdzZm9yZC5jby5ueoIYa2luZ3Nmb3JkY2hhcmNvYWwuY29tLmF1gg5sYW5jZW50ZXJzLmNvbYIZbGlzdHMubGludXhmb3VuZGF0aW9uLm9yZ4IZbS1zdGFnZS5jb29sbWF0aGdhbWVzLmNvbYITbS5jb29sbWF0aGdhbWVzLmNvbYIMbWFkZWJ5d2UuY29tgg5taW5pcm9kaW5pLmNvbYIMbW9kY2xvdGgubmV0ggxvcmlvbmxhYnMuaW+CFnB1cml0YW5tZWRwcm9kdWN0cy5jb22CC3Jldmlld3Mub3Jngh5yZy12aWRlby1zdGFnaW5nLnJ1YW5nZ3VydS5jb22CFnJnLXZpZGVvLnJ1YW5nZ3VydS5jb22CDXJ1"}
00440{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":490412,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnuXAqAGgl2VCMdYUAbur4+JK2Haod4AQD9X9EgAAAQEICgG\/tyVynbuH"}
02279{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":490433,"pkt_caplen":1434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1434,"pkt_l4_len":1400,"pkt":"KDc3AG3IEBMx8Tl2CABFAAWMJkNAADYGfUqXZUIxwKgBoAG71hTYdqh3q+PiSoAQADi2agAAAQEICnKdu4cBv7cXYW5nZ3VydS5jb22CCnNjb2RsZS5jb22CF3N0YWdlLmNvb2xtYXRoZ2FtZXMuY29tghRzdGFnaW5nLmFwcGJsYWRlLmNvbYIPc3RlZWxzZXJpZXMuY29tghtzdGcucGxhdGZvcm0uZWx1bml2ZXJzby5jb22CDnRlc3QuYnJpdGEuY29tggx0ZXN0LmhlYXAuaW+CEXRlc3Quam9lYmlkZW4uY29tghJ0ZXN0LnJ1YW5nZ3VydS5jb22CDnRoZWZvcmVtYW4ub3JnghV2aWRlby1jZG4ucXVpcHBlci5jb22CF3ZpZGVvcy5jYWxjd29ya3Nob3AuY29tggd2dHMuY29tghJ3d3cuMTAxbmV0d29yay5jb22CEHd3dy5hdXRvczEwMS5jb22CDXd3dy5icml0YS5jb22CDnd3dy5jbG9yb3guY29tghB3d3cuY29sbGlkZXIuY29tghV3d3cuY29vbG1hdGhnYW1lcy5jb22CEnd3dy5lbHVuaXZlcnNvLmNvbYIOd3d3LmZsaW50by5jb22CEXd3dy5mcmVzaHN0ZXAuY29tggt3d3cuaGVhcC5pb4IRd3d3LmhvbGFnZW50ZS5jb22CE3d3dy5pY3N5ZG5leS5jb20uYXWCEHd3dy5qb2ViaWRlbi5jb22CE3d3dy5raW5nc2ZvcmQuY28ubnqCD3d3dy5tcm5hdHR5LmNvbYIbd3d3Lm15amV3ZWxsZXJ5c3RvcnkuY29tLmF1ggx3d3cubXlqcy5jb22CD3d3dy5uZXRhY2VhLmNvbYIUd3d3LnBhcmVudGluZzEwMS5jb22CGnd3dy5wdXJpdGFubWVkcHJvZHVjdHMuY29tgg93d3cucmV2aWV3cy5vcmeCCnd3dy5zYmEuc2GCEXd3dy5zaGFzaGF0Y29tLnNhghp3d3cudWF0Lm9udGFyaW9jb2xsZWdlcy5jYYITd3d3LnZhY2F0aW9uMTAxLmNvbYIXd3d3LndhbHRlcnNwZW9wbGUuY28udWuCHXd3dy53ZXN0d2F5ZWxlY3RyaWNzdXBwbHkuY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBSpK4fhziRHOxu\/z4U3AlWdDZRY5jAdBgNVHQ4EFgQU2CO0eMPJq2CeqVZCIeX1YrVvvTkwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgCHdb\/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr\/XqCDDwAAAW6BSSgiAAAEAwBHMEUCIG6nkvzIZDj5rhbdbal5n1pBtt3rnqxh+6TcEjEtD\/irAiEAoAKCiwufsd4qr\/cWCTskhlcs6m2522hByYB17xG5Yd0AdQCyHgXMi6LNiiBOh2b5K7mKJSBna9r6cOeySVMt74uQXgAAAW6BSSiwAAAEAwBGMEQCIBp3yFYvVThVDRFyxmwn4rNl38YJZzQmmVby6O172\/IQAiBWgmeRoaRi+QWXUFo2BdkM0pNYnLsKD4IXGsbS+aGODTANBgkqhkiG9w0BAQsFAAOCAQEAPVKJBSV6XJU\/A7sY94vAIqukZFKVmxLSr7+0gP1WUidgzTJDIJIE3YtPsNMHJQ8JnqGGOWmt52V\/utr7Khnkpe5FsIFqX6\/DqaNlhbtwQtP62lXW6GDkYEOD\/PmwzBByXfKcpwXu3A2+GCdGYkqnaCFqbEIFqjcIIeBnbZkbw+9m+iSSLwhMso2hCQMOEFJdZDzZi2N1V89HQfEwNxfmEjfjTifXwhtTqk7bMAc3hG6CB4OCLvwktKKz73u4hK0zUO4z"}
00442{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":490465,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnuXAqAGgl2VCMdYUAbur4+JK2Hatz4AQEAD3jwAAAQEICgG\/tyVynbuH"}
02286{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":490567,"pkt_caplen":1434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1434,"pkt_l4_len":1400,"pkt":"KDc3AG3IEBMx8Tl2CABFAAWMJkRAADYGfUmXZUIxwKgBoAG71hTYdq3Pq+PiSoAQADha5wAAAQEICnKdu4cBv7cXbR\/LX8nVOu2fvuHvWFyjyBSf2+8VLzx\/QeXyjMJokT1EA2WFxc4WCWKwGvR+\/BLYJMtHu4C10XjRAu40GwAEjzCCBIswggNzoAMCAQICDkbwjNvPLFRm7zMB3V80MA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTUwODE5MDAwMDAwWhcNMjUwODE5MDAwMDAwWjBXMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEtMCsGA1UEAxMkR2xvYmFsU2lnbiBDbG91ZFNTTCBDQSAtIFNIQTI1NiAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8B14TKY5dmuhHyN6CNfRpVbTKIlcNeQBIWAybX0imVNksulxEKgtnklMe3xhSDNE1E9Z6yXTWibM4Zcs3stqt93oGHR9Tz7mvzT1ZTKyR6AG5CQyKyN9mAXnDG4xWGi4m5XJQhvJJmZz5S\/x4trsB\/KFPoYm2wQfJkr2kpj5bJOwv0+EAtI9HcLL\/CWSzruvTXehY3aEw7OAcRx09N3xQimYDklpydpXIPRb3Z47sVEW0W9KTvixgkPor4r3ONc2lpvjufJB2t+ocBTlYKJ4Hhccqhsvmdrq+cz2Yfy+Fwn9PYqO4fv2sJH2r+s6ydke0xT6zThL5sgTVQSa30ovQIDAQABo4IBUzCCAU8wDgYDVR0PAQH\/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBSpK4fhziRHOxu\/z4U3AlWdDZRY5jAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo\/\/z9SzA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL3Jvb3RyMTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL3Jvb3QuY3JsMFYGA1UdIARPME0wCwYJKwYBBAGgMgEUMD4GBmeBDAECAjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAoh1pigqOxBSDKioSTTknkE7wjazSlmJHNl6S0frFk7U3B2Up0vRTUGvJ9P409d24Hfr83BSsVpQnnEKqBE237VjZmdJJ5iAv06d3uCqJGu+nz4Yt1lPpC5OcTqvZRe6khIX\/NOQOwLulzl+ViYVwqsFd7M8r09mD3wPKgacCMrd3YRAlTtl089l5grUmcLRSvI8z14quGdD8kq0vujygSFhHXv0gVpUgwXIdq2aZpNV4N0gbn7JMN2d6\/ULS01ae0x2OxAxolrZHURD3e+sVCWT1+fBjFi093yNCOpNjzKuvT1cGx\/4UVWLOJxEZ4fRC7SIwazUaSgWApGXfzMtv0BYDAwFNDAABSQMAF0EEawxlsOPuC\/v6LcxjIYDdYK5Ef1pmh3pllnUlqZjGwLrqzaj1eiuLrGdt9kwOYB9ci5Qe9SBpSUxu4l57XQQp5AYBAQBe9Buretkf0+bEQtIAAIujrnbbG4g5USUjrun5rI4edUoHW0hniFtzIhgRMhGPoRKcRb0c10lv"}
03488{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":11,"flow_first_seen":1578254908457,"flow_last_seen":1578254908490,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":5989,"flow_avg_l4_payload_len":544,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","issuerDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B"}}
00725{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":490569,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEGJkVAADYGgc6XZUIxwKgBoAG71hTYdrMnq+PiSoAYADjE1QAAAQEICnKdu4cBv7cXzCLA0sJGrzYrkqYeX95fkjAkc1mPtjny9HtgPu1dnBHxIjyZwb3WbSh7xFHdjlJ9LayiCXU+dx64OQO5nS+WLY+1ZElqQk+i9g\/kMcB6yWny8XU2DsJ6luMRen3nv70cCttR1003kBzJKrSDFZmNLiiRMt8ct0QCIqjrBaLKDe9G6enBlLYoyT7wBnHEp28KoHWQu8rl3NwKln2FI3jNRS+GQYNDQGCzFiamKet1KePK0jikPpVZk2uHAbOSr+Z0aJx3kQ31imBNFgMDAAQOAAAA"}
00442{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":490605,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnuXAqAGgl2VCMdYUAbur4+JK2Haz+YAQD87xlwAAAQEICgG\/tyVynbuH"}
00615{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":501216,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"EBMx8Tl2KDc3AG3ICABFAACyAABAAEAGnmfAqAGgl2VCMdYUAbur4+JK2Haz+YAYEAAKWAAAAQEICgG\/ty9ynbuHFgMDAEYQAABCQQTH5tGUopjSjWc3V5g8OPm4JB2tlghwqc4c7itepwfZrwFWixAP48WmSW\/oHUg0\/tDllM9KvSI4LF83FbIwkaj5FAMDAAEBFgMDACgAAAAAAAAAAGH0xPBqc1LQH3P3k4+rU181NnTrTx84D0HwPLdrBsFz"}
00513{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":512283,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnJkZAADYGgmyXZUIxwKgBoAG71hTYdrP5q+PiyIAYADhRZgAAAQEICnKdu40Bv7cvFAMDAAEBFgMDACj8bciWxFxco8nBV+vz6uJapqJf1ww4lYVxVlyDlR2X\/\/a25cyE9xS0"}
00521{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":48,"flow_first_seen":1578254908457,"flow_last_seen":1578254908551,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":19077,"flow_avg_l4_payload_len":397,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00144{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test"}
|