⚲
Project
General
Profile
Sign in
Register
Home
Projects
Help
Search
:
Suricata
All Projects
Suricata
Overview
Activity
Roadmap
Issues
Wiki
Files
Download (289 KB)
Bug #5451
» eve.json
eve.json from input.pcap -
Kyle Griffin
, 07/22/2022 03:41 PM
{
"timestamp"
:
"2022-06-15T18:00:13.126374-0400"
,
"flow_id"
:
1499275748783774
,
"pcap_cnt"
:
2731
,
"event_type"
:
"tls"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tls"
:{
"subject"
:
"CN=*.ghostery.net"
,
"issuerdn"
:
"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon"
,
"serial"
:
"03:9F:1E:C7:EC:8A:57:A7:3A:EA:95:2C:1E:DE:BD:29"
,
"fingerprint"
:
"42:71:54:46:11:24:d1:dc:c1:80:cc:fc:2c:06:f9:3c:64:62:ef:ef"
,
"sni"
:
"collector-hpn.ghostery.net"
,
"version"
:
"TLS 1.2"
,
"notbefore"
:
"2022-05-27T00:00:00"
,
"notafter"
:
"2023-06-25T23:59:59"
}}
{
"timestamp"
:
"2022-06-15T18:03:06.132112-0400"
,
"flow_id"
:
1653746406398798
,
"pcap_cnt"
:
7325
,
"event_type"
:
"tls"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tls"
:{
"sni"
:
"az764295.vo.msecnd.net"
,
"version"
:
"TLS 1.3"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1653746406398798
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"app_proto"
:
"tls"
,
"flow"
:{
"pkts_toserver"
:
16
,
"pkts_toclient"
:
19
,
"bytes_toserver"
:
2659
,
"bytes_toclient"
:
9594
,
"start"
:
"2022-06-15T18:03:06.072526-0400"
,
"end"
:
"2022-06-15T18:04:39.405169-0400"
,
"age"
:
93
,
"state"
:
"established"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"1a"
,
"tcp_flags_ts"
:
"1a"
,
"tcp_flags_tc"
:
"1a"
,
"syn"
:
true
,
"psh"
:
true
,
"ack"
:
true
,
"state"
:
"established"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2117697350145716
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
39344
,
"dest_ip"
:
"142.251.32.110"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399028-0400"
,
"end"
:
"2022-06-15T18:04:10.733394-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
442045926121584
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47910
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.630896-0400"
,
"end"
:
"2022-06-15T18:00:06.747222-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
20806268819808
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
43586
,
"dest_ip"
:
"34.117.237.239"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989536-0400"
,
"end"
:
"2022-06-15T17:59:32.036275-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
306771636167172
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47920
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
375
,
"pkts_toclient"
:
857
,
"bytes_toserver"
:
28074
,
"bytes_toclient"
:
1112359
,
"start"
:
"2022-06-15T18:00:06.631300-0400"
,
"end"
:
"2022-06-15T18:04:43.501208-0400"
,
"age"
:
277
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
321823346727195
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59630
,
"dest_ip"
:
"54.197.152.243"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
293
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989467-0400"
,
"end"
:
"2022-06-15T17:59:32.036182-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
894791313694972
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47912
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631036-0400"
,
"end"
:
"2022-06-15T18:00:06.747316-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1194816254147505
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47924
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
880
,
"pkts_toclient"
:
3173
,
"bytes_toserver"
:
56902
,
"bytes_toclient"
:
4376329
,
"start"
:
"2022-06-15T18:00:06.818097-0400"
,
"end"
:
"2022-06-15T18:04:51.693158-0400"
,
"age"
:
285
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2182772548867306
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
46228
,
"dest_ip"
:
"140.82.112.4"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
545
,
"pkts_toclient"
:
771
,
"bytes_toserver"
:
52113
,
"bytes_toclient"
:
848588
,
"start"
:
"2022-06-15T18:00:06.496874-0400"
,
"end"
:
"2022-06-15T18:04:20.972951-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
919090091172162
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47914
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631106-0400"
,
"end"
:
"2022-06-15T18:00:06.747382-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
644246542227131
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59284
,
"dest_ip"
:
"142.250.65.234"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399035-0400"
,
"end"
:
"2022-06-15T18:04:10.733378-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
223608182085808
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44338
,
"dest_ip"
:
"34.120.5.221"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989360-0400"
,
"end"
:
"2022-06-15T17:59:32.036138-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1499275748783774
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"app_proto"
:
"tls"
,
"flow"
:{
"pkts_toserver"
:
71
,
"pkts_toclient"
:
82
,
"bytes_toserver"
:
23594
,
"bytes_toclient"
:
12060
,
"start"
:
"2022-06-15T18:00:13.079518-0400"
,
"end"
:
"2022-06-15T18:03:21.483997-0400"
,
"age"
:
188
,
"state"
:
"closed"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"1b"
,
"tcp_flags_ts"
:
"1b"
,
"tcp_flags_tc"
:
"1b"
,
"syn"
:
true
,
"fin"
:
true
,
"psh"
:
true
,
"ack"
:
true
,
"state"
:
"closed"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1789134507641469
,
"event_type"
:
"flow"
,
"src_ip"
:
"34.208.34.131"
,
"src_port"
:
443
,
"dest_ip"
:
"192.168.78.128"
,
"dest_port"
:
47912
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
1
,
"bytes_toserver"
:
145
,
"bytes_toclient"
:
89
,
"start"
:
"2022-06-15T18:01:44.625277-0400"
,
"end"
:
"2022-06-15T18:01:44.625867-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1513809917682112
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47918
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631232-0400"
,
"end"
:
"2022-06-15T18:00:06.745895-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
680253402292614
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47916
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631174-0400"
,
"end"
:
"2022-06-15T18:00:06.793338-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
822433998211441
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
48618
,
"dest_ip"
:
"172.217.4.67"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
324
,
"bytes_toclient"
:
487
,
"start"
:
"2022-06-15T17:59:44.493937-0400"
,
"end"
:
"2022-06-15T18:02:12.935577-0400"
,
"age"
:
148
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
134324402616570
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44962
,
"dest_ip"
:
"104.16.249.249"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
12
,
"pkts_toclient"
:
12
,
"bytes_toserver"
:
882
,
"bytes_toclient"
:
918
,
"start"
:
"2022-06-15T17:59:41.948474-0400"
,
"end"
:
"2022-06-15T18:04:36.996684-0400"
,
"age"
:
295
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1121496867460567
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
52980
,
"dest_ip"
:
"185.199.109.133"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
266
,
"pkts_toclient"
:
518
,
"bytes_toserver"
:
20524
,
"bytes_toclient"
:
628102
,
"start"
:
"2022-06-15T18:00:06.644567-0400"
,
"end"
:
"2022-06-15T18:04:20.973001-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1827185761655252
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47308
,
"dest_ip"
:
"34.120.237.76"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989652-0400"
,
"end"
:
"2022-06-15T17:59:32.035675-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-07-21T14:41:28.364757-0400"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
0
,
"decoder"
:{
"pkts"
:
7758
,
"bytes"
:
7206274
,
"invalid"
:
0
,
"ipv4"
:
7758
,
"ipv6"
:
0
,
"ethernet"
:
7758
,
"chdlc"
:
0
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
7758
,
"udp"
:
0
,
"sctp"
:
0
,
"esp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"geneve"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"vxlan"
:
0
,
"vntag"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
0
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
928
,
"max_pkt_size"
:
1514
,
"max_mac_addrs_src"
:
0
,
"max_mac_addrs_dst"
:
0
,
"erspan"
:
0
,
"nsh"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_invalid_length"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"vntag"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"esp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"vxlan"
:{
"unknown_payload_type"
:
0
},
"geneve"
:{
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
},
"dce"
:{
"pkt_too_small"
:
0
},
"chdlc"
:{
"pkt_too_small"
:
0
},
"nsh"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"bad_header_length"
:
0
,
"reserved_type"
:
0
,
"unsupported_type"
:
0
,
"unknown_payload"
:
0
}},
"too_many_layers"
:
0
},
"flow"
:{
"memcap"
:
0
,
"total"
:
20
,
"active"
:
0
,
"tcp"
:
20
,
"udp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"tcp_reuse"
:
0
,
"get_used"
:
0
,
"get_used_eval"
:
0
,
"get_used_eval_reject"
:
0
,
"get_used_eval_busy"
:
0
,
"get_used_failed"
:
0
,
"wrk"
:{
"spare_sync_avg"
:
100
,
"spare_sync"
:
2
,
"spare_sync_incomplete"
:
0
,
"spare_sync_empty"
:
0
,
"flows_evicted_needs_work"
:
1
,
"flows_evicted_pkt_inject"
:
2
,
"flows_evicted"
:
0
,
"flows_injected"
:
1
},
"end"
:{
"state"
:{
"new"
:
18
,
"established"
:
1
,
"closed"
:
1
,
"local_bypassed"
:
0
},
"tcp_state"
:{
"none"
:
0
,
"syn_sent"
:
0
,
"syn_recv"
:
0
,
"established"
:
1
,
"fin_wait1"
:
0
,
"fin_wait2"
:
0
,
"time_wait"
:
0
,
"last_ack"
:
0
,
"close_wait"
:
0
,
"closing"
:
0
,
"closed"
:
1
},
"tcp_liberal"
:
0
},
"mgr"
:{
"full_hash_pass"
:
0
,
"rows_per_sec"
:
287
,
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"rows_maxlen"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_evicted"
:
0
,
"flows_evicted_needs_work"
:
0
},
"spare"
:
9800
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"recycler"
:{
"recycled"
:
19
,
"queue_avg"
:
0
,
"queue_max"
:
19
},
"memuse"
:
7394304
},
"tcp"
:{
"active_sessions"
:
0
,
"sessions"
:
2
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
343
,
"no_flow"
:
0
,
"syn"
:
2
,
"synack"
:
11
,
"rst"
:
5
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"memuse"
:
1212416
,
"reassembly_memuse"
:
229376
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"flow_bypassed"
:{
"local_pkts"
:
0
,
"local_bytes"
:
0
,
"local_capture_pkts"
:
0
,
"local_capture_bytes"
:
0
,
"closed"
:
0
,
"pkts"
:
0
,
"bytes"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
2
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
,
"failed_udp"
:
0
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
},
"error"
:{
"http"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smtp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tls"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ssh"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"imap"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dcerpc_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ntp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp-data"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ike"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"quic"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dhcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"snmp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"sip"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rfb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"mqtt"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"telnet"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rdp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"http2"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"failed_tcp"
:{
"gap"
:
0
},
"dcerpc_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
}},
"expectations"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"file_store"
:{
"open_files"
:
0
}}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1835266756713294
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
16
,
"pkts_toclient"
:
19
,
"bytes_toserver"
:
2659
,
"bytes_toclient"
:
9594
,
"start"
:
"2022-06-15T18:03:06.072526-0400"
,
"end"
:
"2022-06-15T18:04:39.405169-0400"
,
"age"
:
93
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1977597664433844
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
39344
,
"dest_ip"
:
"142.251.32.110"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399028-0400"
,
"end"
:
"2022-06-15T18:04:10.733394-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1696618758616734
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
71
,
"pkts_toclient"
:
82
,
"bytes_toserver"
:
23594
,
"bytes_toclient"
:
12060
,
"start"
:
"2022-06-15T18:00:13.079518-0400"
,
"end"
:
"2022-06-15T18:03:21.483997-0400"
,
"age"
:
188
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1990351577975421
,
"event_type"
:
"flow"
,
"src_ip"
:
"34.208.34.131"
,
"src_port"
:
443
,
"dest_ip"
:
"192.168.78.128"
,
"dest_port"
:
47912
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
1
,
"bytes_toserver"
:
145
,
"bytes_toclient"
:
89
,
"start"
:
"2022-06-15T18:01:44.625277-0400"
,
"end"
:
"2022-06-15T18:01:44.625867-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
164176572127408
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44338
,
"dest_ip"
:
"34.120.5.221"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989360-0400"
,
"end"
:
"2022-06-15T17:59:32.036138-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
305893315354876
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47912
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631036-0400"
,
"end"
:
"2022-06-15T18:00:06.747316-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
590207265438641
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47924
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
880
,
"pkts_toclient"
:
3173
,
"bytes_toserver"
:
56902
,
"bytes_toclient"
:
4376329
,
"start"
:
"2022-06-15T18:00:06.818097-0400"
,
"end"
:
"2022-06-15T18:04:51.693158-0400"
,
"age"
:
285
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1864341526061446
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47916
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631174-0400"
,
"end"
:
"2022-06-15T18:00:06.793338-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
461446291658427
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59284
,
"dest_ip"
:
"142.250.65.234"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399035-0400"
,
"end"
:
"2022-06-15T18:04:10.733378-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
884878529175874
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47914
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631106-0400"
,
"end"
:
"2022-06-15T18:00:06.747382-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
75513417094615
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
52980
,
"dest_ip"
:
"185.199.109.133"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
266
,
"pkts_toclient"
:
518
,
"bytes_toserver"
:
20524
,
"bytes_toclient"
:
628102
,
"start"
:
"2022-06-15T18:00:06.644567-0400"
,
"end"
:
"2022-06-15T18:04:20.973001-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1486974959687963
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59630
,
"dest_ip"
:
"54.197.152.243"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
293
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989467-0400"
,
"end"
:
"2022-06-15T17:59:32.036182-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1487647122749690
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44962
,
"dest_ip"
:
"104.16.249.249"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
12
,
"pkts_toclient"
:
12
,
"bytes_toserver"
:
882
,
"bytes_toclient"
:
918
,
"start"
:
"2022-06-15T17:59:41.948474-0400"
,
"end"
:
"2022-06-15T18:04:36.996684-0400"
,
"age"
:
295
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1773004751544432
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47910
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.630896-0400"
,
"end"
:
"2022-06-15T18:00:06.747222-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2076225146227057
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
48618
,
"dest_ip"
:
"172.217.4.67"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
324
,
"bytes_toclient"
:
487
,
"start"
:
"2022-06-15T17:59:44.493937-0400"
,
"end"
:
"2022-06-15T18:02:12.935577-0400"
,
"age"
:
148
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1110606977864938
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
46228
,
"dest_ip"
:
"140.82.112.4"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
545
,
"pkts_toclient"
:
771
,
"bytes_toserver"
:
52113
,
"bytes_toclient"
:
848588
,
"start"
:
"2022-06-15T18:00:06.496874-0400"
,
"end"
:
"2022-06-15T18:04:20.972951-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1534900354589120
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47918
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631232-0400"
,
"end"
:
"2022-06-15T18:00:06.745895-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
132151150813700
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47920
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
375
,
"pkts_toclient"
:
857
,
"bytes_toserver"
:
28074
,
"bytes_toclient"
:
1112359
,
"start"
:
"2022-06-15T18:00:06.631300-0400"
,
"end"
:
"2022-06-15T18:04:43.501208-0400"
,
"age"
:
277
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2244920723315156
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47308
,
"dest_ip"
:
"34.120.237.76"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989652-0400"
,
"end"
:
"2022-06-15T17:59:32.035675-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2246896408271200
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
43586
,
"dest_ip"
:
"34.117.237.239"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989536-0400"
,
"end"
:
"2022-06-15T17:59:32.036275-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-07-21T14:41:29.278662-0400"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
0
,
"decoder"
:{
"pkts"
:
7758
,
"bytes"
:
7206274
,
"invalid"
:
0
,
"ipv4"
:
7758
,
"ipv6"
:
0
,
"ethernet"
:
7758
,
"chdlc"
:
0
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
7758
,
"udp"
:
0
,
"sctp"
:
0
,
"esp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"geneve"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"vxlan"
:
0
,
"vntag"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
0
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
928
,
"max_pkt_size"
:
1514
,
"max_mac_addrs_src"
:
0
,
"max_mac_addrs_dst"
:
0
,
"erspan"
:
0
,
"nsh"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_invalid_length"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"vntag"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"esp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"vxlan"
:{
"unknown_payload_type"
:
0
},
"geneve"
:{
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
},
"dce"
:{
"pkt_too_small"
:
0
},
"chdlc"
:{
"pkt_too_small"
:
0
},
"nsh"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"bad_header_length"
:
0
,
"reserved_type"
:
0
,
"unsupported_type"
:
0
,
"unknown_payload"
:
0
}},
"too_many_layers"
:
0
},
"flow"
:{
"memcap"
:
0
,
"total"
:
20
,
"active"
:
0
,
"tcp"
:
20
,
"udp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"tcp_reuse"
:
0
,
"get_used"
:
0
,
"get_used_eval"
:
0
,
"get_used_eval_reject"
:
0
,
"get_used_eval_busy"
:
0
,
"get_used_failed"
:
0
,
"wrk"
:{
"spare_sync_avg"
:
100
,
"spare_sync"
:
2
,
"spare_sync_incomplete"
:
0
,
"spare_sync_empty"
:
0
,
"flows_evicted_needs_work"
:
0
,
"flows_evicted_pkt_inject"
:
0
,
"flows_evicted"
:
0
,
"flows_injected"
:
0
},
"end"
:{
"state"
:{
"new"
:
20
,
"established"
:
0
,
"closed"
:
0
,
"local_bypassed"
:
0
},
"tcp_state"
:{
"none"
:
0
,
"syn_sent"
:
0
,
"syn_recv"
:
0
,
"established"
:
0
,
"fin_wait1"
:
0
,
"fin_wait2"
:
0
,
"time_wait"
:
0
,
"last_ack"
:
0
,
"close_wait"
:
0
,
"closing"
:
0
,
"closed"
:
0
},
"tcp_liberal"
:
0
},
"mgr"
:{
"full_hash_pass"
:
0
,
"rows_per_sec"
:
287
,
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"rows_maxlen"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_evicted"
:
0
,
"flows_evicted_needs_work"
:
0
},
"spare"
:
9800
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"recycler"
:{
"recycled"
:
20
,
"queue_avg"
:
0
,
"queue_max"
:
20
},
"memuse"
:
7394304
},
"tcp"
:{
"active_sessions"
:
0
,
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
2232
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
11
,
"rst"
:
5
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"memuse"
:
1212416
,
"reassembly_memuse"
:
229376
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"flow_bypassed"
:{
"local_pkts"
:
0
,
"local_bytes"
:
0
,
"local_capture_pkts"
:
0
,
"local_capture_bytes"
:
0
,
"closed"
:
0
,
"pkts"
:
0
,
"bytes"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
,
"failed_udp"
:
0
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
},
"error"
:{
"http"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smtp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tls"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ssh"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"imap"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dcerpc_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ntp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp-data"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ike"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"quic"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dhcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"snmp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"sip"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rfb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"mqtt"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"telnet"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rdp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"http2"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"failed_tcp"
:{
"gap"
:
0
},
"dcerpc_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
}},
"expectations"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"file_store"
:{
"open_files"
:
0
}}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2114237753988795
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59284
,
"dest_ip"
:
"142.250.65.234"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399035-0400"
,
"end"
:
"2022-06-15T18:04:10.733378-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1712392025593303
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
52980
,
"dest_ip"
:
"185.199.109.133"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
266
,
"pkts_toclient"
:
518
,
"bytes_toserver"
:
20524
,
"bytes_toclient"
:
628102
,
"start"
:
"2022-06-15T18:00:06.644567-0400"
,
"end"
:
"2022-06-15T18:04:20.973001-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1860171112807345
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47924
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
880
,
"pkts_toclient"
:
3173
,
"bytes_toserver"
:
56902
,
"bytes_toclient"
:
4376329
,
"start"
:
"2022-06-15T18:00:06.818097-0400"
,
"end"
:
"2022-06-15T18:04:51.693158-0400"
,
"age"
:
285
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2003401827359072
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
43586
,
"dest_ip"
:
"34.117.237.239"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989536-0400"
,
"end"
:
"2022-06-15T17:59:32.036275-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
739145993855088
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47910
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.630896-0400"
,
"end"
:
"2022-06-15T18:00:06.747222-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1162689899214494
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
71
,
"pkts_toclient"
:
82
,
"bytes_toserver"
:
23594
,
"bytes_toclient"
:
12060
,
"start"
:
"2022-06-15T18:00:13.079518-0400"
,
"end"
:
"2022-06-15T18:03:21.483997-0400"
,
"age"
:
188
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
44379210914638
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
16
,
"pkts_toclient"
:
19
,
"bytes_toserver"
:
2659
,
"bytes_toclient"
:
9594
,
"start"
:
"2022-06-15T18:03:06.072526-0400"
,
"end"
:
"2022-06-15T18:04:39.405169-0400"
,
"age"
:
93
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
889983097807364
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47920
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
375
,
"pkts_toclient"
:
857
,
"bytes_toserver"
:
28074
,
"bytes_toclient"
:
1112359
,
"start"
:
"2022-06-15T18:00:06.631300-0400"
,
"end"
:
"2022-06-15T18:04:43.501208-0400"
,
"age"
:
277
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
616692181278972
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47912
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631036-0400"
,
"end"
:
"2022-06-15T18:00:06.747316-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
906046275491050
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
46228
,
"dest_ip"
:
"140.82.112.4"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
545
,
"pkts_toclient"
:
771
,
"bytes_toserver"
:
52113
,
"bytes_toclient"
:
848588
,
"start"
:
"2022-06-15T18:00:06.496874-0400"
,
"end"
:
"2022-06-15T18:04:20.972951-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2047049434833286
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47916
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631174-0400"
,
"end"
:
"2022-06-15T18:00:06.793338-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1066985142526400
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47918
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631232-0400"
,
"end"
:
"2022-06-15T18:00:06.745895-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
511366696539828
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
39344
,
"dest_ip"
:
"142.251.32.110"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399028-0400"
,
"end"
:
"2022-06-15T18:04:10.733394-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
519625918061012
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47308
,
"dest_ip"
:
"34.120.237.76"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989652-0400"
,
"end"
:
"2022-06-15T17:59:32.035675-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2072271628831089
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
48618
,
"dest_ip"
:
"172.217.4.67"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
324
,
"bytes_toclient"
:
487
,
"start"
:
"2022-06-15T17:59:44.493937-0400"
,
"end"
:
"2022-06-15T18:02:12.935577-0400"
,
"age"
:
148
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
528434895984923
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59630
,
"dest_ip"
:
"54.197.152.243"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
293
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989467-0400"
,
"end"
:
"2022-06-15T17:59:32.036182-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
954439825918589
,
"event_type"
:
"flow"
,
"src_ip"
:
"34.208.34.131"
,
"src_port"
:
443
,
"dest_ip"
:
"192.168.78.128"
,
"dest_port"
:
47912
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
1
,
"bytes_toserver"
:
145
,
"bytes_toclient"
:
89
,
"start"
:
"2022-06-15T18:01:44.625277-0400"
,
"end"
:
"2022-06-15T18:01:44.625867-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1660004161986882
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47914
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631106-0400"
,
"end"
:
"2022-06-15T18:00:06.747382-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
830519273945338
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44962
,
"dest_ip"
:
"104.16.249.249"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
12
,
"pkts_toclient"
:
12
,
"bytes_toserver"
:
882
,
"bytes_toclient"
:
918
,
"start"
:
"2022-06-15T17:59:41.948474-0400"
,
"end"
:
"2022-06-15T18:04:36.996684-0400"
,
"age"
:
295
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2239618586187952
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44338
,
"dest_ip"
:
"34.120.5.221"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989360-0400"
,
"end"
:
"2022-06-15T17:59:32.036138-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-07-21T14:41:30.089784-0400"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
0
,
"decoder"
:{
"pkts"
:
7758
,
"bytes"
:
7206274
,
"invalid"
:
0
,
"ipv4"
:
7758
,
"ipv6"
:
0
,
"ethernet"
:
7758
,
"chdlc"
:
0
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
7758
,
"udp"
:
0
,
"sctp"
:
0
,
"esp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"geneve"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"vxlan"
:
0
,
"vntag"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
0
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
928
,
"max_pkt_size"
:
1514
,
"max_mac_addrs_src"
:
0
,
"max_mac_addrs_dst"
:
0
,
"erspan"
:
0
,
"nsh"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_invalid_length"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"vntag"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"esp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"vxlan"
:{
"unknown_payload_type"
:
0
},
"geneve"
:{
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
},
"dce"
:{
"pkt_too_small"
:
0
},
"chdlc"
:{
"pkt_too_small"
:
0
},
"nsh"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"bad_header_length"
:
0
,
"reserved_type"
:
0
,
"unsupported_type"
:
0
,
"unknown_payload"
:
0
}},
"too_many_layers"
:
0
},
"flow"
:{
"memcap"
:
0
,
"total"
:
20
,
"active"
:
0
,
"tcp"
:
20
,
"udp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"tcp_reuse"
:
0
,
"get_used"
:
0
,
"get_used_eval"
:
0
,
"get_used_eval_reject"
:
0
,
"get_used_eval_busy"
:
0
,
"get_used_failed"
:
0
,
"wrk"
:{
"spare_sync_avg"
:
100
,
"spare_sync"
:
2
,
"spare_sync_incomplete"
:
0
,
"spare_sync_empty"
:
0
,
"flows_evicted_needs_work"
:
0
,
"flows_evicted_pkt_inject"
:
0
,
"flows_evicted"
:
0
,
"flows_injected"
:
0
},
"end"
:{
"state"
:{
"new"
:
20
,
"established"
:
0
,
"closed"
:
0
,
"local_bypassed"
:
0
},
"tcp_state"
:{
"none"
:
0
,
"syn_sent"
:
0
,
"syn_recv"
:
0
,
"established"
:
0
,
"fin_wait1"
:
0
,
"fin_wait2"
:
0
,
"time_wait"
:
0
,
"last_ack"
:
0
,
"close_wait"
:
0
,
"closing"
:
0
,
"closed"
:
0
},
"tcp_liberal"
:
0
},
"mgr"
:{
"full_hash_pass"
:
0
,
"rows_per_sec"
:
287
,
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"rows_maxlen"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_evicted"
:
0
,
"flows_evicted_needs_work"
:
0
},
"spare"
:
9800
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"recycler"
:{
"recycled"
:
20
,
"queue_avg"
:
0
,
"queue_max"
:
20
},
"memuse"
:
7394304
},
"tcp"
:{
"active_sessions"
:
0
,
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
2232
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
11
,
"rst"
:
5
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"memuse"
:
1212416
,
"reassembly_memuse"
:
229376
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"flow_bypassed"
:{
"local_pkts"
:
0
,
"local_bytes"
:
0
,
"local_capture_pkts"
:
0
,
"local_capture_bytes"
:
0
,
"closed"
:
0
,
"pkts"
:
0
,
"bytes"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
,
"failed_udp"
:
0
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
},
"error"
:{
"http"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smtp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tls"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ssh"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"imap"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dcerpc_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ntp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp-data"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ike"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"quic"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dhcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"snmp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"sip"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rfb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"mqtt"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"telnet"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rdp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"http2"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"failed_tcp"
:{
"gap"
:
0
},
"dcerpc_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
}},
"expectations"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"file_store"
:{
"open_files"
:
0
}}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1269967444419076
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47920
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
375
,
"pkts_toclient"
:
857
,
"bytes_toserver"
:
28074
,
"bytes_toclient"
:
1112359
,
"start"
:
"2022-06-15T18:00:06.631300-0400"
,
"end"
:
"2022-06-15T18:04:43.501208-0400"
,
"age"
:
277
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1281465069541844
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47308
,
"dest_ip"
:
"34.120.237.76"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989652-0400"
,
"end"
:
"2022-06-15T17:59:32.035675-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
440362298932145
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47924
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
880
,
"pkts_toclient"
:
3173
,
"bytes_toserver"
:
56902
,
"bytes_toclient"
:
4376329
,
"start"
:
"2022-06-15T18:00:06.818097-0400"
,
"end"
:
"2022-06-15T18:04:51.693158-0400"
,
"age"
:
285
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1290246138923645
,
"event_type"
:
"flow"
,
"src_ip"
:
"34.208.34.131"
,
"src_port"
:
443
,
"dest_ip"
:
"192.168.78.128"
,
"dest_port"
:
47912
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
1
,
"bytes_toserver"
:
145
,
"bytes_toclient"
:
89
,
"start"
:
"2022-06-15T18:01:44.625277-0400"
,
"end"
:
"2022-06-15T18:01:44.625867-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
447537041809730
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47914
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631106-0400"
,
"end"
:
"2022-06-15T18:00:06.747382-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
877778948232426
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
46228
,
"dest_ip"
:
"140.82.112.4"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
545
,
"pkts_toclient"
:
771
,
"bytes_toserver"
:
52113
,
"bytes_toclient"
:
848588
,
"start"
:
"2022-06-15T18:00:06.496874-0400"
,
"end"
:
"2022-06-15T18:04:20.972951-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
881899969356224
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47918
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631232-0400"
,
"end"
:
"2022-06-15T18:00:06.745895-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
466954588968407
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
52980
,
"dest_ip"
:
"185.199.109.133"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
266
,
"pkts_toclient"
:
518
,
"bytes_toserver"
:
20524
,
"bytes_toclient"
:
628102
,
"start"
:
"2022-06-15T18:00:06.644567-0400"
,
"end"
:
"2022-06-15T18:04:20.973001-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1037699908018288
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47910
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.630896-0400"
,
"end"
:
"2022-06-15T18:00:06.747222-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2025787197585658
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44962
,
"dest_ip"
:
"104.16.249.249"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
12
,
"pkts_toclient"
:
12
,
"bytes_toserver"
:
882
,
"bytes_toclient"
:
918
,
"start"
:
"2022-06-15T17:59:41.948474-0400"
,
"end"
:
"2022-06-15T18:04:36.996684-0400"
,
"age"
:
295
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
625754574035790
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
16
,
"pkts_toclient"
:
19
,
"bytes_toserver"
:
2659
,
"bytes_toclient"
:
9594
,
"start"
:
"2022-06-15T18:03:06.072526-0400"
,
"end"
:
"2022-06-15T18:04:39.405169-0400"
,
"age"
:
93
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
356432193787579
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59284
,
"dest_ip"
:
"142.250.65.234"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399035-0400"
,
"end"
:
"2022-06-15T18:04:10.733378-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
361760100128944
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44338
,
"dest_ip"
:
"34.120.5.221"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989360-0400"
,
"end"
:
"2022-06-15T17:59:32.036138-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
368406562608820
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
39344
,
"dest_ip"
:
"142.251.32.110"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399028-0400"
,
"end"
:
"2022-06-15T18:04:10.733394-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1942531405684988
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47912
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631036-0400"
,
"end"
:
"2022-06-15T18:00:06.747316-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1670163907557022
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
71
,
"pkts_toclient"
:
82
,
"bytes_toserver"
:
23594
,
"bytes_toclient"
:
12060
,
"start"
:
"2022-06-15T18:00:13.079518-0400"
,
"end"
:
"2022-06-15T18:03:21.483997-0400"
,
"age"
:
188
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1811090372594033
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
48618
,
"dest_ip"
:
"172.217.4.67"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
324
,
"bytes_toclient"
:
487
,
"start"
:
"2022-06-15T17:59:44.493937-0400"
,
"end"
:
"2022-06-15T18:02:12.935577-0400"
,
"age"
:
148
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
407580961055110
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47916
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631174-0400"
,
"end"
:
"2022-06-15T18:00:06.793338-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1403504417773920
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
43586
,
"dest_ip"
:
"34.117.237.239"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989536-0400"
,
"end"
:
"2022-06-15T17:59:32.036275-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1122589934295323
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59630
,
"dest_ip"
:
"54.197.152.243"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
293
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989467-0400"
,
"end"
:
"2022-06-15T17:59:32.036182-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-07-21T14:41:30.823164-0400"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
0
,
"decoder"
:{
"pkts"
:
7758
,
"bytes"
:
7206274
,
"invalid"
:
0
,
"ipv4"
:
7758
,
"ipv6"
:
0
,
"ethernet"
:
7758
,
"chdlc"
:
0
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
7758
,
"udp"
:
0
,
"sctp"
:
0
,
"esp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"geneve"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"vxlan"
:
0
,
"vntag"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
0
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
928
,
"max_pkt_size"
:
1514
,
"max_mac_addrs_src"
:
0
,
"max_mac_addrs_dst"
:
0
,
"erspan"
:
0
,
"nsh"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_invalid_length"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"vntag"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"esp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"vxlan"
:{
"unknown_payload_type"
:
0
},
"geneve"
:{
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
},
"dce"
:{
"pkt_too_small"
:
0
},
"chdlc"
:{
"pkt_too_small"
:
0
},
"nsh"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"bad_header_length"
:
0
,
"reserved_type"
:
0
,
"unsupported_type"
:
0
,
"unknown_payload"
:
0
}},
"too_many_layers"
:
0
},
"flow"
:{
"memcap"
:
0
,
"total"
:
20
,
"active"
:
0
,
"tcp"
:
20
,
"udp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"tcp_reuse"
:
0
,
"get_used"
:
0
,
"get_used_eval"
:
0
,
"get_used_eval_reject"
:
0
,
"get_used_eval_busy"
:
0
,
"get_used_failed"
:
0
,
"wrk"
:{
"spare_sync_avg"
:
100
,
"spare_sync"
:
2
,
"spare_sync_incomplete"
:
0
,
"spare_sync_empty"
:
0
,
"flows_evicted_needs_work"
:
0
,
"flows_evicted_pkt_inject"
:
0
,
"flows_evicted"
:
0
,
"flows_injected"
:
0
},
"end"
:{
"state"
:{
"new"
:
20
,
"established"
:
0
,
"closed"
:
0
,
"local_bypassed"
:
0
},
"tcp_state"
:{
"none"
:
0
,
"syn_sent"
:
0
,
"syn_recv"
:
0
,
"established"
:
0
,
"fin_wait1"
:
0
,
"fin_wait2"
:
0
,
"time_wait"
:
0
,
"last_ack"
:
0
,
"close_wait"
:
0
,
"closing"
:
0
,
"closed"
:
0
},
"tcp_liberal"
:
0
},
"mgr"
:{
"full_hash_pass"
:
0
,
"rows_per_sec"
:
287
,
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"rows_maxlen"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_evicted"
:
0
,
"flows_evicted_needs_work"
:
0
},
"spare"
:
9800
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"recycler"
:{
"recycled"
:
20
,
"queue_avg"
:
0
,
"queue_max"
:
20
},
"memuse"
:
7394304
},
"tcp"
:{
"active_sessions"
:
0
,
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
2232
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
11
,
"rst"
:
5
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"memuse"
:
1212416
,
"reassembly_memuse"
:
229376
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"flow_bypassed"
:{
"local_pkts"
:
0
,
"local_bytes"
:
0
,
"local_capture_pkts"
:
0
,
"local_capture_bytes"
:
0
,
"closed"
:
0
,
"pkts"
:
0
,
"bytes"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
,
"failed_udp"
:
0
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
},
"error"
:{
"http"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smtp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tls"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ssh"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"imap"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dcerpc_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ntp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp-data"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ike"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"quic"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dhcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"snmp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"sip"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rfb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"mqtt"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"telnet"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rdp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"http2"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"failed_tcp"
:{
"gap"
:
0
},
"dcerpc_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
}},
"expectations"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"file_store"
:{
"open_files"
:
0
}}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
710030410555644
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47912
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631036-0400"
,
"end"
:
"2022-06-15T18:00:06.747316-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
854573239935492
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47920
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
375
,
"pkts_toclient"
:
857
,
"bytes_toserver"
:
28074
,
"bytes_toclient"
:
1112359
,
"start"
:
"2022-06-15T18:00:06.631300-0400"
,
"end"
:
"2022-06-15T18:04:43.501208-0400"
,
"age"
:
277
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1986335774808532
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47308
,
"dest_ip"
:
"34.120.237.76"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989652-0400"
,
"end"
:
"2022-06-15T17:59:32.035675-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1286848813375878
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47916
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631174-0400"
,
"end"
:
"2022-06-15T18:00:06.793338-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1569762604130416
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47910
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.630896-0400"
,
"end"
:
"2022-06-15T18:00:06.747222-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
318554878943554
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47914
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631106-0400"
,
"end"
:
"2022-06-15T18:00:06.747382-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2174131073022202
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44962
,
"dest_ip"
:
"104.16.249.249"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
12
,
"pkts_toclient"
:
12
,
"bytes_toserver"
:
882
,
"bytes_toclient"
:
918
,
"start"
:
"2022-06-15T17:59:41.948474-0400"
,
"end"
:
"2022-06-15T18:04:36.996684-0400"
,
"age"
:
295
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
345065562838715
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59284
,
"dest_ip"
:
"142.250.65.234"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399035-0400"
,
"end"
:
"2022-06-15T18:04:10.733378-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
626920645884849
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47924
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
880
,
"pkts_toclient"
:
3173
,
"bytes_toserver"
:
56902
,
"bytes_toclient"
:
4376329
,
"start"
:
"2022-06-15T18:00:06.818097-0400"
,
"end"
:
"2022-06-15T18:04:51.693158-0400"
,
"age"
:
285
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1052210452699488
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
43586
,
"dest_ip"
:
"34.117.237.239"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989536-0400"
,
"end"
:
"2022-06-15T17:59:32.036275-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1621817614174845
,
"event_type"
:
"flow"
,
"src_ip"
:
"34.208.34.131"
,
"src_port"
:
443
,
"dest_ip"
:
"192.168.78.128"
,
"dest_port"
:
47912
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
1
,
"bytes_toserver"
:
145
,
"bytes_toclient"
:
89
,
"start"
:
"2022-06-15T18:01:44.625277-0400"
,
"end"
:
"2022-06-15T18:01:44.625867-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1065913548186048
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47918
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631232-0400"
,
"end"
:
"2022-06-15T18:00:06.745895-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
364936229033652
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
39344
,
"dest_ip"
:
"142.251.32.110"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399028-0400"
,
"end"
:
"2022-06-15T18:04:10.733394-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1920073033456462
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
16
,
"pkts_toclient"
:
19
,
"bytes_toserver"
:
2659
,
"bytes_toclient"
:
9594
,
"start"
:
"2022-06-15T18:03:06.072526-0400"
,
"end"
:
"2022-06-15T18:04:39.405169-0400"
,
"age"
:
93
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1780600401204458
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
46228
,
"dest_ip"
:
"140.82.112.4"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
545
,
"pkts_toclient"
:
771
,
"bytes_toserver"
:
52113
,
"bytes_toclient"
:
848588
,
"start"
:
"2022-06-15T18:00:06.496874-0400"
,
"end"
:
"2022-06-15T18:04:20.972951-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
232928261118128
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44338
,
"dest_ip"
:
"34.120.5.221"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989360-0400"
,
"end"
:
"2022-06-15T17:59:32.036138-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2210251750061726
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
71
,
"pkts_toclient"
:
82
,
"bytes_toserver"
:
23594
,
"bytes_toclient"
:
12060
,
"start"
:
"2022-06-15T18:00:13.079518-0400"
,
"end"
:
"2022-06-15T18:03:21.483997-0400"
,
"age"
:
188
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
523280935229723
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59630
,
"dest_ip"
:
"54.197.152.243"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
293
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989467-0400"
,
"end"
:
"2022-06-15T17:59:32.036182-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
548331332864369
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
48618
,
"dest_ip"
:
"172.217.4.67"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
324
,
"bytes_toclient"
:
487
,
"start"
:
"2022-06-15T17:59:44.493937-0400"
,
"end"
:
"2022-06-15T18:02:12.935577-0400"
,
"age"
:
148
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1535097923098071
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
52980
,
"dest_ip"
:
"185.199.109.133"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
266
,
"pkts_toclient"
:
518
,
"bytes_toserver"
:
20524
,
"bytes_toclient"
:
628102
,
"start"
:
"2022-06-15T18:00:06.644567-0400"
,
"end"
:
"2022-06-15T18:04:20.973001-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-07-21T14:41:32.589469-0400"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
0
,
"decoder"
:{
"pkts"
:
7758
,
"bytes"
:
7206274
,
"invalid"
:
0
,
"ipv4"
:
7758
,
"ipv6"
:
0
,
"ethernet"
:
7758
,
"chdlc"
:
0
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
7758
,
"udp"
:
0
,
"sctp"
:
0
,
"esp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"geneve"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"vxlan"
:
0
,
"vntag"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
0
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
928
,
"max_pkt_size"
:
1514
,
"max_mac_addrs_src"
:
0
,
"max_mac_addrs_dst"
:
0
,
"erspan"
:
0
,
"nsh"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_invalid_length"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"vntag"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"esp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"vxlan"
:{
"unknown_payload_type"
:
0
},
"geneve"
:{
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
},
"dce"
:{
"pkt_too_small"
:
0
},
"chdlc"
:{
"pkt_too_small"
:
0
},
"nsh"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"bad_header_length"
:
0
,
"reserved_type"
:
0
,
"unsupported_type"
:
0
,
"unknown_payload"
:
0
}},
"too_many_layers"
:
0
},
"flow"
:{
"memcap"
:
0
,
"total"
:
20
,
"active"
:
0
,
"tcp"
:
20
,
"udp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"tcp_reuse"
:
0
,
"get_used"
:
0
,
"get_used_eval"
:
0
,
"get_used_eval_reject"
:
0
,
"get_used_eval_busy"
:
0
,
"get_used_failed"
:
0
,
"wrk"
:{
"spare_sync_avg"
:
100
,
"spare_sync"
:
2
,
"spare_sync_incomplete"
:
0
,
"spare_sync_empty"
:
0
,
"flows_evicted_needs_work"
:
0
,
"flows_evicted_pkt_inject"
:
0
,
"flows_evicted"
:
0
,
"flows_injected"
:
0
},
"end"
:{
"state"
:{
"new"
:
20
,
"established"
:
0
,
"closed"
:
0
,
"local_bypassed"
:
0
},
"tcp_state"
:{
"none"
:
0
,
"syn_sent"
:
0
,
"syn_recv"
:
0
,
"established"
:
0
,
"fin_wait1"
:
0
,
"fin_wait2"
:
0
,
"time_wait"
:
0
,
"last_ack"
:
0
,
"close_wait"
:
0
,
"closing"
:
0
,
"closed"
:
0
},
"tcp_liberal"
:
0
},
"mgr"
:{
"full_hash_pass"
:
0
,
"rows_per_sec"
:
287
,
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"rows_maxlen"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_evicted"
:
0
,
"flows_evicted_needs_work"
:
0
},
"spare"
:
9800
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"recycler"
:{
"recycled"
:
20
,
"queue_avg"
:
0
,
"queue_max"
:
20
},
"memuse"
:
7394304
},
"tcp"
:{
"active_sessions"
:
0
,
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
2232
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
11
,
"rst"
:
5
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"memuse"
:
1212416
,
"reassembly_memuse"
:
229376
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"flow_bypassed"
:{
"local_pkts"
:
0
,
"local_bytes"
:
0
,
"local_capture_pkts"
:
0
,
"local_capture_bytes"
:
0
,
"closed"
:
0
,
"pkts"
:
0
,
"bytes"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
,
"failed_udp"
:
0
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
},
"error"
:{
"http"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smtp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tls"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ssh"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"imap"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dcerpc_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ntp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp-data"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ike"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"quic"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dhcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"snmp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"sip"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rfb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"mqtt"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"telnet"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rdp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"http2"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"failed_tcp"
:{
"gap"
:
0
},
"dcerpc_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
}},
"expectations"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"file_store"
:{
"open_files"
:
0
}}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1975237581643888
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47910
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.630896-0400"
,
"end"
:
"2022-06-15T18:00:06.747222-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
156789230703850
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
46228
,
"dest_ip"
:
"140.82.112.4"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
545
,
"pkts_toclient"
:
771
,
"bytes_toserver"
:
52113
,
"bytes_toclient"
:
848588
,
"start"
:
"2022-06-15T18:00:06.496874-0400"
,
"end"
:
"2022-06-15T18:04:20.972951-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
160375526951281
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
48618
,
"dest_ip"
:
"172.217.4.67"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
324
,
"bytes_toclient"
:
487
,
"start"
:
"2022-06-15T17:59:44.493937-0400"
,
"end"
:
"2022-06-15T18:02:12.935577-0400"
,
"age"
:
148
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1149467839633584
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44338
,
"dest_ip"
:
"34.120.5.221"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989360-0400"
,
"end"
:
"2022-06-15T17:59:32.036138-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
308019322427060
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
39344
,
"dest_ip"
:
"142.251.32.110"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399028-0400"
,
"end"
:
"2022-06-15T18:04:10.733394-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1859518275459540
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47308
,
"dest_ip"
:
"34.120.237.76"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989652-0400"
,
"end"
:
"2022-06-15T17:59:32.035675-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
171484459570875
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59284
,
"dest_ip"
:
"142.250.65.234"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399035-0400"
,
"end"
:
"2022-06-15T18:04:10.733378-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1720758619543904
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
43586
,
"dest_ip"
:
"34.117.237.239"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989536-0400"
,
"end"
:
"2022-06-15T17:59:32.036275-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1724987017175292
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47912
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631036-0400"
,
"end"
:
"2022-06-15T18:00:06.747316-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1173663540655774
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
71
,
"pkts_toclient"
:
82
,
"bytes_toserver"
:
23594
,
"bytes_toclient"
:
12060
,
"start"
:
"2022-06-15T18:00:13.079518-0400"
,
"end"
:
"2022-06-15T18:03:21.483997-0400"
,
"age"
:
188
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
330881435083200
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47918
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631232-0400"
,
"end"
:
"2022-06-15T18:00:06.745895-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1204855746628221
,
"event_type"
:
"flow"
,
"src_ip"
:
"34.208.34.131"
,
"src_port"
:
443
,
"dest_ip"
:
"192.168.78.128"
,
"dest_port"
:
47912
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
1
,
"bytes_toserver"
:
145
,
"bytes_toclient"
:
89
,
"start"
:
"2022-06-15T18:01:44.625277-0400"
,
"end"
:
"2022-06-15T18:01:44.625867-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
83538563473730
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47914
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631106-0400"
,
"end"
:
"2022-06-15T18:00:06.747382-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
230046338062619
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59630
,
"dest_ip"
:
"54.197.152.243"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
293
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989467-0400"
,
"end"
:
"2022-06-15T17:59:32.036182-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1216123586912772
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47920
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
375
,
"pkts_toclient"
:
857
,
"bytes_toserver"
:
28074
,
"bytes_toclient"
:
1112359
,
"start"
:
"2022-06-15T18:00:06.631300-0400"
,
"end"
:
"2022-06-15T18:04:43.501208-0400"
,
"age"
:
277
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
518257973296049
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47924
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
880
,
"pkts_toclient"
:
3173
,
"bytes_toserver"
:
56902
,
"bytes_toclient"
:
4376329
,
"start"
:
"2022-06-15T18:00:06.818097-0400"
,
"end"
:
"2022-06-15T18:04:51.693158-0400"
,
"age"
:
285
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
669662011291898
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44962
,
"dest_ip"
:
"104.16.249.249"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
12
,
"pkts_toclient"
:
12
,
"bytes_toserver"
:
882
,
"bytes_toclient"
:
918
,
"start"
:
"2022-06-15T17:59:41.948474-0400"
,
"end"
:
"2022-06-15T18:04:36.996684-0400"
,
"age"
:
295
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1381993088162638
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
16
,
"pkts_toclient"
:
19
,
"bytes_toserver"
:
2659
,
"bytes_toclient"
:
9594
,
"start"
:
"2022-06-15T18:03:06.072526-0400"
,
"end"
:
"2022-06-15T18:04:39.405169-0400"
,
"age"
:
93
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2240426042381783
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
52980
,
"dest_ip"
:
"185.199.109.133"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
266
,
"pkts_toclient"
:
518
,
"bytes_toserver"
:
20524
,
"bytes_toclient"
:
628102
,
"start"
:
"2022-06-15T18:00:06.644567-0400"
,
"end"
:
"2022-06-15T18:04:20.973001-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
280484288831878
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47916
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631174-0400"
,
"end"
:
"2022-06-15T18:00:06.793338-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-07-21T14:41:33.530084-0400"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
0
,
"decoder"
:{
"pkts"
:
7758
,
"bytes"
:
7206274
,
"invalid"
:
0
,
"ipv4"
:
7758
,
"ipv6"
:
0
,
"ethernet"
:
7758
,
"chdlc"
:
0
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
7758
,
"udp"
:
0
,
"sctp"
:
0
,
"esp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"geneve"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"vxlan"
:
0
,
"vntag"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
0
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
928
,
"max_pkt_size"
:
1514
,
"max_mac_addrs_src"
:
0
,
"max_mac_addrs_dst"
:
0
,
"erspan"
:
0
,
"nsh"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_invalid_length"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"vntag"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"esp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"vxlan"
:{
"unknown_payload_type"
:
0
},
"geneve"
:{
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
},
"dce"
:{
"pkt_too_small"
:
0
},
"chdlc"
:{
"pkt_too_small"
:
0
},
"nsh"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"bad_header_length"
:
0
,
"reserved_type"
:
0
,
"unsupported_type"
:
0
,
"unknown_payload"
:
0
}},
"too_many_layers"
:
0
},
"flow"
:{
"memcap"
:
0
,
"total"
:
20
,
"active"
:
0
,
"tcp"
:
20
,
"udp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"tcp_reuse"
:
0
,
"get_used"
:
0
,
"get_used_eval"
:
0
,
"get_used_eval_reject"
:
0
,
"get_used_eval_busy"
:
0
,
"get_used_failed"
:
0
,
"wrk"
:{
"spare_sync_avg"
:
100
,
"spare_sync"
:
2
,
"spare_sync_incomplete"
:
0
,
"spare_sync_empty"
:
0
,
"flows_evicted_needs_work"
:
0
,
"flows_evicted_pkt_inject"
:
0
,
"flows_evicted"
:
0
,
"flows_injected"
:
0
},
"end"
:{
"state"
:{
"new"
:
20
,
"established"
:
0
,
"closed"
:
0
,
"local_bypassed"
:
0
},
"tcp_state"
:{
"none"
:
0
,
"syn_sent"
:
0
,
"syn_recv"
:
0
,
"established"
:
0
,
"fin_wait1"
:
0
,
"fin_wait2"
:
0
,
"time_wait"
:
0
,
"last_ack"
:
0
,
"close_wait"
:
0
,
"closing"
:
0
,
"closed"
:
0
},
"tcp_liberal"
:
0
},
"mgr"
:{
"full_hash_pass"
:
0
,
"rows_per_sec"
:
287
,
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"rows_maxlen"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_evicted"
:
0
,
"flows_evicted_needs_work"
:
0
},
"spare"
:
9800
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"recycler"
:{
"recycled"
:
20
,
"queue_avg"
:
0
,
"queue_max"
:
20
},
"memuse"
:
7394304
},
"tcp"
:{
"active_sessions"
:
0
,
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
2232
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
11
,
"rst"
:
5
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"memuse"
:
1212416
,
"reassembly_memuse"
:
229376
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"flow_bypassed"
:{
"local_pkts"
:
0
,
"local_bytes"
:
0
,
"local_capture_pkts"
:
0
,
"local_capture_bytes"
:
0
,
"closed"
:
0
,
"pkts"
:
0
,
"bytes"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
,
"failed_udp"
:
0
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
},
"error"
:{
"http"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smtp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tls"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ssh"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"imap"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dcerpc_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ntp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp-data"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ike"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"quic"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dhcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"snmp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"sip"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rfb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"mqtt"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"telnet"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rdp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"http2"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"failed_tcp"
:{
"gap"
:
0
},
"dcerpc_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
}},
"expectations"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"file_store"
:{
"open_files"
:
0
}}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
291812265065393
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47924
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
880
,
"pkts_toclient"
:
3173
,
"bytes_toserver"
:
56902
,
"bytes_toclient"
:
4376329
,
"start"
:
"2022-06-15T18:00:06.818097-0400"
,
"end"
:
"2022-06-15T18:04:51.693158-0400"
,
"age"
:
285
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1844249669050620
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47912
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631036-0400"
,
"end"
:
"2022-06-15T18:00:06.747316-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
863023588090178
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47914
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631106-0400"
,
"end"
:
"2022-06-15T18:00:06.747382-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2131988855576023
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
52980
,
"dest_ip"
:
"185.199.109.133"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
266
,
"pkts_toclient"
:
518
,
"bytes_toserver"
:
20524
,
"bytes_toclient"
:
628102
,
"start"
:
"2022-06-15T18:00:06.644567-0400"
,
"end"
:
"2022-06-15T18:04:20.973001-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
585347507624112
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44338
,
"dest_ip"
:
"34.120.5.221"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989360-0400"
,
"end"
:
"2022-06-15T17:59:32.036138-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1580998236248532
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47308
,
"dest_ip"
:
"34.120.237.76"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989652-0400"
,
"end"
:
"2022-06-15T17:59:32.035675-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1172493161636356
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47920
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
375
,
"pkts_toclient"
:
857
,
"bytes_toserver"
:
28074
,
"bytes_toclient"
:
1112359
,
"start"
:
"2022-06-15T18:00:06.631300-0400"
,
"end"
:
"2022-06-15T18:04:43.501208-0400"
,
"age"
:
277
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
892510686060992
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47918
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631232-0400"
,
"end"
:
"2022-06-15T18:00:06.745895-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1328707562903220
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
39344
,
"dest_ip"
:
"142.251.32.110"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399028-0400"
,
"end"
:
"2022-06-15T18:04:10.733394-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
353462223902395
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59284
,
"dest_ip"
:
"142.250.65.234"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399035-0400"
,
"end"
:
"2022-06-15T18:04:10.733378-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1763070503951182
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
16
,
"pkts_toclient"
:
19
,
"bytes_toserver"
:
2659
,
"bytes_toclient"
:
9594
,
"start"
:
"2022-06-15T18:03:06.072526-0400"
,
"end"
:
"2022-06-15T18:04:39.405169-0400"
,
"age"
:
93
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1780413567801696
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
43586
,
"dest_ip"
:
"34.117.237.239"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989536-0400"
,
"end"
:
"2022-06-15T17:59:32.036275-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
660429980737648
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47910
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.630896-0400"
,
"end"
:
"2022-06-15T18:00:06.747222-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1375801887459965
,
"event_type"
:
"flow"
,
"src_ip"
:
"34.208.34.131"
,
"src_port"
:
443
,
"dest_ip"
:
"192.168.78.128"
,
"dest_port"
:
47912
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
1
,
"bytes_toserver"
:
145
,
"bytes_toclient"
:
89
,
"start"
:
"2022-06-15T18:01:44.625277-0400"
,
"end"
:
"2022-06-15T18:01:44.625867-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1943416166619419
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59630
,
"dest_ip"
:
"54.197.152.243"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
293
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989467-0400"
,
"end"
:
"2022-06-15T17:59:32.036182-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
258038789739754
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
46228
,
"dest_ip"
:
"140.82.112.4"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
545
,
"pkts_toclient"
:
771
,
"bytes_toserver"
:
52113
,
"bytes_toclient"
:
848588
,
"start"
:
"2022-06-15T18:00:06.496874-0400"
,
"end"
:
"2022-06-15T18:04:20.972951-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
120093028682097
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
48618
,
"dest_ip"
:
"172.217.4.67"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
324
,
"bytes_toclient"
:
487
,
"start"
:
"2022-06-15T17:59:44.493937-0400"
,
"end"
:
"2022-06-15T18:02:12.935577-0400"
,
"age"
:
148
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1668229022710010
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44962
,
"dest_ip"
:
"104.16.249.249"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
12
,
"pkts_toclient"
:
12
,
"bytes_toserver"
:
882
,
"bytes_toclient"
:
918
,
"start"
:
"2022-06-15T17:59:41.948474-0400"
,
"end"
:
"2022-06-15T18:04:36.996684-0400"
,
"age"
:
295
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1108824566871710
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
71
,
"pkts_toclient"
:
82
,
"bytes_toserver"
:
23594
,
"bytes_toclient"
:
12060
,
"start"
:
"2022-06-15T18:00:13.079518-0400"
,
"end"
:
"2022-06-15T18:03:21.483997-0400"
,
"age"
:
188
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
270129122681222
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47916
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631174-0400"
,
"end"
:
"2022-06-15T18:00:06.793338-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-07-21T14:41:34.292102-0400"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
0
,
"decoder"
:{
"pkts"
:
7758
,
"bytes"
:
7206274
,
"invalid"
:
0
,
"ipv4"
:
7758
,
"ipv6"
:
0
,
"ethernet"
:
7758
,
"chdlc"
:
0
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
7758
,
"udp"
:
0
,
"sctp"
:
0
,
"esp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"geneve"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"vxlan"
:
0
,
"vntag"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
0
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
928
,
"max_pkt_size"
:
1514
,
"max_mac_addrs_src"
:
0
,
"max_mac_addrs_dst"
:
0
,
"erspan"
:
0
,
"nsh"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_invalid_length"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"vntag"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"esp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"vxlan"
:{
"unknown_payload_type"
:
0
},
"geneve"
:{
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
},
"dce"
:{
"pkt_too_small"
:
0
},
"chdlc"
:{
"pkt_too_small"
:
0
},
"nsh"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"bad_header_length"
:
0
,
"reserved_type"
:
0
,
"unsupported_type"
:
0
,
"unknown_payload"
:
0
}},
"too_many_layers"
:
0
},
"flow"
:{
"memcap"
:
0
,
"total"
:
20
,
"active"
:
0
,
"tcp"
:
20
,
"udp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"tcp_reuse"
:
0
,
"get_used"
:
0
,
"get_used_eval"
:
0
,
"get_used_eval_reject"
:
0
,
"get_used_eval_busy"
:
0
,
"get_used_failed"
:
0
,
"wrk"
:{
"spare_sync_avg"
:
100
,
"spare_sync"
:
2
,
"spare_sync_incomplete"
:
0
,
"spare_sync_empty"
:
0
,
"flows_evicted_needs_work"
:
0
,
"flows_evicted_pkt_inject"
:
0
,
"flows_evicted"
:
0
,
"flows_injected"
:
0
},
"end"
:{
"state"
:{
"new"
:
20
,
"established"
:
0
,
"closed"
:
0
,
"local_bypassed"
:
0
},
"tcp_state"
:{
"none"
:
0
,
"syn_sent"
:
0
,
"syn_recv"
:
0
,
"established"
:
0
,
"fin_wait1"
:
0
,
"fin_wait2"
:
0
,
"time_wait"
:
0
,
"last_ack"
:
0
,
"close_wait"
:
0
,
"closing"
:
0
,
"closed"
:
0
},
"tcp_liberal"
:
0
},
"mgr"
:{
"full_hash_pass"
:
0
,
"rows_per_sec"
:
0
,
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"rows_maxlen"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_evicted"
:
0
,
"flows_evicted_needs_work"
:
0
},
"spare"
:
0
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"recycler"
:{
"recycled"
:
20
,
"queue_avg"
:
0
,
"queue_max"
:
20
},
"memuse"
:
7394304
},
"tcp"
:{
"active_sessions"
:
0
,
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
2232
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
11
,
"rst"
:
5
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"memuse"
:
1212416
,
"reassembly_memuse"
:
229376
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"flow_bypassed"
:{
"local_pkts"
:
0
,
"local_bytes"
:
0
,
"local_capture_pkts"
:
0
,
"local_capture_bytes"
:
0
,
"closed"
:
0
,
"pkts"
:
0
,
"bytes"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
,
"failed_udp"
:
0
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
},
"error"
:{
"http"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smtp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tls"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ssh"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"imap"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dcerpc_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ntp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp-data"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ike"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"quic"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dhcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"snmp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"sip"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rfb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"mqtt"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"telnet"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rdp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"http2"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"failed_tcp"
:{
"gap"
:
0
},
"dcerpc_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
}},
"expectations"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"file_store"
:{
"open_files"
:
0
}}}
{
"timestamp"
:
"2022-06-15T18:00:13.126374-0400"
,
"flow_id"
:
209254404142750
,
"pcap_cnt"
:
2731
,
"event_type"
:
"tls"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tls"
:{
"subject"
:
"CN=*.ghostery.net"
,
"issuerdn"
:
"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon"
,
"serial"
:
"03:9F:1E:C7:EC:8A:57:A7:3A:EA:95:2C:1E:DE:BD:29"
,
"fingerprint"
:
"42:71:54:46:11:24:d1:dc:c1:80:cc:fc:2c:06:f9:3c:64:62:ef:ef"
,
"sni"
:
"collector-hpn.ghostery.net"
,
"version"
:
"TLS 1.2"
,
"notbefore"
:
"2022-05-27T00:00:00"
,
"notafter"
:
"2023-06-25T23:59:59"
}}
{
"timestamp"
:
"2022-06-15T18:03:06.132112-0400"
,
"flow_id"
:
425089406999374
,
"pcap_cnt"
:
7325
,
"event_type"
:
"tls"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tls"
:{
"sni"
:
"az764295.vo.msecnd.net"
,
"version"
:
"TLS 1.3"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
425089406999374
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"app_proto"
:
"tls"
,
"flow"
:{
"pkts_toserver"
:
16
,
"pkts_toclient"
:
19
,
"bytes_toserver"
:
2659
,
"bytes_toclient"
:
9594
,
"start"
:
"2022-06-15T18:03:06.072526-0400"
,
"end"
:
"2022-06-15T18:04:39.405169-0400"
,
"age"
:
93
,
"state"
:
"established"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"1a"
,
"tcp_flags_ts"
:
"1a"
,
"tcp_flags_tc"
:
"1a"
,
"syn"
:
true
,
"psh"
:
true
,
"ack"
:
true
,
"state"
:
"established"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
146936573990587
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59284
,
"dest_ip"
:
"142.250.65.234"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399035-0400"
,
"end"
:
"2022-06-15T18:04:10.733378-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
294649089234612
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
39344
,
"dest_ip"
:
"142.251.32.110"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399028-0400"
,
"end"
:
"2022-06-15T18:04:10.733394-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
859836720908657
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
48618
,
"dest_ip"
:
"172.217.4.67"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
324
,
"bytes_toclient"
:
487
,
"start"
:
"2022-06-15T17:59:44.493937-0400"
,
"end"
:
"2022-06-15T18:02:12.935577-0400"
,
"age"
:
148
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
733126597190080
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47918
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631232-0400"
,
"end"
:
"2022-06-15T18:00:06.745895-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1579406953193988
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47920
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
375
,
"pkts_toclient"
:
857
,
"bytes_toserver"
:
28074
,
"bytes_toclient"
:
1112359
,
"start"
:
"2022-06-15T18:00:06.631300-0400"
,
"end"
:
"2022-06-15T18:04:43.501208-0400"
,
"age"
:
277
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
878154755545556
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47308
,
"dest_ip"
:
"34.120.237.76"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989652-0400"
,
"end"
:
"2022-06-15T17:59:32.035675-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1462680477178032
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44338
,
"dest_ip"
:
"34.120.5.221"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989360-0400"
,
"end"
:
"2022-06-15T17:59:32.036138-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2029515237263997
,
"event_type"
:
"flow"
,
"src_ip"
:
"34.208.34.131"
,
"src_port"
:
443
,
"dest_ip"
:
"192.168.78.128"
,
"dest_port"
:
47912
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
1
,
"bytes_toserver"
:
145
,
"bytes_toclient"
:
89
,
"start"
:
"2022-06-15T18:01:44.625277-0400"
,
"end"
:
"2022-06-15T18:01:44.625867-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1469361298807136
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
43586
,
"dest_ip"
:
"34.117.237.239"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989536-0400"
,
"end"
:
"2022-06-15T17:59:32.036275-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2174081682547010
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47914
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631106-0400"
,
"end"
:
"2022-06-15T18:00:06.747382-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
209254404142750
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"app_proto"
:
"tls"
,
"flow"
:{
"pkts_toserver"
:
71
,
"pkts_toclient"
:
82
,
"bytes_toserver"
:
23594
,
"bytes_toclient"
:
12060
,
"start"
:
"2022-06-15T18:00:13.079518-0400"
,
"end"
:
"2022-06-15T18:03:21.483997-0400"
,
"age"
:
188
,
"state"
:
"closed"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"1b"
,
"tcp_flags_ts"
:
"1b"
,
"tcp_flags_tc"
:
"1b"
,
"syn"
:
true
,
"fin"
:
true
,
"psh"
:
true
,
"ack"
:
true
,
"state"
:
"closed"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
642451247636732
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47912
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631036-0400"
,
"end"
:
"2022-06-15T18:00:06.747316-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
86854278226032
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47910
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.630896-0400"
,
"end"
:
"2022-06-15T18:00:06.747222-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1216003325499675
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59630
,
"dest_ip"
:
"54.197.152.243"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
293
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989467-0400"
,
"end"
:
"2022-06-15T17:59:32.036182-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1675893391849722
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44962
,
"dest_ip"
:
"104.16.249.249"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
12
,
"pkts_toclient"
:
12
,
"bytes_toserver"
:
882
,
"bytes_toclient"
:
918
,
"start"
:
"2022-06-15T17:59:41.948474-0400"
,
"end"
:
"2022-06-15T18:04:36.996684-0400"
,
"age"
:
295
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
132065251467654
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47916
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631174-0400"
,
"end"
:
"2022-06-15T18:00:06.793338-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1681137548557233
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47924
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
880
,
"pkts_toclient"
:
3173
,
"bytes_toserver"
:
56902
,
"bytes_toclient"
:
4376329
,
"start"
:
"2022-06-15T18:00:06.818097-0400"
,
"end"
:
"2022-06-15T18:04:51.693158-0400"
,
"age"
:
285
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
979913270531306
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
46228
,
"dest_ip"
:
"140.82.112.4"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
545
,
"pkts_toclient"
:
771
,
"bytes_toserver"
:
52113
,
"bytes_toclient"
:
848588
,
"start"
:
"2022-06-15T18:00:06.496874-0400"
,
"end"
:
"2022-06-15T18:04:20.972951-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1123249214117335
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
52980
,
"dest_ip"
:
"185.199.109.133"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
266
,
"pkts_toclient"
:
518
,
"bytes_toserver"
:
20524
,
"bytes_toclient"
:
628102
,
"start"
:
"2022-06-15T18:00:06.644567-0400"
,
"end"
:
"2022-06-15T18:04:20.973001-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-07-21T14:41:35.020863-0400"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
1
,
"decoder"
:{
"pkts"
:
7758
,
"bytes"
:
7206274
,
"invalid"
:
0
,
"ipv4"
:
7758
,
"ipv6"
:
0
,
"ethernet"
:
7758
,
"chdlc"
:
0
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
7758
,
"udp"
:
0
,
"sctp"
:
0
,
"esp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"geneve"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"vxlan"
:
0
,
"vntag"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
0
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
928
,
"max_pkt_size"
:
1514
,
"max_mac_addrs_src"
:
0
,
"max_mac_addrs_dst"
:
0
,
"erspan"
:
0
,
"nsh"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_invalid_length"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"vntag"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"esp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"vxlan"
:{
"unknown_payload_type"
:
0
},
"geneve"
:{
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
},
"dce"
:{
"pkt_too_small"
:
0
},
"chdlc"
:{
"pkt_too_small"
:
0
},
"nsh"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"bad_header_length"
:
0
,
"reserved_type"
:
0
,
"unsupported_type"
:
0
,
"unknown_payload"
:
0
}},
"too_many_layers"
:
0
},
"flow"
:{
"memcap"
:
0
,
"total"
:
20
,
"active"
:
0
,
"tcp"
:
20
,
"udp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"tcp_reuse"
:
0
,
"get_used"
:
0
,
"get_used_eval"
:
0
,
"get_used_eval_reject"
:
0
,
"get_used_eval_busy"
:
0
,
"get_used_failed"
:
0
,
"wrk"
:{
"spare_sync_avg"
:
100
,
"spare_sync"
:
2
,
"spare_sync_incomplete"
:
0
,
"spare_sync_empty"
:
0
,
"flows_evicted_needs_work"
:
1
,
"flows_evicted_pkt_inject"
:
2
,
"flows_evicted"
:
0
,
"flows_injected"
:
1
},
"end"
:{
"state"
:{
"new"
:
18
,
"established"
:
1
,
"closed"
:
1
,
"local_bypassed"
:
0
},
"tcp_state"
:{
"none"
:
0
,
"syn_sent"
:
0
,
"syn_recv"
:
0
,
"established"
:
1
,
"fin_wait1"
:
0
,
"fin_wait2"
:
0
,
"time_wait"
:
0
,
"last_ack"
:
0
,
"close_wait"
:
0
,
"closing"
:
0
,
"closed"
:
1
},
"tcp_liberal"
:
0
},
"mgr"
:{
"full_hash_pass"
:
0
,
"rows_per_sec"
:
0
,
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"rows_maxlen"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_evicted"
:
0
,
"flows_evicted_needs_work"
:
0
},
"spare"
:
0
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"recycler"
:{
"recycled"
:
19
,
"queue_avg"
:
0
,
"queue_max"
:
19
},
"memuse"
:
7394304
},
"tcp"
:{
"active_sessions"
:
0
,
"sessions"
:
2
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
343
,
"no_flow"
:
0
,
"syn"
:
2
,
"synack"
:
11
,
"rst"
:
5
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"memuse"
:
1212416
,
"reassembly_memuse"
:
229376
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"flow_bypassed"
:{
"local_pkts"
:
0
,
"local_bytes"
:
0
,
"local_capture_pkts"
:
0
,
"local_capture_bytes"
:
0
,
"closed"
:
0
,
"pkts"
:
0
,
"bytes"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
2
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
,
"failed_udp"
:
0
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
},
"error"
:{
"http"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smtp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tls"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ssh"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"imap"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dcerpc_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ntp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp-data"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ike"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"quic"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dhcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"snmp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"sip"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rfb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"mqtt"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"telnet"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rdp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"http2"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"failed_tcp"
:{
"gap"
:
0
},
"dcerpc_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
}},
"expectations"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"file_store"
:{
"open_files"
:
0
}}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
142233586554327
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
52980
,
"dest_ip"
:
"185.199.109.133"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
266
,
"pkts_toclient"
:
518
,
"bytes_toserver"
:
20524
,
"bytes_toclient"
:
628102
,
"start"
:
"2022-06-15T18:00:06.644567-0400"
,
"end"
:
"2022-06-15T18:04:20.973001-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
286383424673467
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59284
,
"dest_ip"
:
"142.250.65.234"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399035-0400"
,
"end"
:
"2022-06-15T18:04:10.733378-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
430176782350586
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44962
,
"dest_ip"
:
"104.16.249.249"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
12
,
"pkts_toclient"
:
12
,
"bytes_toserver"
:
882
,
"bytes_toclient"
:
918
,
"start"
:
"2022-06-15T17:59:41.948474-0400"
,
"end"
:
"2022-06-15T18:04:36.996684-0400"
,
"age"
:
295
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
574653039057364
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47308
,
"dest_ip"
:
"34.120.237.76"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989652-0400"
,
"end"
:
"2022-06-15T17:59:32.035675-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1139177097992544
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
43586
,
"dest_ip"
:
"34.117.237.239"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989536-0400"
,
"end"
:
"2022-06-15T17:59:32.036275-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
457709671847146
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
46228
,
"dest_ip"
:
"140.82.112.4"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
545
,
"pkts_toclient"
:
771
,
"bytes_toserver"
:
52113
,
"bytes_toclient"
:
848588
,
"start"
:
"2022-06-15T18:00:06.496874-0400"
,
"end"
:
"2022-06-15T18:04:20.972951-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
187968552209021
,
"event_type"
:
"flow"
,
"src_ip"
:
"34.208.34.131"
,
"src_port"
:
443
,
"dest_ip"
:
"192.168.78.128"
,
"dest_port"
:
47912
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
1
,
"bytes_toserver"
:
145
,
"bytes_toclient"
:
89
,
"start"
:
"2022-06-15T18:01:44.625277-0400"
,
"end"
:
"2022-06-15T18:01:44.625867-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1034854492184828
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47912
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631036-0400"
,
"end"
:
"2022-06-15T18:00:06.747316-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
765686744260720
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47910
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.630896-0400"
,
"end"
:
"2022-06-15T18:00:06.747222-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2032944762233348
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47920
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
375
,
"pkts_toclient"
:
857
,
"bytes_toserver"
:
28074
,
"bytes_toclient"
:
1112359
,
"start"
:
"2022-06-15T18:00:06.631300-0400"
,
"end"
:
"2022-06-15T18:04:43.501208-0400"
,
"age"
:
277
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2195567254997361
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
48618
,
"dest_ip"
:
"172.217.4.67"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
324
,
"bytes_toclient"
:
487
,
"start"
:
"2022-06-15T17:59:44.493937-0400"
,
"end"
:
"2022-06-15T18:02:12.935577-0400"
,
"age"
:
148
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
797057185822366
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
71
,
"pkts_toclient"
:
82
,
"bytes_toserver"
:
23594
,
"bytes_toclient"
:
12060
,
"start"
:
"2022-06-15T18:00:13.079518-0400"
,
"end"
:
"2022-06-15T18:03:21.483997-0400"
,
"age"
:
188
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
388773299256241
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47924
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
880
,
"pkts_toclient"
:
3173
,
"bytes_toserver"
:
56902
,
"bytes_toclient"
:
4376329
,
"start"
:
"2022-06-15T18:00:06.818097-0400"
,
"end"
:
"2022-06-15T18:04:51.693158-0400"
,
"age"
:
285
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2220737924045646
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
16
,
"pkts_toclient"
:
19
,
"bytes_toserver"
:
2659
,
"bytes_toclient"
:
9594
,
"start"
:
"2022-06-15T18:03:06.072526-0400"
,
"end"
:
"2022-06-15T18:04:39.405169-0400"
,
"age"
:
93
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1661065016580272
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44338
,
"dest_ip"
:
"34.120.5.221"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989360-0400"
,
"end"
:
"2022-06-15T17:59:32.036138-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2224380042221851
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59630
,
"dest_ip"
:
"54.197.152.243"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
293
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989467-0400"
,
"end"
:
"2022-06-15T17:59:32.036182-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
694577116485300
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
39344
,
"dest_ip"
:
"142.251.32.110"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399028-0400"
,
"end"
:
"2022-06-15T18:04:10.733394-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
413540228178368
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47918
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631232-0400"
,
"end"
:
"2022-06-15T18:00:06.745895-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
133615734661510
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47916
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631174-0400"
,
"end"
:
"2022-06-15T18:00:06.793338-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
415992654504258
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47914
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631106-0400"
,
"end"
:
"2022-06-15T18:00:06.747382-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-07-21T14:41:35.869526-0400"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
0
,
"decoder"
:{
"pkts"
:
7758
,
"bytes"
:
7206274
,
"invalid"
:
0
,
"ipv4"
:
7758
,
"ipv6"
:
0
,
"ethernet"
:
7758
,
"chdlc"
:
0
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
7758
,
"udp"
:
0
,
"sctp"
:
0
,
"esp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"geneve"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"vxlan"
:
0
,
"vntag"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
0
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
928
,
"max_pkt_size"
:
1514
,
"max_mac_addrs_src"
:
0
,
"max_mac_addrs_dst"
:
0
,
"erspan"
:
0
,
"nsh"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_invalid_length"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"vntag"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"esp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"vxlan"
:{
"unknown_payload_type"
:
0
},
"geneve"
:{
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
},
"dce"
:{
"pkt_too_small"
:
0
},
"chdlc"
:{
"pkt_too_small"
:
0
},
"nsh"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"bad_header_length"
:
0
,
"reserved_type"
:
0
,
"unsupported_type"
:
0
,
"unknown_payload"
:
0
}},
"too_many_layers"
:
0
},
"flow"
:{
"memcap"
:
0
,
"total"
:
20
,
"active"
:
0
,
"tcp"
:
20
,
"udp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"tcp_reuse"
:
0
,
"get_used"
:
0
,
"get_used_eval"
:
0
,
"get_used_eval_reject"
:
0
,
"get_used_eval_busy"
:
0
,
"get_used_failed"
:
0
,
"wrk"
:{
"spare_sync_avg"
:
100
,
"spare_sync"
:
2
,
"spare_sync_incomplete"
:
0
,
"spare_sync_empty"
:
0
,
"flows_evicted_needs_work"
:
0
,
"flows_evicted_pkt_inject"
:
0
,
"flows_evicted"
:
0
,
"flows_injected"
:
0
},
"end"
:{
"state"
:{
"new"
:
20
,
"established"
:
0
,
"closed"
:
0
,
"local_bypassed"
:
0
},
"tcp_state"
:{
"none"
:
0
,
"syn_sent"
:
0
,
"syn_recv"
:
0
,
"established"
:
0
,
"fin_wait1"
:
0
,
"fin_wait2"
:
0
,
"time_wait"
:
0
,
"last_ack"
:
0
,
"close_wait"
:
0
,
"closing"
:
0
,
"closed"
:
0
},
"tcp_liberal"
:
0
},
"mgr"
:{
"full_hash_pass"
:
0
,
"rows_per_sec"
:
287
,
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"rows_maxlen"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_evicted"
:
0
,
"flows_evicted_needs_work"
:
0
},
"spare"
:
9800
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"recycler"
:{
"recycled"
:
20
,
"queue_avg"
:
0
,
"queue_max"
:
20
},
"memuse"
:
7394304
},
"tcp"
:{
"active_sessions"
:
0
,
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
2232
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
11
,
"rst"
:
5
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"memuse"
:
1212416
,
"reassembly_memuse"
:
229376
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"flow_bypassed"
:{
"local_pkts"
:
0
,
"local_bytes"
:
0
,
"local_capture_pkts"
:
0
,
"local_capture_bytes"
:
0
,
"closed"
:
0
,
"pkts"
:
0
,
"bytes"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
,
"failed_udp"
:
0
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
},
"error"
:{
"http"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smtp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tls"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ssh"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"imap"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dcerpc_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ntp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp-data"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ike"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"quic"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dhcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"snmp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"sip"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rfb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"mqtt"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"telnet"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rdp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"http2"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"failed_tcp"
:{
"gap"
:
0
},
"dcerpc_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
}},
"expectations"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"file_store"
:{
"open_files"
:
0
}}}
{
"timestamp"
:
"2022-06-15T18:00:13.126374-0400"
,
"flow_id"
:
240334934980254
,
"pcap_cnt"
:
2731
,
"event_type"
:
"tls"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tls"
:{
"subject"
:
"CN=*.ghostery.net"
,
"issuerdn"
:
"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon"
,
"serial"
:
"03:9F:1E:C7:EC:8A:57:A7:3A:EA:95:2C:1E:DE:BD:29"
,
"fingerprint"
:
"42:71:54:46:11:24:d1:dc:c1:80:cc:fc:2c:06:f9:3c:64:62:ef:ef"
,
"sni"
:
"collector-hpn.ghostery.net"
,
"version"
:
"TLS 1.2"
,
"notbefore"
:
"2022-05-27T00:00:00"
,
"notafter"
:
"2023-06-25T23:59:59"
}}
{
"timestamp"
:
"2022-06-15T18:03:06.132112-0400"
,
"flow_id"
:
1980013597039438
,
"pcap_cnt"
:
7325
,
"event_type"
:
"tls"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tls"
:{
"sni"
:
"az764295.vo.msecnd.net"
,
"version"
:
"TLS 1.3"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1980013597039438
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"app_proto"
:
"tls"
,
"flow"
:{
"pkts_toserver"
:
16
,
"pkts_toclient"
:
19
,
"bytes_toserver"
:
2659
,
"bytes_toclient"
:
9594
,
"start"
:
"2022-06-15T18:03:06.072526-0400"
,
"end"
:
"2022-06-15T18:04:39.405169-0400"
,
"age"
:
93
,
"state"
:
"established"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"1a"
,
"tcp_flags_ts"
:
"1a"
,
"tcp_flags_tc"
:
"1a"
,
"syn"
:
true
,
"psh"
:
true
,
"ack"
:
true
,
"state"
:
"established"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
562992205177348
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47920
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
375
,
"pkts_toclient"
:
857
,
"bytes_toserver"
:
28074
,
"bytes_toclient"
:
1112359
,
"start"
:
"2022-06-15T18:00:06.631300-0400"
,
"end"
:
"2022-06-15T18:04:43.501208-0400"
,
"age"
:
277
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1691694576531706
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44962
,
"dest_ip"
:
"104.16.249.249"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
12
,
"pkts_toclient"
:
12
,
"bytes_toserver"
:
882
,
"bytes_toclient"
:
918
,
"start"
:
"2022-06-15T17:59:41.948474-0400"
,
"end"
:
"2022-06-15T18:04:36.996684-0400"
,
"age"
:
295
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2115060239636948
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47308
,
"dest_ip"
:
"34.120.237.76"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989652-0400"
,
"end"
:
"2022-06-15T17:59:32.035675-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
852844515598448
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47910
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.630896-0400"
,
"end"
:
"2022-06-15T18:00:06.747222-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1568480556389610
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
46228
,
"dest_ip"
:
"140.82.112.4"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
545
,
"pkts_toclient"
:
771
,
"bytes_toserver"
:
52113
,
"bytes_toclient"
:
848588
,
"start"
:
"2022-06-15T18:00:06.496874-0400"
,
"end"
:
"2022-06-15T18:04:20.972951-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
312383010939202
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47914
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631106-0400"
,
"end"
:
"2022-06-15T18:00:06.747382-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1157812961089888
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
43586
,
"dest_ip"
:
"34.117.237.239"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989536-0400"
,
"end"
:
"2022-06-15T17:59:32.036275-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2146407060775302
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47916
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631174-0400"
,
"end"
:
"2022-06-15T18:00:06.793338-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
886551418937596
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47912
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631036-0400"
,
"end"
:
"2022-06-15T18:00:06.747316-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2157142329202971
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59630
,
"dest_ip"
:
"54.197.152.243"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
293
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989467-0400"
,
"end"
:
"2022-06-15T17:59:32.036182-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
758990896663165
,
"event_type"
:
"flow"
,
"src_ip"
:
"34.208.34.131"
,
"src_port"
:
443
,
"dest_ip"
:
"192.168.78.128"
,
"dest_port"
:
47912
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
1
,
"bytes_toserver"
:
145
,
"bytes_toclient"
:
89
,
"start"
:
"2022-06-15T18:01:44.625277-0400"
,
"end"
:
"2022-06-15T18:01:44.625867-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1899558108665531
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59284
,
"dest_ip"
:
"142.250.65.234"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399035-0400"
,
"end"
:
"2022-06-15T18:04:10.733378-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2065429745928561
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
48618
,
"dest_ip"
:
"172.217.4.67"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
324
,
"bytes_toclient"
:
487
,
"start"
:
"2022-06-15T17:59:44.493937-0400"
,
"end"
:
"2022-06-15T18:02:12.935577-0400"
,
"age"
:
148
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2068893638514135
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
52980
,
"dest_ip"
:
"185.199.109.133"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
266
,
"pkts_toclient"
:
518
,
"bytes_toserver"
:
20524
,
"bytes_toclient"
:
628102
,
"start"
:
"2022-06-15T18:00:06.644567-0400"
,
"end"
:
"2022-06-15T18:04:20.973001-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
240334934980254
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"app_proto"
:
"tls"
,
"flow"
:{
"pkts_toserver"
:
71
,
"pkts_toclient"
:
82
,
"bytes_toserver"
:
23594
,
"bytes_toclient"
:
12060
,
"start"
:
"2022-06-15T18:00:13.079518-0400"
,
"end"
:
"2022-06-15T18:03:21.483997-0400"
,
"age"
:
188
,
"state"
:
"closed"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"1b"
,
"tcp_flags_ts"
:
"1b"
,
"tcp_flags_tc"
:
"1b"
,
"syn"
:
true
,
"fin"
:
true
,
"psh"
:
true
,
"ack"
:
true
,
"state"
:
"closed"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1651850164836020
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
39344
,
"dest_ip"
:
"142.251.32.110"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399028-0400"
,
"end"
:
"2022-06-15T18:04:10.733394-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1951604524097984
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47918
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631232-0400"
,
"end"
:
"2022-06-15T18:00:06.745895-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1109372172441776
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44338
,
"dest_ip"
:
"34.120.5.221"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989360-0400"
,
"end"
:
"2022-06-15T17:59:32.036138-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1954611001195441
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47924
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
880
,
"pkts_toclient"
:
3173
,
"bytes_toserver"
:
56902
,
"bytes_toclient"
:
4376329
,
"start"
:
"2022-06-15T18:00:06.818097-0400"
,
"end"
:
"2022-06-15T18:04:51.693158-0400"
,
"age"
:
285
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-07-21T14:41:36.760608-0400"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
0
,
"decoder"
:{
"pkts"
:
7758
,
"bytes"
:
7206274
,
"invalid"
:
0
,
"ipv4"
:
7758
,
"ipv6"
:
0
,
"ethernet"
:
7758
,
"chdlc"
:
0
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
7758
,
"udp"
:
0
,
"sctp"
:
0
,
"esp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"geneve"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"vxlan"
:
0
,
"vntag"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
0
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
928
,
"max_pkt_size"
:
1514
,
"max_mac_addrs_src"
:
0
,
"max_mac_addrs_dst"
:
0
,
"erspan"
:
0
,
"nsh"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_invalid_length"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"vntag"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"esp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"vxlan"
:{
"unknown_payload_type"
:
0
},
"geneve"
:{
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
},
"dce"
:{
"pkt_too_small"
:
0
},
"chdlc"
:{
"pkt_too_small"
:
0
},
"nsh"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"bad_header_length"
:
0
,
"reserved_type"
:
0
,
"unsupported_type"
:
0
,
"unknown_payload"
:
0
}},
"too_many_layers"
:
0
},
"flow"
:{
"memcap"
:
0
,
"total"
:
20
,
"active"
:
0
,
"tcp"
:
20
,
"udp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"tcp_reuse"
:
0
,
"get_used"
:
0
,
"get_used_eval"
:
0
,
"get_used_eval_reject"
:
0
,
"get_used_eval_busy"
:
0
,
"get_used_failed"
:
0
,
"wrk"
:{
"spare_sync_avg"
:
100
,
"spare_sync"
:
2
,
"spare_sync_incomplete"
:
0
,
"spare_sync_empty"
:
0
,
"flows_evicted_needs_work"
:
1
,
"flows_evicted_pkt_inject"
:
2
,
"flows_evicted"
:
0
,
"flows_injected"
:
1
},
"end"
:{
"state"
:{
"new"
:
18
,
"established"
:
1
,
"closed"
:
1
,
"local_bypassed"
:
0
},
"tcp_state"
:{
"none"
:
0
,
"syn_sent"
:
0
,
"syn_recv"
:
0
,
"established"
:
1
,
"fin_wait1"
:
0
,
"fin_wait2"
:
0
,
"time_wait"
:
0
,
"last_ack"
:
0
,
"close_wait"
:
0
,
"closing"
:
0
,
"closed"
:
1
},
"tcp_liberal"
:
0
},
"mgr"
:{
"full_hash_pass"
:
0
,
"rows_per_sec"
:
287
,
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"rows_maxlen"
:
1
,
"flows_checked"
:
1
,
"flows_notimeout"
:
1
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_evicted"
:
0
,
"flows_evicted_needs_work"
:
0
},
"spare"
:
9800
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"recycler"
:{
"recycled"
:
19
,
"queue_avg"
:
0
,
"queue_max"
:
19
},
"memuse"
:
7394304
},
"tcp"
:{
"active_sessions"
:
0
,
"sessions"
:
2
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
343
,
"no_flow"
:
0
,
"syn"
:
2
,
"synack"
:
11
,
"rst"
:
5
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"memuse"
:
1212416
,
"reassembly_memuse"
:
229376
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"flow_bypassed"
:{
"local_pkts"
:
0
,
"local_bytes"
:
0
,
"local_capture_pkts"
:
0
,
"local_capture_bytes"
:
0
,
"closed"
:
0
,
"pkts"
:
0
,
"bytes"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
2
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
,
"failed_udp"
:
0
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
},
"error"
:{
"http"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smtp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tls"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ssh"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"imap"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dcerpc_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ntp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp-data"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ike"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"quic"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dhcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"snmp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"sip"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rfb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"mqtt"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"telnet"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rdp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"http2"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"failed_tcp"
:{
"gap"
:
0
},
"dcerpc_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
}},
"expectations"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"file_store"
:{
"open_files"
:
0
}}}
{
"timestamp"
:
"2022-06-15T18:00:13.126374-0400"
,
"flow_id"
:
201018804352670
,
"pcap_cnt"
:
2731
,
"event_type"
:
"tls"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tls"
:{
"subject"
:
"CN=*.ghostery.net"
,
"issuerdn"
:
"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon"
,
"serial"
:
"03:9F:1E:C7:EC:8A:57:A7:3A:EA:95:2C:1E:DE:BD:29"
,
"fingerprint"
:
"42:71:54:46:11:24:d1:dc:c1:80:cc:fc:2c:06:f9:3c:64:62:ef:ef"
,
"sni"
:
"collector-hpn.ghostery.net"
,
"version"
:
"TLS 1.2"
,
"notbefore"
:
"2022-05-27T00:00:00"
,
"notafter"
:
"2023-06-25T23:59:59"
}}
{
"timestamp"
:
"2022-06-15T18:03:06.132112-0400"
,
"flow_id"
:
1682526982249294
,
"pcap_cnt"
:
7325
,
"event_type"
:
"tls"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tls"
:{
"sni"
:
"az764295.vo.msecnd.net"
,
"version"
:
"TLS 1.3"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1682526982249294
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"app_proto"
:
"tls"
,
"flow"
:{
"pkts_toserver"
:
16
,
"pkts_toclient"
:
19
,
"bytes_toserver"
:
2659
,
"bytes_toclient"
:
9594
,
"start"
:
"2022-06-15T18:03:06.072526-0400"
,
"end"
:
"2022-06-15T18:04:39.405169-0400"
,
"age"
:
93
,
"state"
:
"established"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"1a"
,
"tcp_flags_ts"
:
"1a"
,
"tcp_flags_tc"
:
"1a"
,
"syn"
:
true
,
"psh"
:
true
,
"ack"
:
true
,
"state"
:
"established"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1131854179342004
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
39344
,
"dest_ip"
:
"142.251.32.110"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399028-0400"
,
"end"
:
"2022-06-15T18:04:10.733394-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1276332584212155
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59284
,
"dest_ip"
:
"142.250.65.234"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399035-0400"
,
"end"
:
"2022-06-15T18:04:10.733378-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1143908006797702
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47916
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631174-0400"
,
"end"
:
"2022-06-15T18:00:06.793338-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
722455757359741
,
"event_type"
:
"flow"
,
"src_ip"
:
"34.208.34.131"
,
"src_port"
:
443
,
"dest_ip"
:
"192.168.78.128"
,
"dest_port"
:
47912
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
1
,
"bytes_toserver"
:
145
,
"bytes_toclient"
:
89
,
"start"
:
"2022-06-15T18:01:44.625277-0400"
,
"end"
:
"2022-06-15T18:01:44.625867-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
28165697609840
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47910
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.630896-0400"
,
"end"
:
"2022-06-15T18:00:06.747222-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
874443904481530
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44962
,
"dest_ip"
:
"104.16.249.249"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
12
,
"pkts_toclient"
:
12
,
"bytes_toserver"
:
882
,
"bytes_toclient"
:
918
,
"start"
:
"2022-06-15T17:59:41.948474-0400"
,
"end"
:
"2022-06-15T18:04:36.996684-0400"
,
"age"
:
295
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
317189077014704
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44338
,
"dest_ip"
:
"34.120.5.221"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989360-0400"
,
"end"
:
"2022-06-15T17:59:32.036138-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1450731880489408
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47918
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631232-0400"
,
"end"
:
"2022-06-15T18:00:06.745895-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1748452568668443
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59630
,
"dest_ip"
:
"54.197.152.243"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
293
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989467-0400"
,
"end"
:
"2022-06-15T17:59:32.036182-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
201018804352670
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"app_proto"
:
"tls"
,
"flow"
:{
"pkts_toserver"
:
71
,
"pkts_toclient"
:
82
,
"bytes_toserver"
:
23594
,
"bytes_toclient"
:
12060
,
"start"
:
"2022-06-15T18:00:13.079518-0400"
,
"end"
:
"2022-06-15T18:03:21.483997-0400"
,
"age"
:
188
,
"state"
:
"closed"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"1b"
,
"tcp_flags_ts"
:
"1b"
,
"tcp_flags_tc"
:
"1b"
,
"syn"
:
true
,
"fin"
:
true
,
"psh"
:
true
,
"ack"
:
true
,
"state"
:
"closed"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
351276087301591
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
52980
,
"dest_ip"
:
"185.199.109.133"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
266
,
"pkts_toclient"
:
518
,
"bytes_toserver"
:
20524
,
"bytes_toclient"
:
628102
,
"start"
:
"2022-06-15T18:00:06.644567-0400"
,
"end"
:
"2022-06-15T18:04:20.973001-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1485942022381890
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47914
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631106-0400"
,
"end"
:
"2022-06-15T18:00:06.747382-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1770468573356284
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47912
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631036-0400"
,
"end"
:
"2022-06-15T18:00:06.747316-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1074284439446020
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47920
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
375
,
"pkts_toclient"
:
857
,
"bytes_toserver"
:
28074
,
"bytes_toclient"
:
1112359
,
"start"
:
"2022-06-15T18:00:06.631300-0400"
,
"end"
:
"2022-06-15T18:04:43.501208-0400"
,
"age"
:
277
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1362410170685792
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
43586
,
"dest_ip"
:
"34.117.237.239"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989536-0400"
,
"end"
:
"2022-06-15T17:59:32.036275-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
528029021575636
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47308
,
"dest_ip"
:
"34.120.237.76"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989652-0400"
,
"end"
:
"2022-06-15T17:59:32.035675-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1374710959340465
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47924
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
880
,
"pkts_toclient"
:
3173
,
"bytes_toserver"
:
56902
,
"bytes_toclient"
:
4376329
,
"start"
:
"2022-06-15T18:00:06.818097-0400"
,
"end"
:
"2022-06-15T18:04:51.693158-0400"
,
"age"
:
285
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
123559067289969
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
48618
,
"dest_ip"
:
"172.217.4.67"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
324
,
"bytes_toclient"
:
487
,
"start"
:
"2022-06-15T17:59:44.493937-0400"
,
"end"
:
"2022-06-15T18:02:12.935577-0400"
,
"age"
:
148
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1968651249292522
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
46228
,
"dest_ip"
:
"140.82.112.4"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
545
,
"pkts_toclient"
:
771
,
"bytes_toserver"
:
52113
,
"bytes_toclient"
:
848588
,
"start"
:
"2022-06-15T18:00:06.496874-0400"
,
"end"
:
"2022-06-15T18:04:20.972951-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-07-21T16:42:54.076599-0400"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
1
,
"decoder"
:{
"pkts"
:
7758
,
"bytes"
:
7206274
,
"invalid"
:
0
,
"ipv4"
:
7758
,
"ipv6"
:
0
,
"ethernet"
:
7758
,
"chdlc"
:
0
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
7758
,
"udp"
:
0
,
"sctp"
:
0
,
"esp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"geneve"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"vxlan"
:
0
,
"vntag"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
0
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
928
,
"max_pkt_size"
:
1514
,
"max_mac_addrs_src"
:
0
,
"max_mac_addrs_dst"
:
0
,
"erspan"
:
0
,
"nsh"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_invalid_length"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"vntag"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"esp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"vxlan"
:{
"unknown_payload_type"
:
0
},
"geneve"
:{
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
},
"dce"
:{
"pkt_too_small"
:
0
},
"chdlc"
:{
"pkt_too_small"
:
0
},
"nsh"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"bad_header_length"
:
0
,
"reserved_type"
:
0
,
"unsupported_type"
:
0
,
"unknown_payload"
:
0
}},
"too_many_layers"
:
0
},
"flow"
:{
"memcap"
:
0
,
"total"
:
20
,
"active"
:
0
,
"tcp"
:
20
,
"udp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"tcp_reuse"
:
0
,
"get_used"
:
0
,
"get_used_eval"
:
0
,
"get_used_eval_reject"
:
0
,
"get_used_eval_busy"
:
0
,
"get_used_failed"
:
0
,
"wrk"
:{
"spare_sync_avg"
:
100
,
"spare_sync"
:
2
,
"spare_sync_incomplete"
:
0
,
"spare_sync_empty"
:
0
,
"flows_evicted_needs_work"
:
1
,
"flows_evicted_pkt_inject"
:
2
,
"flows_evicted"
:
0
,
"flows_injected"
:
1
},
"end"
:{
"state"
:{
"new"
:
18
,
"established"
:
1
,
"closed"
:
1
,
"local_bypassed"
:
0
},
"tcp_state"
:{
"none"
:
0
,
"syn_sent"
:
0
,
"syn_recv"
:
0
,
"established"
:
1
,
"fin_wait1"
:
0
,
"fin_wait2"
:
0
,
"time_wait"
:
0
,
"last_ack"
:
0
,
"close_wait"
:
0
,
"closing"
:
0
,
"closed"
:
1
},
"tcp_liberal"
:
0
},
"mgr"
:{
"full_hash_pass"
:
0
,
"rows_per_sec"
:
287
,
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"rows_maxlen"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_evicted"
:
0
,
"flows_evicted_needs_work"
:
0
},
"spare"
:
9800
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"recycler"
:{
"recycled"
:
19
,
"queue_avg"
:
0
,
"queue_max"
:
19
},
"memuse"
:
7394304
},
"tcp"
:{
"active_sessions"
:
0
,
"sessions"
:
2
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
343
,
"no_flow"
:
0
,
"syn"
:
2
,
"synack"
:
11
,
"rst"
:
5
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"memuse"
:
1212416
,
"reassembly_memuse"
:
229376
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"flow_bypassed"
:{
"local_pkts"
:
0
,
"local_bytes"
:
0
,
"local_capture_pkts"
:
0
,
"local_capture_bytes"
:
0
,
"closed"
:
0
,
"pkts"
:
0
,
"bytes"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
2
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
,
"failed_udp"
:
0
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
},
"error"
:{
"http"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smtp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tls"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ssh"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"imap"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dcerpc_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ntp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp-data"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ike"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"quic"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dhcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"snmp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"sip"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rfb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"mqtt"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"telnet"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rdp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"http2"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"failed_tcp"
:{
"gap"
:
0
},
"dcerpc_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
}},
"expectations"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"file_store"
:{
"open_files"
:
0
}}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1553048738911703
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
52980
,
"dest_ip"
:
"185.199.109.133"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
266
,
"pkts_toclient"
:
518
,
"bytes_toserver"
:
20524
,
"bytes_toclient"
:
628102
,
"start"
:
"2022-06-15T18:00:06.644567-0400"
,
"end"
:
"2022-06-15T18:04:20.973001-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
993569125468797
,
"event_type"
:
"flow"
,
"src_ip"
:
"34.208.34.131"
,
"src_port"
:
443
,
"dest_ip"
:
"192.168.78.128"
,
"dest_port"
:
47912
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
1
,
"bytes_toserver"
:
145
,
"bytes_toclient"
:
89
,
"start"
:
"2022-06-15T18:01:44.625277-0400"
,
"end"
:
"2022-06-15T18:01:44.625867-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1418422986676576
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
43586
,
"dest_ip"
:
"34.117.237.239"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989536-0400"
,
"end"
:
"2022-06-15T17:59:32.036275-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1566176304699060
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
39344
,
"dest_ip"
:
"142.251.32.110"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399028-0400"
,
"end"
:
"2022-06-15T18:04:10.733394-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1570494896486046
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
71
,
"pkts_toclient"
:
82
,
"bytes_toserver"
:
23594
,
"bytes_toclient"
:
12060
,
"start"
:
"2022-06-15T18:00:13.079518-0400"
,
"end"
:
"2022-06-15T18:03:21.483997-0400"
,
"age"
:
188
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
170075712037380
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47920
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
375
,
"pkts_toclient"
:
857
,
"bytes_toserver"
:
28074
,
"bytes_toclient"
:
1112359
,
"start"
:
"2022-06-15T18:00:06.631300-0400"
,
"end"
:
"2022-06-15T18:04:43.501208-0400"
,
"age"
:
277
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1015439090194900
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47308
,
"dest_ip"
:
"34.120.237.76"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989652-0400"
,
"end"
:
"2022-06-15T17:59:32.035675-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2160711449354352
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47910
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.630896-0400"
,
"end"
:
"2022-06-15T18:00:06.747222-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1742282848827642
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44962
,
"dest_ip"
:
"104.16.249.249"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
12
,
"pkts_toclient"
:
12
,
"bytes_toserver"
:
882
,
"bytes_toclient"
:
918
,
"start"
:
"2022-06-15T17:59:41.948474-0400"
,
"end"
:
"2022-06-15T18:04:36.996684-0400"
,
"age"
:
295
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
197015894398186
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
46228
,
"dest_ip"
:
"140.82.112.4"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
545
,
"pkts_toclient"
:
771
,
"bytes_toserver"
:
52113
,
"bytes_toclient"
:
848588
,
"start"
:
"2022-06-15T18:00:06.496874-0400"
,
"end"
:
"2022-06-15T18:04:20.972951-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1190089642647942
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47916
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631174-0400"
,
"end"
:
"2022-06-15T18:00:06.793338-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
908938947730254
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
16
,
"pkts_toclient"
:
19
,
"bytes_toserver"
:
2659
,
"bytes_toclient"
:
9594
,
"start"
:
"2022-06-15T18:03:06.072526-0400"
,
"end"
:
"2022-06-15T18:04:39.405169-0400"
,
"age"
:
93
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
784481521148352
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47918
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631232-0400"
,
"end"
:
"2022-06-15T18:00:06.745895-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2194860732877169
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
48618
,
"dest_ip"
:
"172.217.4.67"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
324
,
"bytes_toclient"
:
487
,
"start"
:
"2022-06-15T17:59:44.493937-0400"
,
"end"
:
"2022-06-15T18:02:12.935577-0400"
,
"age"
:
148
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1635570090711216
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44338
,
"dest_ip"
:
"34.120.5.221"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989360-0400"
,
"end"
:
"2022-06-15T17:59:32.036138-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1361151747596610
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47914
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631106-0400"
,
"end"
:
"2022-06-15T18:00:06.747382-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1510885043214011
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59284
,
"dest_ip"
:
"142.250.65.234"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399035-0400"
,
"end"
:
"2022-06-15T18:04:10.733378-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1525172251334939
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59630
,
"dest_ip"
:
"54.197.152.243"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
293
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989467-0400"
,
"end"
:
"2022-06-15T17:59:32.036182-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1122557724369148
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47912
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631036-0400"
,
"end"
:
"2022-06-15T18:00:06.747316-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1967478723214257
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47924
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
880
,
"pkts_toclient"
:
3173
,
"bytes_toserver"
:
56902
,
"bytes_toclient"
:
4376329
,
"start"
:
"2022-06-15T18:00:06.818097-0400"
,
"end"
:
"2022-06-15T18:04:51.693158-0400"
,
"age"
:
285
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-07-21T16:42:55.162747-0400"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
0
,
"decoder"
:{
"pkts"
:
7758
,
"bytes"
:
7206274
,
"invalid"
:
0
,
"ipv4"
:
7758
,
"ipv6"
:
0
,
"ethernet"
:
7758
,
"chdlc"
:
0
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
7758
,
"udp"
:
0
,
"sctp"
:
0
,
"esp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"geneve"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"vxlan"
:
0
,
"vntag"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
0
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
928
,
"max_pkt_size"
:
1514
,
"max_mac_addrs_src"
:
0
,
"max_mac_addrs_dst"
:
0
,
"erspan"
:
0
,
"nsh"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_invalid_length"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"vntag"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"esp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"vxlan"
:{
"unknown_payload_type"
:
0
},
"geneve"
:{
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
},
"dce"
:{
"pkt_too_small"
:
0
},
"chdlc"
:{
"pkt_too_small"
:
0
},
"nsh"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"bad_header_length"
:
0
,
"reserved_type"
:
0
,
"unsupported_type"
:
0
,
"unknown_payload"
:
0
}},
"too_many_layers"
:
0
},
"flow"
:{
"memcap"
:
0
,
"total"
:
20
,
"active"
:
0
,
"tcp"
:
20
,
"udp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"tcp_reuse"
:
0
,
"get_used"
:
0
,
"get_used_eval"
:
0
,
"get_used_eval_reject"
:
0
,
"get_used_eval_busy"
:
0
,
"get_used_failed"
:
0
,
"wrk"
:{
"spare_sync_avg"
:
100
,
"spare_sync"
:
2
,
"spare_sync_incomplete"
:
0
,
"spare_sync_empty"
:
0
,
"flows_evicted_needs_work"
:
0
,
"flows_evicted_pkt_inject"
:
0
,
"flows_evicted"
:
0
,
"flows_injected"
:
0
},
"end"
:{
"state"
:{
"new"
:
20
,
"established"
:
0
,
"closed"
:
0
,
"local_bypassed"
:
0
},
"tcp_state"
:{
"none"
:
0
,
"syn_sent"
:
0
,
"syn_recv"
:
0
,
"established"
:
0
,
"fin_wait1"
:
0
,
"fin_wait2"
:
0
,
"time_wait"
:
0
,
"last_ack"
:
0
,
"close_wait"
:
0
,
"closing"
:
0
,
"closed"
:
0
},
"tcp_liberal"
:
0
},
"mgr"
:{
"full_hash_pass"
:
0
,
"rows_per_sec"
:
287
,
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"rows_maxlen"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_evicted"
:
0
,
"flows_evicted_needs_work"
:
0
},
"spare"
:
9800
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"recycler"
:{
"recycled"
:
20
,
"queue_avg"
:
0
,
"queue_max"
:
20
},
"memuse"
:
7394304
},
"tcp"
:{
"active_sessions"
:
0
,
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
2232
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
11
,
"rst"
:
5
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"memuse"
:
1212416
,
"reassembly_memuse"
:
229376
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"flow_bypassed"
:{
"local_pkts"
:
0
,
"local_bytes"
:
0
,
"local_capture_pkts"
:
0
,
"local_capture_bytes"
:
0
,
"closed"
:
0
,
"pkts"
:
0
,
"bytes"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
,
"failed_udp"
:
0
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
},
"error"
:{
"http"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smtp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tls"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ssh"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"imap"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dcerpc_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ntp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp-data"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ike"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"quic"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dhcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"snmp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"sip"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rfb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"mqtt"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"telnet"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rdp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"http2"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"failed_tcp"
:{
"gap"
:
0
},
"dcerpc_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
}},
"expectations"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"file_store"
:{
"open_files"
:
0
}}}
{
"timestamp"
:
"2022-06-15T18:00:13.126374-0400"
,
"flow_id"
:
899354716878494
,
"pcap_cnt"
:
2731
,
"event_type"
:
"tls"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tls"
:{
"subject"
:
"CN=*.ghostery.net"
,
"issuerdn"
:
"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon"
,
"serial"
:
"03:9F:1E:C7:EC:8A:57:A7:3A:EA:95:2C:1E:DE:BD:29"
,
"fingerprint"
:
"42:71:54:46:11:24:d1:dc:c1:80:cc:fc:2c:06:f9:3c:64:62:ef:ef"
,
"sni"
:
"collector-hpn.ghostery.net"
,
"version"
:
"TLS 1.2"
,
"notbefore"
:
"2022-05-27T00:00:00"
,
"notafter"
:
"2023-06-25T23:59:59"
}}
{
"timestamp"
:
"2022-06-15T18:03:06.132112-0400"
,
"flow_id"
:
345830080518990
,
"pcap_cnt"
:
7325
,
"event_type"
:
"tls"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tls"
:{
"sni"
:
"az764295.vo.msecnd.net"
,
"version"
:
"TLS 1.3"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
345830080518990
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"app_proto"
:
"tls"
,
"flow"
:{
"pkts_toserver"
:
16
,
"pkts_toclient"
:
19
,
"bytes_toserver"
:
2659
,
"bytes_toclient"
:
9594
,
"start"
:
"2022-06-15T18:03:06.072526-0400"
,
"end"
:
"2022-06-15T18:04:39.405169-0400"
,
"age"
:
93
,
"state"
:
"established"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"1a"
,
"tcp_flags_ts"
:
"1a"
,
"tcp_flags_tc"
:
"1a"
,
"syn"
:
true
,
"psh"
:
true
,
"ack"
:
true
,
"state"
:
"established"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1978849649140034
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47914
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631106-0400"
,
"end"
:
"2022-06-15T18:00:06.747382-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
713827161645446
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47916
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631174-0400"
,
"end"
:
"2022-06-15T18:00:06.793338-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
10912813982212
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47920
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
375
,
"pkts_toclient"
:
857
,
"bytes_toserver"
:
28074
,
"bytes_toclient"
:
1112359
,
"start"
:
"2022-06-15T18:00:06.631300-0400"
,
"end"
:
"2022-06-15T18:04:43.501208-0400"
,
"age"
:
277
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
157916657293595
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59630
,
"dest_ip"
:
"54.197.152.243"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
293
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989467-0400"
,
"end"
:
"2022-06-15T17:59:32.036182-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
611480236136800
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
43586
,
"dest_ip"
:
"34.117.237.239"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989536-0400"
,
"end"
:
"2022-06-15T17:59:32.036275-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
191071657334960
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44338
,
"dest_ip"
:
"34.120.5.221"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989360-0400"
,
"end"
:
"2022-06-15T17:59:32.036138-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
899354716878494
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"app_proto"
:
"tls"
,
"flow"
:{
"pkts_toserver"
:
71
,
"pkts_toclient"
:
82
,
"bytes_toserver"
:
23594
,
"bytes_toclient"
:
12060
,
"start"
:
"2022-06-15T18:00:13.079518-0400"
,
"end"
:
"2022-06-15T18:03:21.483997-0400"
,
"age"
:
188
,
"state"
:
"closed"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"1b"
,
"tcp_flags_ts"
:
"1b"
,
"tcp_flags_tc"
:
"1b"
,
"syn"
:
true
,
"fin"
:
true
,
"psh"
:
true
,
"ack"
:
true
,
"state"
:
"closed"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1463584570112945
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47924
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
880
,
"pkts_toclient"
:
3173
,
"bytes_toserver"
:
56902
,
"bytes_toclient"
:
4376329
,
"start"
:
"2022-06-15T18:00:06.818097-0400"
,
"end"
:
"2022-06-15T18:04:51.693158-0400"
,
"age"
:
285
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
917644832937652
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
39344
,
"dest_ip"
:
"142.251.32.110"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399028-0400"
,
"end"
:
"2022-06-15T18:04:10.733394-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2072520738382076
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47912
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631036-0400"
,
"end"
:
"2022-06-15T18:00:06.747316-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1519371898681594
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44962
,
"dest_ip"
:
"104.16.249.249"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
12
,
"pkts_toclient"
:
12
,
"bytes_toserver"
:
882
,
"bytes_toclient"
:
918
,
"start"
:
"2022-06-15T17:59:41.948474-0400"
,
"end"
:
"2022-06-15T18:04:36.996684-0400"
,
"age"
:
295
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
112417921243604
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47308
,
"dest_ip"
:
"34.120.237.76"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989652-0400"
,
"end"
:
"2022-06-15T17:59:32.035675-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1942121236305130
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
46228
,
"dest_ip"
:
"140.82.112.4"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
545
,
"pkts_toclient"
:
771
,
"bytes_toserver"
:
52113
,
"bytes_toclient"
:
848588
,
"start"
:
"2022-06-15T18:00:06.496874-0400"
,
"end"
:
"2022-06-15T18:04:20.972951-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
400172142482903
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
52980
,
"dest_ip"
:
"185.199.109.133"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
266
,
"pkts_toclient"
:
518
,
"bytes_toserver"
:
20524
,
"bytes_toclient"
:
628102
,
"start"
:
"2022-06-15T18:00:06.644567-0400"
,
"end"
:
"2022-06-15T18:04:20.973001-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1809305815130224
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47910
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.630896-0400"
,
"end"
:
"2022-06-15T18:00:06.747222-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1953341844785789
,
"event_type"
:
"flow"
,
"src_ip"
:
"34.208.34.131"
,
"src_port"
:
443
,
"dest_ip"
:
"192.168.78.128"
,
"dest_port"
:
47912
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
1
,
"bytes_toserver"
:
145
,
"bytes_toclient"
:
89
,
"start"
:
"2022-06-15T18:01:44.625277-0400"
,
"end"
:
"2022-06-15T18:01:44.625867-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1958038383659377
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
48618
,
"dest_ip"
:
"172.217.4.67"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
324
,
"bytes_toclient"
:
487
,
"start"
:
"2022-06-15T17:59:44.493937-0400"
,
"end"
:
"2022-06-15T18:02:12.935577-0400"
,
"age"
:
148
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1403077069117115
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59284
,
"dest_ip"
:
"142.250.65.234"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399035-0400"
,
"end"
:
"2022-06-15T18:04:10.733378-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
842235946377664
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47918
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631232-0400"
,
"end"
:
"2022-06-15T18:00:06.745895-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-07-21T16:42:56.156734-0400"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
0
,
"decoder"
:{
"pkts"
:
7758
,
"bytes"
:
7206274
,
"invalid"
:
0
,
"ipv4"
:
7758
,
"ipv6"
:
0
,
"ethernet"
:
7758
,
"chdlc"
:
0
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
7758
,
"udp"
:
0
,
"sctp"
:
0
,
"esp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"geneve"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"vxlan"
:
0
,
"vntag"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
0
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
928
,
"max_pkt_size"
:
1514
,
"max_mac_addrs_src"
:
0
,
"max_mac_addrs_dst"
:
0
,
"erspan"
:
0
,
"nsh"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_invalid_length"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"vntag"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"esp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"vxlan"
:{
"unknown_payload_type"
:
0
},
"geneve"
:{
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
},
"dce"
:{
"pkt_too_small"
:
0
},
"chdlc"
:{
"pkt_too_small"
:
0
},
"nsh"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"bad_header_length"
:
0
,
"reserved_type"
:
0
,
"unsupported_type"
:
0
,
"unknown_payload"
:
0
}},
"too_many_layers"
:
0
},
"flow"
:{
"memcap"
:
0
,
"total"
:
20
,
"active"
:
0
,
"tcp"
:
20
,
"udp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"tcp_reuse"
:
0
,
"get_used"
:
0
,
"get_used_eval"
:
0
,
"get_used_eval_reject"
:
0
,
"get_used_eval_busy"
:
0
,
"get_used_failed"
:
0
,
"wrk"
:{
"spare_sync_avg"
:
100
,
"spare_sync"
:
2
,
"spare_sync_incomplete"
:
0
,
"spare_sync_empty"
:
0
,
"flows_evicted_needs_work"
:
1
,
"flows_evicted_pkt_inject"
:
2
,
"flows_evicted"
:
0
,
"flows_injected"
:
1
},
"end"
:{
"state"
:{
"new"
:
18
,
"established"
:
1
,
"closed"
:
1
,
"local_bypassed"
:
0
},
"tcp_state"
:{
"none"
:
0
,
"syn_sent"
:
0
,
"syn_recv"
:
0
,
"established"
:
1
,
"fin_wait1"
:
0
,
"fin_wait2"
:
0
,
"time_wait"
:
0
,
"last_ack"
:
0
,
"close_wait"
:
0
,
"closing"
:
0
,
"closed"
:
1
},
"tcp_liberal"
:
0
},
"mgr"
:{
"full_hash_pass"
:
0
,
"rows_per_sec"
:
287
,
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"rows_maxlen"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_evicted"
:
0
,
"flows_evicted_needs_work"
:
0
},
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"recycler"
:{
"recycled"
:
19
,
"queue_avg"
:
0
,
"queue_max"
:
19
},
"memuse"
:
7394304
},
"tcp"
:{
"active_sessions"
:
0
,
"sessions"
:
2
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
343
,
"no_flow"
:
0
,
"syn"
:
2
,
"synack"
:
11
,
"rst"
:
5
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"memuse"
:
1212416
,
"reassembly_memuse"
:
229376
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"flow_bypassed"
:{
"local_pkts"
:
0
,
"local_bytes"
:
0
,
"local_capture_pkts"
:
0
,
"local_capture_bytes"
:
0
,
"closed"
:
0
,
"pkts"
:
0
,
"bytes"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
2
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
,
"failed_udp"
:
0
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
},
"error"
:{
"http"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smtp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tls"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ssh"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"imap"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dcerpc_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ntp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp-data"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ike"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"quic"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dhcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"snmp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"sip"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rfb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"mqtt"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"telnet"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rdp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"http2"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"failed_tcp"
:{
"gap"
:
0
},
"dcerpc_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
}},
"expectations"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"file_store"
:{
"open_files"
:
0
}}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1413808053062269
,
"event_type"
:
"flow"
,
"src_ip"
:
"34.208.34.131"
,
"src_port"
:
443
,
"dest_ip"
:
"192.168.78.128"
,
"dest_port"
:
47912
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
1
,
"bytes_toserver"
:
145
,
"bytes_toclient"
:
89
,
"start"
:
"2022-06-15T18:01:44.625277-0400"
,
"end"
:
"2022-06-15T18:01:44.625867-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
295347023159686
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47916
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631174-0400"
,
"end"
:
"2022-06-15T18:00:06.793338-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1020715459843306
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
46228
,
"dest_ip"
:
"140.82.112.4"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
545
,
"pkts_toclient"
:
771
,
"bytes_toserver"
:
52113
,
"bytes_toclient"
:
848588
,
"start"
:
"2022-06-15T18:00:06.496874-0400"
,
"end"
:
"2022-06-15T18:04:20.972951-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1592959721048433
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
48618
,
"dest_ip"
:
"172.217.4.67"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
324
,
"bytes_toclient"
:
487
,
"start"
:
"2022-06-15T17:59:44.493937-0400"
,
"end"
:
"2022-06-15T18:02:12.935577-0400"
,
"age"
:
148
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2157333455247712
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
43586
,
"dest_ip"
:
"34.117.237.239"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989536-0400"
,
"end"
:
"2022-06-15T17:59:32.036275-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1205371136287236
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47920
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
375
,
"pkts_toclient"
:
857
,
"bytes_toserver"
:
28074
,
"bytes_toclient"
:
1112359
,
"start"
:
"2022-06-15T18:00:06.631300-0400"
,
"end"
:
"2022-06-15T18:04:43.501208-0400"
,
"age"
:
277
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
784019812177367
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
52980
,
"dest_ip"
:
"185.199.109.133"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
266
,
"pkts_toclient"
:
518
,
"bytes_toserver"
:
20524
,
"bytes_toclient"
:
628102
,
"start"
:
"2022-06-15T18:00:06.644567-0400"
,
"end"
:
"2022-06-15T18:04:20.973001-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1633607293417118
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
71
,
"pkts_toclient"
:
82
,
"bytes_toserver"
:
23594
,
"bytes_toclient"
:
12060
,
"start"
:
"2022-06-15T18:00:13.079518-0400"
,
"end"
:
"2022-06-15T18:03:21.483997-0400"
,
"age"
:
188
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2196877219142100
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47308
,
"dest_ip"
:
"34.120.237.76"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989652-0400"
,
"end"
:
"2022-06-15T17:59:32.035675-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
651494301278320
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47910
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.630896-0400"
,
"end"
:
"2022-06-15T18:00:06.747222-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2060445436090036
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
39344
,
"dest_ip"
:
"142.251.32.110"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399028-0400"
,
"end"
:
"2022-06-15T18:04:10.733394-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
940895637805232
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44338
,
"dest_ip"
:
"34.120.5.221"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989360-0400"
,
"end"
:
"2022-06-15T17:59:32.036138-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2209364838883776
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47918
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631232-0400"
,
"end"
:
"2022-06-15T18:00:06.745895-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
240021413698382
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
16
,
"pkts_toclient"
:
19
,
"bytes_toserver"
:
2659
,
"bytes_toclient"
:
9594
,
"start"
:
"2022-06-15T18:03:06.072526-0400"
,
"end"
:
"2022-06-15T18:04:39.405169-0400"
,
"age"
:
93
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1930853389607164
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47912
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631036-0400"
,
"end"
:
"2022-06-15T18:00:06.747316-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
529291742640378
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44962
,
"dest_ip"
:
"104.16.249.249"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
12
,
"pkts_toclient"
:
12
,
"bytes_toserver"
:
882
,
"bytes_toclient"
:
918
,
"start"
:
"2022-06-15T17:59:41.948474-0400"
,
"end"
:
"2022-06-15T18:04:36.996684-0400"
,
"age"
:
295
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1526675492207537
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47924
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
880
,
"pkts_toclient"
:
3173
,
"bytes_toserver"
:
56902
,
"bytes_toclient"
:
4376329
,
"start"
:
"2022-06-15T18:00:06.818097-0400"
,
"end"
:
"2022-06-15T18:04:51.693158-0400"
,
"age"
:
285
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
126756671889730
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47914
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631106-0400"
,
"end"
:
"2022-06-15T18:00:06.747382-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1395273113540283
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59284
,
"dest_ip"
:
"142.250.65.234"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399035-0400"
,
"end"
:
"2022-06-15T18:04:10.733378-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1122912056842523
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59630
,
"dest_ip"
:
"54.197.152.243"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
293
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989467-0400"
,
"end"
:
"2022-06-15T17:59:32.036182-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-07-21T16:42:57.294722-0400"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
0
,
"decoder"
:{
"pkts"
:
7758
,
"bytes"
:
7206274
,
"invalid"
:
0
,
"ipv4"
:
7758
,
"ipv6"
:
0
,
"ethernet"
:
7758
,
"chdlc"
:
0
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
7758
,
"udp"
:
0
,
"sctp"
:
0
,
"esp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"geneve"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"vxlan"
:
0
,
"vntag"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
0
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
928
,
"max_pkt_size"
:
1514
,
"max_mac_addrs_src"
:
0
,
"max_mac_addrs_dst"
:
0
,
"erspan"
:
0
,
"nsh"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_invalid_length"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"vntag"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"esp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"vxlan"
:{
"unknown_payload_type"
:
0
},
"geneve"
:{
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
},
"dce"
:{
"pkt_too_small"
:
0
},
"chdlc"
:{
"pkt_too_small"
:
0
},
"nsh"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"bad_header_length"
:
0
,
"reserved_type"
:
0
,
"unsupported_type"
:
0
,
"unknown_payload"
:
0
}},
"too_many_layers"
:
0
},
"flow"
:{
"memcap"
:
0
,
"total"
:
20
,
"active"
:
0
,
"tcp"
:
20
,
"udp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"tcp_reuse"
:
0
,
"get_used"
:
0
,
"get_used_eval"
:
0
,
"get_used_eval_reject"
:
0
,
"get_used_eval_busy"
:
0
,
"get_used_failed"
:
0
,
"wrk"
:{
"spare_sync_avg"
:
100
,
"spare_sync"
:
2
,
"spare_sync_incomplete"
:
0
,
"spare_sync_empty"
:
0
,
"flows_evicted_needs_work"
:
0
,
"flows_evicted_pkt_inject"
:
0
,
"flows_evicted"
:
0
,
"flows_injected"
:
0
},
"end"
:{
"state"
:{
"new"
:
20
,
"established"
:
0
,
"closed"
:
0
,
"local_bypassed"
:
0
},
"tcp_state"
:{
"none"
:
0
,
"syn_sent"
:
0
,
"syn_recv"
:
0
,
"established"
:
0
,
"fin_wait1"
:
0
,
"fin_wait2"
:
0
,
"time_wait"
:
0
,
"last_ack"
:
0
,
"close_wait"
:
0
,
"closing"
:
0
,
"closed"
:
0
},
"tcp_liberal"
:
0
},
"mgr"
:{
"full_hash_pass"
:
0
,
"rows_per_sec"
:
0
,
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"rows_maxlen"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_evicted"
:
0
,
"flows_evicted_needs_work"
:
0
},
"spare"
:
0
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"recycler"
:{
"recycled"
:
20
,
"queue_avg"
:
0
,
"queue_max"
:
20
},
"memuse"
:
7394304
},
"tcp"
:{
"active_sessions"
:
0
,
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
2232
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
11
,
"rst"
:
5
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"memuse"
:
1212416
,
"reassembly_memuse"
:
229376
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"flow_bypassed"
:{
"local_pkts"
:
0
,
"local_bytes"
:
0
,
"local_capture_pkts"
:
0
,
"local_capture_bytes"
:
0
,
"closed"
:
0
,
"pkts"
:
0
,
"bytes"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
,
"failed_udp"
:
0
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
},
"error"
:{
"http"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smtp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tls"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ssh"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"imap"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dcerpc_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ntp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp-data"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ike"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"quic"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dhcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"snmp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"sip"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rfb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"mqtt"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"telnet"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rdp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"http2"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"failed_tcp"
:{
"gap"
:
0
},
"dcerpc_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
}},
"expectations"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"file_store"
:{
"open_files"
:
0
}}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
441455365789872
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44338
,
"dest_ip"
:
"34.120.5.221"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989360-0400"
,
"end"
:
"2022-06-15T17:59:32.036138-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1708925987403422
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
71
,
"pkts_toclient"
:
82
,
"bytes_toserver"
:
23594
,
"bytes_toclient"
:
12060
,
"start"
:
"2022-06-15T18:00:13.079518-0400"
,
"end"
:
"2022-06-15T18:03:21.483997-0400"
,
"age"
:
188
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2131739747459588
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47920
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
375
,
"pkts_toclient"
:
857
,
"bytes_toserver"
:
28074
,
"bytes_toclient"
:
1112359
,
"start"
:
"2022-06-15T18:00:06.631300-0400"
,
"end"
:
"2022-06-15T18:04:43.501208-0400"
,
"age"
:
277
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1289483773483291
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59630
,
"dest_ip"
:
"54.197.152.243"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
293
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989467-0400"
,
"end"
:
"2022-06-15T17:59:32.036182-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
28550103599741
,
"event_type"
:
"flow"
,
"src_ip"
:
"34.208.34.131"
,
"src_port"
:
443
,
"dest_ip"
:
"192.168.78.128"
,
"dest_port"
:
47912
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
1
,
"bytes_toserver"
:
145
,
"bytes_toclient"
:
89
,
"start"
:
"2022-06-15T18:01:44.625277-0400"
,
"end"
:
"2022-06-15T18:01:44.625867-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
874302172199857
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47924
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
880
,
"pkts_toclient"
:
3173
,
"bytes_toserver"
:
56902
,
"bytes_toclient"
:
4376329
,
"start"
:
"2022-06-15T18:00:06.818097-0400"
,
"end"
:
"2022-06-15T18:04:51.693158-0400"
,
"age"
:
285
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1017264451295584
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
43586
,
"dest_ip"
:
"34.117.237.239"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989536-0400"
,
"end"
:
"2022-06-15T17:59:32.036275-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1298844654705108
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47308
,
"dest_ip"
:
"34.120.237.76"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989652-0400"
,
"end"
:
"2022-06-15T17:59:32.035675-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2152690597929212
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47912
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631036-0400"
,
"end"
:
"2022-06-15T18:00:06.747316-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1325009597800770
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47914
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631106-0400"
,
"end"
:
"2022-06-15T18:00:06.747382-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
626304318087616
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47918
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631232-0400"
,
"end"
:
"2022-06-15T18:00:06.745895-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1065941463824634
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44962
,
"dest_ip"
:
"104.16.249.249"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
12
,
"pkts_toclient"
:
12
,
"bytes_toserver"
:
882
,
"bytes_toclient"
:
918
,
"start"
:
"2022-06-15T17:59:41.948474-0400"
,
"end"
:
"2022-06-15T18:04:36.996684-0400"
,
"age"
:
295
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
647787742762683
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59284
,
"dest_ip"
:
"142.250.65.234"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399035-0400"
,
"end"
:
"2022-06-15T18:04:10.733378-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1492339376182743
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
52980
,
"dest_ip"
:
"185.199.109.133"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
266
,
"pkts_toclient"
:
518
,
"bytes_toserver"
:
20524
,
"bytes_toclient"
:
628102
,
"start"
:
"2022-06-15T18:00:06.644567-0400"
,
"end"
:
"2022-06-15T18:04:20.973001-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
929400160166278
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47916
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631174-0400"
,
"end"
:
"2022-06-15T18:00:06.793338-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
92025418850416
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47910
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.630896-0400"
,
"end"
:
"2022-06-15T18:00:06.747222-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
373704406504682
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
46228
,
"dest_ip"
:
"140.82.112.4"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
545
,
"pkts_toclient"
:
771
,
"bytes_toserver"
:
52113
,
"bytes_toclient"
:
848588
,
"start"
:
"2022-06-15T18:00:06.496874-0400"
,
"end"
:
"2022-06-15T18:04:20.972951-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1371373781523278
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
16
,
"pkts_toclient"
:
19
,
"bytes_toserver"
:
2659
,
"bytes_toclient"
:
9594
,
"start"
:
"2022-06-15T18:03:06.072526-0400"
,
"end"
:
"2022-06-15T18:04:39.405169-0400"
,
"age"
:
93
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1097653355055473
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
48618
,
"dest_ip"
:
"172.217.4.67"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
324
,
"bytes_toclient"
:
487
,
"start"
:
"2022-06-15T17:59:44.493937-0400"
,
"end"
:
"2022-06-15T18:02:12.935577-0400"
,
"age"
:
148
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1948774138910388
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
39344
,
"dest_ip"
:
"142.251.32.110"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399028-0400"
,
"end"
:
"2022-06-15T18:04:10.733394-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-07-21T16:42:58.385790-0400"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
0
,
"decoder"
:{
"pkts"
:
7758
,
"bytes"
:
7206274
,
"invalid"
:
0
,
"ipv4"
:
7758
,
"ipv6"
:
0
,
"ethernet"
:
7758
,
"chdlc"
:
0
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
7758
,
"udp"
:
0
,
"sctp"
:
0
,
"esp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"geneve"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"vxlan"
:
0
,
"vntag"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
0
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
928
,
"max_pkt_size"
:
1514
,
"max_mac_addrs_src"
:
0
,
"max_mac_addrs_dst"
:
0
,
"erspan"
:
0
,
"nsh"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_invalid_length"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"vntag"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"esp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"vxlan"
:{
"unknown_payload_type"
:
0
},
"geneve"
:{
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
},
"dce"
:{
"pkt_too_small"
:
0
},
"chdlc"
:{
"pkt_too_small"
:
0
},
"nsh"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"bad_header_length"
:
0
,
"reserved_type"
:
0
,
"unsupported_type"
:
0
,
"unknown_payload"
:
0
}},
"too_many_layers"
:
0
},
"flow"
:{
"memcap"
:
0
,
"total"
:
20
,
"active"
:
0
,
"tcp"
:
20
,
"udp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"tcp_reuse"
:
0
,
"get_used"
:
0
,
"get_used_eval"
:
0
,
"get_used_eval_reject"
:
0
,
"get_used_eval_busy"
:
0
,
"get_used_failed"
:
0
,
"wrk"
:{
"spare_sync_avg"
:
100
,
"spare_sync"
:
2
,
"spare_sync_incomplete"
:
0
,
"spare_sync_empty"
:
0
,
"flows_evicted_needs_work"
:
0
,
"flows_evicted_pkt_inject"
:
0
,
"flows_evicted"
:
0
,
"flows_injected"
:
0
},
"end"
:{
"state"
:{
"new"
:
20
,
"established"
:
0
,
"closed"
:
0
,
"local_bypassed"
:
0
},
"tcp_state"
:{
"none"
:
0
,
"syn_sent"
:
0
,
"syn_recv"
:
0
,
"established"
:
0
,
"fin_wait1"
:
0
,
"fin_wait2"
:
0
,
"time_wait"
:
0
,
"last_ack"
:
0
,
"close_wait"
:
0
,
"closing"
:
0
,
"closed"
:
0
},
"tcp_liberal"
:
0
},
"mgr"
:{
"full_hash_pass"
:
0
,
"rows_per_sec"
:
287
,
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"rows_maxlen"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_evicted"
:
0
,
"flows_evicted_needs_work"
:
0
},
"spare"
:
9800
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"recycler"
:{
"recycled"
:
20
,
"queue_avg"
:
0
,
"queue_max"
:
20
},
"memuse"
:
7394304
},
"tcp"
:{
"active_sessions"
:
0
,
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
2232
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
11
,
"rst"
:
5
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"memuse"
:
1212416
,
"reassembly_memuse"
:
229376
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"flow_bypassed"
:{
"local_pkts"
:
0
,
"local_bytes"
:
0
,
"local_capture_pkts"
:
0
,
"local_capture_bytes"
:
0
,
"closed"
:
0
,
"pkts"
:
0
,
"bytes"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
,
"failed_udp"
:
0
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
},
"error"
:{
"http"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smtp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tls"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ssh"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"imap"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dcerpc_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ntp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp-data"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ike"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"quic"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dhcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"snmp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"sip"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rfb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"mqtt"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"telnet"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rdp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"http2"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"failed_tcp"
:{
"gap"
:
0
},
"dcerpc_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
}},
"expectations"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"file_store"
:{
"open_files"
:
0
}}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
284865155487191
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
52980
,
"dest_ip"
:
"185.199.109.133"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
266
,
"pkts_toclient"
:
518
,
"bytes_toserver"
:
20524
,
"bytes_toclient"
:
628102
,
"start"
:
"2022-06-15T18:00:06.644567-0400"
,
"end"
:
"2022-06-15T18:04:20.973001-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
570809046087326
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
71
,
"pkts_toclient"
:
82
,
"bytes_toserver"
:
23594
,
"bytes_toclient"
:
12060
,
"start"
:
"2022-06-15T18:00:13.079518-0400"
,
"end"
:
"2022-06-15T18:03:21.483997-0400"
,
"age"
:
188
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
609038547228955
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59630
,
"dest_ip"
:
"54.197.152.243"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
293
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989467-0400"
,
"end"
:
"2022-06-15T17:59:32.036182-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
613546117734916
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47920
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
375
,
"pkts_toclient"
:
857
,
"bytes_toserver"
:
28074
,
"bytes_toclient"
:
1112359
,
"start"
:
"2022-06-15T18:00:06.631300-0400"
,
"end"
:
"2022-06-15T18:04:43.501208-0400"
,
"age"
:
277
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1177602025225137
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47924
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
880
,
"pkts_toclient"
:
3173
,
"bytes_toserver"
:
56902
,
"bytes_toclient"
:
4376329
,
"start"
:
"2022-06-15T18:00:06.818097-0400"
,
"end"
:
"2022-06-15T18:04:51.693158-0400"
,
"age"
:
285
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
338620972567165
,
"event_type"
:
"flow"
,
"src_ip"
:
"34.208.34.131"
,
"src_port"
:
443
,
"dest_ip"
:
"192.168.78.128"
,
"dest_port"
:
47912
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
1
,
"bytes_toserver"
:
145
,
"bytes_toclient"
:
89
,
"start"
:
"2022-06-15T18:01:44.625277-0400"
,
"end"
:
"2022-06-15T18:01:44.625867-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1886982446159082
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
46228
,
"dest_ip"
:
"140.82.112.4"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
545
,
"pkts_toclient"
:
771
,
"bytes_toserver"
:
52113
,
"bytes_toclient"
:
848588
,
"start"
:
"2022-06-15T18:00:06.496874-0400"
,
"end"
:
"2022-06-15T18:04:20.972951-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
480586813503738
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44962
,
"dest_ip"
:
"104.16.249.249"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
12
,
"pkts_toclient"
:
12
,
"bytes_toserver"
:
882
,
"bytes_toclient"
:
918
,
"start"
:
"2022-06-15T17:59:41.948474-0400"
,
"end"
:
"2022-06-15T18:04:36.996684-0400"
,
"age"
:
295
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
67443173531760
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47910
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.630896-0400"
,
"end"
:
"2022-06-15T18:00:06.747222-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2057969389183424
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47918
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631232-0400"
,
"end"
:
"2022-06-15T18:00:06.745895-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2061914314905275
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59284
,
"dest_ip"
:
"142.250.65.234"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399035-0400"
,
"end"
:
"2022-06-15T18:04:10.733378-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
517478436741442
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47914
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631106-0400"
,
"end"
:
"2022-06-15T18:00:06.747382-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1785634100549808
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44338
,
"dest_ip"
:
"34.120.5.221"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989360-0400"
,
"end"
:
"2022-06-15T17:59:32.036138-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1082784177985204
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
39344
,
"dest_ip"
:
"142.251.32.110"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399028-0400"
,
"end"
:
"2022-06-15T18:04:10.733394-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
379126802719110
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47916
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631174-0400"
,
"end"
:
"2022-06-15T18:00:06.793338-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2071202181974385
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
48618
,
"dest_ip"
:
"172.217.4.67"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
324
,
"bytes_toclient"
:
487
,
"start"
:
"2022-06-15T17:59:44.493937-0400"
,
"end"
:
"2022-06-15T18:02:12.935577-0400"
,
"age"
:
148
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1940403247061460
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47308
,
"dest_ip"
:
"34.120.237.76"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989652-0400"
,
"end"
:
"2022-06-15T17:59:32.035675-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
967971111639392
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
43586
,
"dest_ip"
:
"34.117.237.239"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989536-0400"
,
"end"
:
"2022-06-15T17:59:32.036275-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1262157046391036
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47912
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631036-0400"
,
"end"
:
"2022-06-15T18:00:06.747316-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
136763957451598
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
16
,
"pkts_toclient"
:
19
,
"bytes_toserver"
:
2659
,
"bytes_toclient"
:
9594
,
"start"
:
"2022-06-15T18:03:06.072526-0400"
,
"end"
:
"2022-06-15T18:04:39.405169-0400"
,
"age"
:
93
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-07-21T16:42:59.332584-0400"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
0
,
"decoder"
:{
"pkts"
:
7758
,
"bytes"
:
7206274
,
"invalid"
:
0
,
"ipv4"
:
7758
,
"ipv6"
:
0
,
"ethernet"
:
7758
,
"chdlc"
:
0
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
7758
,
"udp"
:
0
,
"sctp"
:
0
,
"esp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"geneve"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"vxlan"
:
0
,
"vntag"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
0
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
928
,
"max_pkt_size"
:
1514
,
"max_mac_addrs_src"
:
0
,
"max_mac_addrs_dst"
:
0
,
"erspan"
:
0
,
"nsh"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_invalid_length"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"vntag"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"esp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"vxlan"
:{
"unknown_payload_type"
:
0
},
"geneve"
:{
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
},
"dce"
:{
"pkt_too_small"
:
0
},
"chdlc"
:{
"pkt_too_small"
:
0
},
"nsh"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"bad_header_length"
:
0
,
"reserved_type"
:
0
,
"unsupported_type"
:
0
,
"unknown_payload"
:
0
}},
"too_many_layers"
:
0
},
"flow"
:{
"memcap"
:
0
,
"total"
:
20
,
"active"
:
0
,
"tcp"
:
20
,
"udp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"tcp_reuse"
:
0
,
"get_used"
:
0
,
"get_used_eval"
:
0
,
"get_used_eval_reject"
:
0
,
"get_used_eval_busy"
:
0
,
"get_used_failed"
:
0
,
"wrk"
:{
"spare_sync_avg"
:
100
,
"spare_sync"
:
2
,
"spare_sync_incomplete"
:
0
,
"spare_sync_empty"
:
0
,
"flows_evicted_needs_work"
:
0
,
"flows_evicted_pkt_inject"
:
0
,
"flows_evicted"
:
0
,
"flows_injected"
:
0
},
"end"
:{
"state"
:{
"new"
:
20
,
"established"
:
0
,
"closed"
:
0
,
"local_bypassed"
:
0
},
"tcp_state"
:{
"none"
:
0
,
"syn_sent"
:
0
,
"syn_recv"
:
0
,
"established"
:
0
,
"fin_wait1"
:
0
,
"fin_wait2"
:
0
,
"time_wait"
:
0
,
"last_ack"
:
0
,
"close_wait"
:
0
,
"closing"
:
0
,
"closed"
:
0
},
"tcp_liberal"
:
0
},
"mgr"
:{
"full_hash_pass"
:
0
,
"rows_per_sec"
:
0
,
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"rows_maxlen"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_evicted"
:
0
,
"flows_evicted_needs_work"
:
0
},
"spare"
:
0
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"recycler"
:{
"recycled"
:
20
,
"queue_avg"
:
1
,
"queue_max"
:
20
},
"memuse"
:
7394304
},
"tcp"
:{
"active_sessions"
:
0
,
"sessions"
:
0
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
2232
,
"no_flow"
:
0
,
"syn"
:
0
,
"synack"
:
11
,
"rst"
:
5
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"memuse"
:
1212416
,
"reassembly_memuse"
:
229376
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"flow_bypassed"
:{
"local_pkts"
:
0
,
"local_bytes"
:
0
,
"local_capture_pkts"
:
0
,
"local_capture_bytes"
:
0
,
"closed"
:
0
,
"pkts"
:
0
,
"bytes"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
,
"failed_udp"
:
0
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
},
"error"
:{
"http"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smtp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tls"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ssh"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"imap"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dcerpc_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ntp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp-data"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ike"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"quic"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dhcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"snmp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"sip"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rfb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"mqtt"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"telnet"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rdp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"http2"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"failed_tcp"
:{
"gap"
:
0
},
"dcerpc_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
}},
"expectations"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"file_store"
:{
"open_files"
:
0
}}}
{
"timestamp"
:
"2022-06-15T18:00:13.126374-0400"
,
"flow_id"
:
100031238321822
,
"pcap_cnt"
:
2731
,
"event_type"
:
"tls"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tls"
:{
"subject"
:
"CN=*.ghostery.net"
,
"issuerdn"
:
"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon"
,
"serial"
:
"03:9F:1E:C7:EC:8A:57:A7:3A:EA:95:2C:1E:DE:BD:29"
,
"fingerprint"
:
"42:71:54:46:11:24:d1:dc:c1:80:cc:fc:2c:06:f9:3c:64:62:ef:ef"
,
"sni"
:
"collector-hpn.ghostery.net"
,
"version"
:
"TLS 1.2"
,
"notbefore"
:
"2022-05-27T00:00:00"
,
"notafter"
:
"2023-06-25T23:59:59"
}}
{
"timestamp"
:
"2022-06-15T18:03:06.132112-0400"
,
"flow_id"
:
488998520363854
,
"pcap_cnt"
:
7325
,
"event_type"
:
"tls"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"pkt_src"
:
"wire/pcap"
,
"tls"
:{
"sni"
:
"az764295.vo.msecnd.net"
,
"version"
:
"TLS 1.3"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
488998520363854
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
36208
,
"dest_ip"
:
"152.199.4.33"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"app_proto"
:
"tls"
,
"flow"
:{
"pkts_toserver"
:
16
,
"pkts_toclient"
:
19
,
"bytes_toserver"
:
2659
,
"bytes_toclient"
:
9594
,
"start"
:
"2022-06-15T18:03:06.072526-0400"
,
"end"
:
"2022-06-15T18:04:39.405169-0400"
,
"age"
:
93
,
"state"
:
"established"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"1a"
,
"tcp_flags_ts"
:
"1a"
,
"tcp_flags_tc"
:
"1a"
,
"syn"
:
true
,
"psh"
:
true
,
"ack"
:
true
,
"state"
:
"established"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1989030867667313
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
48618
,
"dest_ip"
:
"172.217.4.67"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
6
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
324
,
"bytes_toclient"
:
487
,
"start"
:
"2022-06-15T17:59:44.493937-0400"
,
"end"
:
"2022-06-15T18:02:12.935577-0400"
,
"age"
:
148
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1437260713236763
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59630
,
"dest_ip"
:
"54.197.152.243"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
293
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989467-0400"
,
"end"
:
"2022-06-15T17:59:32.036182-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2152016288077271
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
52980
,
"dest_ip"
:
"185.199.109.133"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
266
,
"pkts_toclient"
:
518
,
"bytes_toserver"
:
20524
,
"bytes_toclient"
:
628102
,
"start"
:
"2022-06-15T18:00:06.644567-0400"
,
"end"
:
"2022-06-15T18:04:20.973001-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
748206225626804
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
39344
,
"dest_ip"
:
"142.251.32.110"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399028-0400"
,
"end"
:
"2022-06-15T18:04:10.733394-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1180174708316512
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
43586
,
"dest_ip"
:
"34.117.237.239"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989536-0400"
,
"end"
:
"2022-06-15T17:59:32.036275-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2165968489324796
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47912
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631036-0400"
,
"end"
:
"2022-06-15T18:00:06.747316-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1603211807103444
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47308
,
"dest_ip"
:
"34.120.237.76"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989652-0400"
,
"end"
:
"2022-06-15T17:59:32.035675-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1183524783487226
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44962
,
"dest_ip"
:
"104.16.249.249"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
12
,
"pkts_toclient"
:
12
,
"bytes_toserver"
:
882
,
"bytes_toclient"
:
918
,
"start"
:
"2022-06-15T17:59:41.948474-0400"
,
"end"
:
"2022-06-15T18:04:36.996684-0400"
,
"age"
:
295
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
2040789519989681
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47924
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
880
,
"pkts_toclient"
:
3173
,
"bytes_toserver"
:
56902
,
"bytes_toclient"
:
4376329
,
"start"
:
"2022-06-15T18:00:06.818097-0400"
,
"end"
:
"2022-06-15T18:04:51.693158-0400"
,
"age"
:
285
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1207104153851579
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
59284
,
"dest_ip"
:
"142.250.65.234"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
7
,
"pkts_toclient"
:
7
,
"bytes_toserver"
:
378
,
"bytes_toclient"
:
420
,
"start"
:
"2022-06-15T17:59:40.399035-0400"
,
"end"
:
"2022-06-15T18:04:10.733378-0400"
,
"age"
:
270
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
363186031600006
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47916
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631174-0400"
,
"end"
:
"2022-06-15T18:00:06.793338-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1640487828265136
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
44338
,
"dest_ip"
:
"34.120.5.221"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
4
,
"pkts_toclient"
:
4
,
"bytes_toserver"
:
279
,
"bytes_toclient"
:
240
,
"start"
:
"2022-06-15T17:59:31.989360-0400"
,
"end"
:
"2022-06-15T17:59:32.036138-0400"
,
"age"
:
1
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
656768521114858
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
46228
,
"dest_ip"
:
"140.82.112.4"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
545
,
"pkts_toclient"
:
771
,
"bytes_toserver"
:
52113
,
"bytes_toclient"
:
848588
,
"start"
:
"2022-06-15T18:00:06.496874-0400"
,
"end"
:
"2022-06-15T18:04:20.972951-0400"
,
"age"
:
254
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
659188735189314
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47914
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631106-0400"
,
"end"
:
"2022-06-15T18:00:06.747382-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
381169059668080
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47910
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.630896-0400"
,
"end"
:
"2022-06-15T18:00:06.747222-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
100031238321822
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
42620
,
"dest_ip"
:
"107.21.71.206"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"app_proto"
:
"tls"
,
"flow"
:{
"pkts_toserver"
:
71
,
"pkts_toclient"
:
82
,
"bytes_toserver"
:
23594
,
"bytes_toclient"
:
12060
,
"start"
:
"2022-06-15T18:00:13.079518-0400"
,
"end"
:
"2022-06-15T18:03:21.483997-0400"
,
"age"
:
188
,
"state"
:
"closed"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"1b"
,
"tcp_flags_ts"
:
"1b"
,
"tcp_flags_tc"
:
"1b"
,
"syn"
:
true
,
"fin"
:
true
,
"psh"
:
true
,
"ack"
:
true
,
"state"
:
"closed"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1366967139732093
,
"event_type"
:
"flow"
,
"src_ip"
:
"34.208.34.131"
,
"src_port"
:
443
,
"dest_ip"
:
"192.168.78.128"
,
"dest_port"
:
47912
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
2
,
"pkts_toclient"
:
1
,
"bytes_toserver"
:
145
,
"bytes_toclient"
:
89
,
"start"
:
"2022-06-15T18:01:44.625277-0400"
,
"end"
:
"2022-06-15T18:01:44.625867-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
1791099448762884
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47920
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
375
,
"pkts_toclient"
:
857
,
"bytes_toserver"
:
28074
,
"bytes_toclient"
:
1112359
,
"start"
:
"2022-06-15T18:00:06.631300-0400"
,
"end"
:
"2022-06-15T18:04:43.501208-0400"
,
"age"
:
277
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-06-15T17:59:31.989360-0400"
,
"flow_id"
:
978053549695424
,
"event_type"
:
"flow"
,
"src_ip"
:
"192.168.78.128"
,
"src_port"
:
47918
,
"dest_ip"
:
"185.199.108.154"
,
"dest_port"
:
443
,
"proto"
:
"TCP"
,
"flow"
:{
"pkts_toserver"
:
9
,
"pkts_toclient"
:
8
,
"bytes_toserver"
:
1087
,
"bytes_toclient"
:
4682
,
"start"
:
"2022-06-15T18:00:06.631232-0400"
,
"end"
:
"2022-06-15T18:00:06.745895-0400"
,
"age"
:
0
,
"state"
:
"new"
,
"reason"
:
"shutdown"
,
"alerted"
:
false
},
"tcp"
:{
"tcp_flags"
:
"00"
,
"tcp_flags_ts"
:
"00"
,
"tcp_flags_tc"
:
"00"
}}
{
"timestamp"
:
"2022-07-21T16:43:00.360326-0400"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
0
,
"decoder"
:{
"pkts"
:
7758
,
"bytes"
:
7206274
,
"invalid"
:
0
,
"ipv4"
:
7758
,
"ipv6"
:
0
,
"ethernet"
:
7758
,
"chdlc"
:
0
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
7758
,
"udp"
:
0
,
"sctp"
:
0
,
"esp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"geneve"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"vxlan"
:
0
,
"vntag"
:
0
,
"ieee8021ah"
:
0
,
"teredo"
:
0
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
928
,
"max_pkt_size"
:
1514
,
"max_mac_addrs_src"
:
0
,
"max_mac_addrs_dst"
:
0
,
"erspan"
:
0
,
"nsh"
:
0
,
"event"
:{
"ipv4"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"iplen_smaller_than_hlen"
:
0
,
"trunc_pkt"
:
0
,
"opt_invalid"
:
0
,
"opt_invalid_len"
:
0
,
"opt_malformed"
:
0
,
"opt_pad_required"
:
0
,
"opt_eol_required"
:
0
,
"opt_duplicate"
:
0
,
"opt_unknown"
:
0
,
"wrong_ip_version"
:
0
,
"icmpv6"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_ignored"
:
0
},
"icmpv4"
:{
"pkt_too_small"
:
0
,
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"ipv4_trunc_pkt"
:
0
,
"ipv4_unknown_ver"
:
0
},
"icmpv6"
:{
"unknown_type"
:
0
,
"unknown_code"
:
0
,
"pkt_too_small"
:
0
,
"ipv6_unknown_version"
:
0
,
"ipv6_trunc_pkt"
:
0
,
"mld_message_with_invalid_hl"
:
0
,
"unassigned_type"
:
0
,
"experimentation_type"
:
0
},
"ipv6"
:{
"pkt_too_small"
:
0
,
"trunc_pkt"
:
0
,
"trunc_exthdr"
:
0
,
"exthdr_dupl_fh"
:
0
,
"exthdr_useless_fh"
:
0
,
"exthdr_dupl_rh"
:
0
,
"exthdr_dupl_hh"
:
0
,
"exthdr_dupl_dh"
:
0
,
"exthdr_dupl_ah"
:
0
,
"exthdr_dupl_eh"
:
0
,
"exthdr_invalid_optlen"
:
0
,
"wrong_ip_version"
:
0
,
"exthdr_ah_res_not_null"
:
0
,
"hopopts_unknown_opt"
:
0
,
"hopopts_only_padding"
:
0
,
"dstopts_unknown_opt"
:
0
,
"dstopts_only_padding"
:
0
,
"rh_type_0"
:
0
,
"zero_len_padn"
:
0
,
"fh_non_zero_reserved_field"
:
0
,
"data_after_none_header"
:
0
,
"unknown_next_header"
:
0
,
"icmpv4"
:
0
,
"frag_pkt_too_large"
:
0
,
"frag_overlap"
:
0
,
"frag_invalid_length"
:
0
,
"frag_ignored"
:
0
,
"ipv4_in_ipv6_too_small"
:
0
,
"ipv4_in_ipv6_wrong_version"
:
0
,
"ipv6_in_ipv6_too_small"
:
0
,
"ipv6_in_ipv6_wrong_version"
:
0
},
"tcp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"invalid_optlen"
:
0
,
"opt_invalid_len"
:
0
,
"opt_duplicate"
:
0
},
"udp"
:{
"pkt_too_small"
:
0
,
"hlen_too_small"
:
0
,
"hlen_invalid"
:
0
},
"sll"
:{
"pkt_too_small"
:
0
},
"ethernet"
:{
"pkt_too_small"
:
0
},
"ppp"
:{
"pkt_too_small"
:
0
,
"vju_pkt_too_small"
:
0
,
"ip4_pkt_too_small"
:
0
,
"ip6_pkt_too_small"
:
0
,
"wrong_type"
:
0
,
"unsup_proto"
:
0
},
"pppoe"
:{
"pkt_too_small"
:
0
,
"wrong_code"
:
0
,
"malformed_tags"
:
0
},
"gre"
:{
"pkt_too_small"
:
0
,
"wrong_version"
:
0
,
"version0_recur"
:
0
,
"version0_flags"
:
0
,
"version0_hdr_too_big"
:
0
,
"version0_malformed_sre_hdr"
:
0
,
"version1_chksum"
:
0
,
"version1_route"
:
0
,
"version1_ssr"
:
0
,
"version1_recur"
:
0
,
"version1_flags"
:
0
,
"version1_no_key"
:
0
,
"version1_wrong_protocol"
:
0
,
"version1_malformed_sre_hdr"
:
0
,
"version1_hdr_too_big"
:
0
},
"vlan"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
,
"too_many_layers"
:
0
},
"ieee8021ah"
:{
"header_too_small"
:
0
},
"vntag"
:{
"header_too_small"
:
0
,
"unknown_type"
:
0
},
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"sctp"
:{
"pkt_too_small"
:
0
},
"esp"
:{
"pkt_too_small"
:
0
},
"mpls"
:{
"header_too_small"
:
0
,
"pkt_too_small"
:
0
,
"bad_label_router_alert"
:
0
,
"bad_label_implicit_null"
:
0
,
"bad_label_reserved"
:
0
,
"unknown_payload_type"
:
0
},
"vxlan"
:{
"unknown_payload_type"
:
0
},
"geneve"
:{
"unknown_payload_type"
:
0
},
"erspan"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"too_many_vlan_layers"
:
0
},
"dce"
:{
"pkt_too_small"
:
0
},
"chdlc"
:{
"pkt_too_small"
:
0
},
"nsh"
:{
"header_too_small"
:
0
,
"unsupported_version"
:
0
,
"bad_header_length"
:
0
,
"reserved_type"
:
0
,
"unsupported_type"
:
0
,
"unknown_payload"
:
0
}},
"too_many_layers"
:
0
},
"flow"
:{
"memcap"
:
0
,
"total"
:
20
,
"active"
:
0
,
"tcp"
:
20
,
"udp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"tcp_reuse"
:
0
,
"get_used"
:
0
,
"get_used_eval"
:
0
,
"get_used_eval_reject"
:
0
,
"get_used_eval_busy"
:
0
,
"get_used_failed"
:
0
,
"wrk"
:{
"spare_sync_avg"
:
100
,
"spare_sync"
:
2
,
"spare_sync_incomplete"
:
0
,
"spare_sync_empty"
:
0
,
"flows_evicted_needs_work"
:
1
,
"flows_evicted_pkt_inject"
:
2
,
"flows_evicted"
:
0
,
"flows_injected"
:
1
},
"end"
:{
"state"
:{
"new"
:
18
,
"established"
:
1
,
"closed"
:
1
,
"local_bypassed"
:
0
},
"tcp_state"
:{
"none"
:
0
,
"syn_sent"
:
0
,
"syn_recv"
:
0
,
"established"
:
1
,
"fin_wait1"
:
0
,
"fin_wait2"
:
0
,
"time_wait"
:
0
,
"last_ack"
:
0
,
"close_wait"
:
0
,
"closing"
:
0
,
"closed"
:
1
},
"tcp_liberal"
:
0
},
"mgr"
:{
"full_hash_pass"
:
0
,
"rows_per_sec"
:
287
,
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"rows_maxlen"
:
0
,
"flows_checked"
:
0
,
"flows_notimeout"
:
0
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_evicted"
:
0
,
"flows_evicted_needs_work"
:
0
},
"spare"
:
9900
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"recycler"
:{
"recycled"
:
19
,
"queue_avg"
:
0
,
"queue_max"
:
19
},
"memuse"
:
7394304
},
"tcp"
:{
"active_sessions"
:
0
,
"sessions"
:
2
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
0
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
343
,
"no_flow"
:
0
,
"syn"
:
2
,
"synack"
:
11
,
"rst"
:
5
,
"midstream_pickups"
:
0
,
"pkt_on_wrong_thread"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"overlap"
:
0
,
"overlap_diff_data"
:
0
,
"insert_data_normal_fail"
:
0
,
"insert_data_overlap_fail"
:
0
,
"memuse"
:
1212416
,
"reassembly_memuse"
:
229376
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"flow_bypassed"
:{
"local_pkts"
:
0
,
"local_bytes"
:
0
,
"local_capture_pkts"
:
0
,
"local_capture_bytes"
:
0
,
"closed"
:
0
,
"pkts"
:
0
,
"bytes"
:
0
},
"app_layer"
:{
"flow"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
2
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
,
"failed_udp"
:
0
},
"tx"
:{
"http"
:
0
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"nfs_tcp"
:
0
,
"ntp"
:
0
,
"ftp-data"
:
0
,
"tftp"
:
0
,
"ike"
:
0
,
"krb5_tcp"
:
0
,
"quic"
:
0
,
"dhcp"
:
0
,
"snmp"
:
0
,
"sip"
:
0
,
"rfb"
:
0
,
"mqtt"
:
0
,
"telnet"
:
0
,
"rdp"
:
0
,
"http2"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"nfs_udp"
:
0
,
"krb5_udp"
:
0
},
"error"
:{
"http"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smtp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tls"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ssh"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"imap"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"smb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dcerpc_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ntp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ftp-data"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"tftp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"ike"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_tcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"quic"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dhcp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"snmp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"sip"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rfb"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"mqtt"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"telnet"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"rdp"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"http2"
:{
"gap"
:
0
,
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"failed_tcp"
:{
"gap"
:
0
},
"dcerpc_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"dns_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"nfs_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
},
"krb5_udp"
:{
"alloc"
:
0
,
"parser"
:
0
,
"internal"
:
0
}},
"expectations"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"ftp"
:{
"memuse"
:
0
,
"memcap"
:
0
},
"file_store"
:{
"open_files"
:
0
}}}
« Previous
1
2
3
4
5
6
Next »
(4-4/6)
Loading...