{"timestamp":"2023-07-22T08:47:49.072487+0800","flow_id":1437230609302833,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":50795,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":16362,"rrname":"incoming.telemetry.mozilla.org","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:49.072487+0800","flow_id":1437229237458199,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":48663,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":51832,"rrname":"incoming.telemetry.mozilla.org","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:49.113940+0800","flow_id":1615271214653814,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.10","src_port":1678,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":3604,"rrname":"connectivitycheck.cbg-app.huawei.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:49.114225+0800","flow_id":1616494520404630,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.10","src_port":4432,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":37990,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:49.115458+0800","flow_id":1621789433128196,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.10","src_port":18665,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":62787,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:49.115495+0800","flow_id":1621950060726653,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.10","src_port":31755,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":56945,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:49.115458+0800","flow_id":1621791398848559,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.10","src_port":58815,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":27715,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:49.115458+0800","flow_id":1621788962380293,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.10","src_port":42183,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":13433,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:49.115458+0800","flow_id":1621790325885758,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.10","src_port":30598,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":46426,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:49.115495+0800","flow_id":1621951139439934,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.10","src_port":19396,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":38239,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:49.129102+0800","flow_id":1680389657624221,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":52774,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":24927,"rrname":"prod.ingestion-edge.prod.dataops.mozgcp.net","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:49.163331+0800","flow_id":1545928256501303,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36238,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1116906190,"tcpack":1840866801,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:47:49.403076+0800","flow_id":1449726617391670,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36252,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4045186377,"tcpack":689594488,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:47:49.440257+0800","flow_id":1609414782634291,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.100","src_port":52905,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":27956,"rrname":"youtube.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:49.470678+0800","flow_id":1545928256501303,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36238,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1116906190,"tcpack":1840866801,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:49.708401+0800","flow_id":1449726617391670,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36252,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4045186377,"tcpack":689594488,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:50.193049+0800","flow_id":1545928256501303,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36238,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1116906190,"tcpack":1840866801,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:50.304196+0800","flow_id":1869463548728544,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.11","src_port":18916,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":56733,"rrname":"connectivitycheck.cbg-app.huawei.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:50.433073+0800","flow_id":1449726617391670,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36252,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4045186377,"tcpack":689594488,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:50.801811+0800","flow_id":1754903601389484,"in_iface":"eth2","event_type":"drop","src_ip":"91.108.56.117","src_port":443,"dest_ip":"192.168.0.120","dest_port":42544,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":54,"ipid":37682,"tcpseq":2121250457,"tcpack":1618710170,"tcpwin":2082,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":true,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:47:51.301486+0800","flow_id":2139300655270650,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.11","src_port":39259,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":65285,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:51.301896+0800","flow_id":2141060310573350,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.11","src_port":64920,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":60786,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:51.303529+0800","flow_id":2148073596874628,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.11","src_port":63404,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":60683,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:51.303529+0800","flow_id":2148075363797259,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.11","src_port":40462,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":26754,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:51.303530+0800","flow_id":2148080268646635,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.11","src_port":9044,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":15237,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:51.303529+0800","flow_id":2148072531801518,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.11","src_port":23222,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":24222,"rrname":"epdg.epc.mnc012.mcc454.pub.3gppnetwork.org","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:51.303530+0800","flow_id":2148078465770631,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.11","src_port":18475,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":27112,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:51.303529+0800","flow_id":2148073426635180,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.11","src_port":41254,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":26677,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:52.010463+0800","flow_id":44941669567619,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.100","src_port":55058,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":45805,"rrname":"n-deventry-gw.tplinkcloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:52.192290+0800","flow_id":1545928256501303,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36238,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1116906190,"tcpack":1840866801,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:52.447913+0800","flow_id":1449726617391670,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36252,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4045186377,"tcpack":689594488,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:54.231851+0800","flow_id":1545928256501303,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36238,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1116906190,"tcpack":1840866801,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:54.508321+0800","flow_id":1449726617391670,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36252,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4045186377,"tcpack":689594488,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:55.182645+0800","flow_id":1065929755652415,"in_iface":"eth2","event_type":"drop","src_ip":"203.205.254.125","src_port":443,"dest_ip":"192.168.0.120","dest_port":37790,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":209,"tos":104,"ttl":54,"ipid":6857,"tcpseq":2361333913,"tcpack":54125386,"tcpwin":161,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:47:55.414370+0800","flow_id":1065929755652415,"in_iface":"eth2","event_type":"drop","src_ip":"203.205.254.125","src_port":443,"dest_ip":"192.168.0.120","dest_port":37790,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":209,"tos":104,"ttl":54,"ipid":6858,"tcpseq":2361333913,"tcpack":54125386,"tcpwin":161,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:55.526685+0800","flow_id":854721593625867,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.170","src_port":50674,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":1692,"rrname":"devs-pe.tplinkcloud.com.cn","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:55.646948+0800","flow_id":1065929755652415,"in_iface":"eth2","event_type":"drop","src_ip":"203.205.254.125","src_port":443,"dest_ip":"192.168.0.120","dest_port":37790,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":209,"tos":104,"ttl":54,"ipid":6859,"tcpseq":2361333913,"tcpack":54125386,"tcpwin":161,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:55.718458+0800","event_type":"stats","stats":{"uptime":8,"capture":{"kernel_packets":94,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":17702,"poll_signal":0,"poll_timeout":758,"poll_data":16944,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":98,"bytes":12366,"invalid":0,"ipv4":60,"ipv6":8,"ethernet":98,"arp":20,"unknown_ethertype":10,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":15,"udp":45,"sctp":0,"esp":0,"icmpv4":0,"icmpv6":8,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":126,"max_pkt_size":1021,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":2,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":6,"synack":8,"rst":0,"active_sessions":2,"sessions":2,"ssn_memcap_drop":0,"ssn_from_cache":0,"ssn_from_pool":2,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9699456,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":57,"active":57,"tcp":5,"udp":45,"icmpv4":0,"icmpv6":7,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":0,"flows_evicted_pkt_inject":0,"flows_evicted":0,"flows_injected":0,"flows_injected_max":0},"end":{"state":{"new":0,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":0,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":0,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":30,"flows_notimeout":30,"flows_timeout":0,"flows_evicted":0,"flows_evicted_needs_work":0},"spare":9800,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":0,"queue_avg":0,"queue_max":0},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:47:47.188074+0800","rules_loaded":0,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":0,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":0,"dhcp":0,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":22,"nfs_udp":0,"krb5_udp":0,"failed_udp":23},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":0,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":0,"dhcp":0,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":22,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:47:55.750950+0800","flow_id":1000268432075148,"in_iface":"eth2","event_type":"dhcp","src_ip":"192.168.0.1","src_port":67,"dest_ip":"192.168.0.100","dest_port":68,"proto":"UDP","pkt_src":"wire/pcap","dhcp":{"type":"reply","id":1459862868,"client_mac":"1c:3b:f3:65:a3:dc","assigned_ip":"192.168.0.100","dhcp_type":"ack","renewal_time":43200,"hostname":"deco-X20"}}
{"timestamp":"2023-07-22T08:47:55.879604+0800","flow_id":1065929755652415,"in_iface":"eth2","event_type":"drop","src_ip":"203.205.254.125","src_port":443,"dest_ip":"192.168.0.120","dest_port":37790,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":209,"tos":104,"ttl":54,"ipid":6860,"tcpseq":2361333913,"tcpack":54125386,"tcpwin":161,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:56.110229+0800","flow_id":1065929755652415,"in_iface":"eth2","event_type":"drop","src_ip":"203.205.254.125","src_port":443,"dest_ip":"192.168.0.120","dest_port":37790,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":209,"tos":104,"ttl":54,"ipid":6861,"tcpseq":2361333913,"tcpack":54125386,"tcpwin":161,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:56.342352+0800","flow_id":1065929755652415,"in_iface":"eth2","event_type":"drop","src_ip":"203.205.254.125","src_port":443,"dest_ip":"192.168.0.120","dest_port":37790,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":209,"tos":104,"ttl":54,"ipid":6862,"tcpseq":2361333913,"tcpack":54125386,"tcpwin":161,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:56.415179+0800","flow_id":1545928256501303,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36238,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1116906190,"tcpack":1840866801,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:56.574360+0800","flow_id":1065929755652415,"in_iface":"eth2","event_type":"drop","src_ip":"203.205.254.125","src_port":443,"dest_ip":"192.168.0.120","dest_port":37790,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":209,"tos":104,"ttl":54,"ipid":6863,"tcpseq":2361333913,"tcpack":54125386,"tcpwin":161,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:56.677707+0800","flow_id":1449726617391670,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36252,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4045186377,"tcpack":689594488,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:56.806964+0800","flow_id":1065929755652415,"in_iface":"eth2","event_type":"drop","src_ip":"203.205.254.125","src_port":443,"dest_ip":"192.168.0.120","dest_port":37790,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":209,"tos":104,"ttl":54,"ipid":6864,"tcpseq":2361333913,"tcpack":54125386,"tcpwin":161,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:57.039567+0800","flow_id":1065929755652415,"in_iface":"eth2","event_type":"drop","src_ip":"203.205.254.125","src_port":443,"dest_ip":"192.168.0.120","dest_port":37790,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":209,"tos":104,"ttl":54,"ipid":6865,"tcpseq":2361333913,"tcpack":54125386,"tcpwin":161,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:57.502503+0800","flow_id":1065929755652415,"in_iface":"eth2","event_type":"drop","src_ip":"203.205.254.125","src_port":443,"dest_ip":"192.168.0.120","dest_port":37790,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":209,"tos":104,"ttl":54,"ipid":6866,"tcpseq":2361333913,"tcpack":54125386,"tcpwin":161,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:57.573206+0800","flow_id":1617477990428988,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51209,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":2494681712,"tcpack":654247206,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:47:58.430808+0800","flow_id":1065929755652415,"in_iface":"eth2","event_type":"drop","src_ip":"203.205.254.125","src_port":443,"dest_ip":"192.168.0.120","dest_port":37790,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":209,"tos":104,"ttl":54,"ipid":6867,"tcpseq":2361333913,"tcpack":54125386,"tcpwin":161,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:58.622237+0800","flow_id":1617477990428988,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51209,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":2494681712,"tcpack":654247206,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:47:58.887008+0800","flow_id":1839347602945510,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.200","src_port":36812,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":19661,"rrname":"geoip.ubuntu.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:47:58.887009+0800","flow_id":1839347602945510,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.200","src_port":36812,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":57561,"rrname":"geoip.ubuntu.com","rrtype":"AAAA","tx_id":1,"opcode":0}}
{"timestamp":"2023-07-22T08:47:58.955821+0800","flow_id":1609414782634291,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.100","src_port":52905,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":51248,"rrname":"reddit.com","rrtype":"A","tx_id":1,"opcode":0}}
{"timestamp":"2023-07-22T08:47:59.126242+0800","flow_id":2231058968123053,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41868,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3034198435,"tcpack":2647193204,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:47:59.173402+0800","flow_id":1617477990428988,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51209,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":2494681712,"tcpack":654247206,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:00.132594+0800","flow_id":2231058968123053,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41868,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3034198435,"tcpack":2647193204,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:00.144424+0800","flow_id":2231058968123053,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41868,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3034198435,"tcpack":2647193204,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:00.290283+0800","flow_id":1065929755652415,"in_iface":"eth2","event_type":"drop","src_ip":"203.205.254.125","src_port":443,"dest_ip":"192.168.0.120","dest_port":37790,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":209,"tos":104,"ttl":54,"ipid":6868,"tcpseq":2361333913,"tcpack":54125386,"tcpwin":161,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:00.437784+0800","flow_id":1545928256501303,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36238,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1116906190,"tcpack":1840866801,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:00.717472+0800","flow_id":1449726617391670,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36252,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4045186377,"tcpack":689594488,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:01.183347+0800","flow_id":1617477990428988,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51209,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":2494681712,"tcpack":654247206,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:01.273770+0800","flow_id":542594982411517,"in_iface":"eth2","event_type":"dhcp","src_ip":"192.168.0.1","src_port":67,"dest_ip":"192.168.0.120","dest_port":68,"proto":"UDP","pkt_src":"wire/pcap","dhcp":{"type":"reply","id":979221239,"client_mac":"72:ab:4d:fb:27:ea","assigned_ip":"192.168.0.120","dhcp_type":"ack","renewal_time":43200}}
{"timestamp":"2023-07-22T08:48:01.423515+0800","flow_id":411612083791719,"in_iface":"eth2","event_type":"drop","src_ip":"192.168.0.1","src_port":853,"dest_ip":"192.168.0.120","dest_port":51380,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":40,"tos":0,"ttl":64,"ipid":0,"tcpseq":0,"tcpack":2249604229,"tcpwin":0,"syn":false,"ack":true,"psh":false,"rst":true,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream error"}}
{"timestamp":"2023-07-22T08:48:01.451654+0800","flow_id":461112420785101,"in_iface":"eth2","event_type":"dhcp","src_ip":"192.168.0.1","src_port":67,"dest_ip":"192.168.0.122","dest_port":68,"proto":"UDP","pkt_src":"wire/pcap","dhcp":{"type":"reply","id":1609946020,"client_mac":"22:20:60:f8:6f:e6","assigned_ip":"192.168.0.122","dhcp_type":"ack","renewal_time":43200}}
{"timestamp":"2023-07-22T08:48:01.464035+0800","flow_id":304166368404840,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.120","src_port":16481,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":4098,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:01.478887+0800","flow_id":367958240623539,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.120","src_port":22470,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":49838,"rrname":"epdg.epc.mnc012.mcc454.pub.3gppnetwork.org","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:01.570108+0800","flow_id":478271561082340,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":44052,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":1279721089,"tcpack":2721257159,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:01.575792+0800","flow_id":502683678044030,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.120","dest_port":53718,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":584949462,"tcpack":783253451,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:01.596318+0800","flow_id":309367683547292,"in_iface":"eth2","event_type":"drop","src_ip":"192.168.0.1","src_port":853,"dest_ip":"192.168.0.122","dest_port":58332,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":40,"tos":0,"ttl":64,"ipid":0,"tcpseq":0,"tcpack":3217478197,"tcpwin":0,"syn":false,"ack":true,"psh":false,"rst":true,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream error"}}
{"timestamp":"2023-07-22T08:48:01.643125+0800","flow_id":510404030867992,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.122","src_port":46830,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":4206,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:01.743802+0800","flow_id":379859322582505,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46258,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3596437509,"tcpack":975943845,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:01.754519+0800","flow_id":425887794297131,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.122","dest_port":34120,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":1207434421,"tcpack":539976092,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:01.778327+0800","flow_id":502683678044030,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.120","dest_port":53718,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":584949462,"tcpack":783253451,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:01.783198+0800","flow_id":478271561082340,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":44052,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":1279721089,"tcpack":2721257159,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:01.950544+0800","flow_id":379859322582505,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46258,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3596437509,"tcpack":975943845,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:01.963195+0800","flow_id":425887794297131,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.122","dest_port":34120,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":1207434421,"tcpack":539976092,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:01.985786+0800","flow_id":502683678044030,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.120","dest_port":53718,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":584949462,"tcpack":783253451,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:01.988421+0800","flow_id":478271561082340,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":44052,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":1279721089,"tcpack":2721257159,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:02.097710+0800","flow_id":701137352501974,"in_iface":"eth2","event_type":"drop","src_ip":"13.251.3.40","src_port":443,"dest_ip":"192.168.0.100","dest_port":40994,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":240,"ipid":0,"tcpseq":1126242493,"tcpack":389311454,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:02.149422+0800","flow_id":2231058968123053,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41868,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3034198435,"tcpack":2647193204,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:02.160988+0800","flow_id":379859322582505,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46258,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3596437509,"tcpack":975943845,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:02.168683+0800","flow_id":425887794297131,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.122","dest_port":34120,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":1207434421,"tcpack":539976092,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:02.191662+0800","flow_id":502683678044030,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.120","dest_port":53718,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":584949462,"tcpack":783253451,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:02.196175+0800","flow_id":478271561082340,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":44052,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":1279721089,"tcpack":2721257159,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:02.217651+0800","flow_id":2231058968123053,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41868,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3034198435,"tcpack":2647193204,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:02.366328+0800","flow_id":379859322582505,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46258,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3596437509,"tcpack":975943845,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:02.377936+0800","flow_id":425887794297131,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.122","dest_port":34120,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":1207434421,"tcpack":539976092,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:02.442700+0800","flow_id":411612083791719,"in_iface":"eth2","event_type":"drop","src_ip":"192.168.0.1","src_port":853,"dest_ip":"192.168.0.120","dest_port":51380,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":40,"tos":0,"ttl":64,"ipid":0,"tcpseq":0,"tcpack":2249604229,"tcpwin":0,"syn":false,"ack":true,"psh":false,"rst":true,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream error"}}
{"timestamp":"2023-07-22T08:48:02.580351+0800","flow_id":478271561082340,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":44052,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":1279721089,"tcpack":2721257159,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:02.592544+0800","flow_id":502683678044030,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.120","dest_port":53718,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":584949462,"tcpack":783253451,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:02.610920+0800","flow_id":309367683547292,"in_iface":"eth2","event_type":"drop","src_ip":"192.168.0.1","src_port":853,"dest_ip":"192.168.0.122","dest_port":58332,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":40,"tos":0,"ttl":64,"ipid":0,"tcpseq":0,"tcpack":3217478197,"tcpwin":0,"syn":false,"ack":true,"psh":false,"rst":true,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream error"}}
{"timestamp":"2023-07-22T08:48:02.748333+0800","flow_id":379859322582505,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46258,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3596437509,"tcpack":975943845,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:02.760504+0800","flow_id":425887794297131,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.122","dest_port":34120,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":1207434421,"tcpack":539976092,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:03.095087+0800","flow_id":701137352501974,"in_iface":"eth2","event_type":"drop","src_ip":"13.251.3.40","src_port":443,"dest_ip":"192.168.0.100","dest_port":40994,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":240,"ipid":0,"tcpseq":1126242493,"tcpack":389311454,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:03.178921+0800","flow_id":1617477990428988,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51209,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":2494681712,"tcpack":654247206,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:03.722564+0800","event_type":"stats","stats":{"uptime":16,"capture":{"kernel_packets":250,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":46972,"poll_signal":0,"poll_timeout":2107,"poll_data":44865,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":283,"bytes":33167,"invalid":0,"ipv4":166,"ipv6":21,"ethernet":283,"arp":65,"unknown_ethertype":31,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":88,"udp":74,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":21,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":117,"max_pkt_size":1021,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":8,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":27,"synack":44,"rst":4,"active_sessions":11,"sessions":11,"ssn_memcap_drop":0,"ssn_from_cache":0,"ssn_from_pool":11,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9699840,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":100,"active":100,"tcp":24,"udp":62,"icmpv4":2,"icmpv6":12,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":0,"flows_evicted_pkt_inject":0,"flows_evicted":0,"flows_injected":0,"flows_injected_max":0},"end":{"state":{"new":0,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":0,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":2,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":69,"flows_notimeout":69,"flows_timeout":0,"flows_evicted":0,"flows_evicted_needs_work":0},"spare":9800,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":0,"queue_avg":0,"queue_max":0},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:47:47.188074+0800","rules_loaded":0,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":2,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":0,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":27,"nfs_udp":0,"krb5_udp":0,"failed_udp":29},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":1,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":0,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":29,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:48:04.009547+0800","flow_id":1065929755652415,"in_iface":"eth2","event_type":"drop","src_ip":"203.205.254.125","src_port":443,"dest_ip":"192.168.0.120","dest_port":37790,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":209,"tos":104,"ttl":54,"ipid":6869,"tcpseq":2361333913,"tcpack":54125386,"tcpwin":161,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:04.103012+0800","flow_id":701137352501974,"in_iface":"eth2","event_type":"drop","src_ip":"13.251.3.40","src_port":443,"dest_ip":"192.168.0.100","dest_port":40994,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":240,"ipid":0,"tcpseq":1126242493,"tcpack":389311454,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:04.467272+0800","flow_id":1162496845655096,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.120","src_port":13711,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":56549,"rrname":"connectivitycheck.cbg-app.huawei.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:04.467918+0800","flow_id":411612083791719,"in_iface":"eth2","event_type":"drop","src_ip":"192.168.0.1","src_port":853,"dest_ip":"192.168.0.120","dest_port":51380,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":40,"tos":0,"ttl":64,"ipid":0,"tcpseq":0,"tcpack":2249604229,"tcpwin":0,"syn":false,"ack":true,"psh":false,"rst":true,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream error"}}
{"timestamp":"2023-07-22T08:48:04.544476+0800","flow_id":1212610857992415,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":443,"dest_ip":"192.168.0.120","dest_port":48416,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3352528712,"tcpack":2638389904,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:04.551038+0800","flow_id":1240792446339433,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":80,"dest_ip":"192.168.0.120","dest_port":56470,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":3008205472,"tcpack":159219683,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:04.595442+0800","flow_id":478271561082340,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":44052,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":1279721089,"tcpack":2721257159,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:04.595622+0800","flow_id":502683678044030,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.120","dest_port":53718,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":584949462,"tcpack":783253451,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:04.610848+0800","flow_id":1545928256501303,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36238,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1116906190,"tcpack":1840866801,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:04.867241+0800","flow_id":1449726617391670,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36252,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4045186377,"tcpack":689594488,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:05.068869+0800","flow_id":309367683547292,"in_iface":"eth2","event_type":"drop","src_ip":"192.168.0.1","src_port":853,"dest_ip":"192.168.0.122","dest_port":58332,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":40,"tos":0,"ttl":64,"ipid":0,"tcpseq":0,"tcpack":3217478197,"tcpwin":0,"syn":false,"ack":true,"psh":false,"rst":true,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream error"}}
{"timestamp":"2023-07-22T08:48:05.088136+0800","flow_id":1504442955769084,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.122","src_port":32900,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":7077,"rrname":"connectivitycheck.cbg-app.huawei.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:05.093132+0800","flow_id":701137352501974,"in_iface":"eth2","event_type":"drop","src_ip":"13.251.3.40","src_port":443,"dest_ip":"192.168.0.100","dest_port":40994,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":240,"ipid":0,"tcpseq":1126242493,"tcpack":389311454,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:05.140573+0800","flow_id":1754903601389484,"in_iface":"eth2","event_type":"drop","src_ip":"91.108.56.117","src_port":443,"dest_ip":"192.168.0.120","dest_port":42544,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":54,"ipid":37684,"tcpseq":2121250457,"tcpack":1618710170,"tcpwin":2082,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":true,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:05.156153+0800","flow_id":1515099852113944,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":80,"dest_ip":"192.168.0.122","dest_port":49880,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":164729194,"tcpack":3386918206,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:05.156569+0800","flow_id":1516884924678710,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":443,"dest_ip":"192.168.0.122","dest_port":55564,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":780917166,"tcpack":571048034,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:05.183756+0800","flow_id":1617477990428988,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51209,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":2494681712,"tcpack":654247206,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:05.203033+0800","flow_id":379859322582505,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46258,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3596437509,"tcpack":975943845,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:05.214174+0800","flow_id":425887794297131,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.122","dest_port":34120,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":1207434421,"tcpack":539976092,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:05.563614+0800","flow_id":1212610857992415,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":443,"dest_ip":"192.168.0.120","dest_port":48416,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3352528712,"tcpack":2638389904,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:05.567777+0800","flow_id":1212610857992415,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":443,"dest_ip":"192.168.0.120","dest_port":48416,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3352528712,"tcpack":2638389904,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:05.568056+0800","flow_id":1240792446339433,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":80,"dest_ip":"192.168.0.120","dest_port":56470,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":3008205472,"tcpack":159219683,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:06.185885+0800","flow_id":1515099852113944,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":80,"dest_ip":"192.168.0.122","dest_port":49880,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":164729194,"tcpack":3386918206,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:06.186213+0800","flow_id":1516884924678710,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":443,"dest_ip":"192.168.0.122","dest_port":55564,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":780917166,"tcpack":571048034,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:06.274713+0800","flow_id":1742836173473812,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4978,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2280873049,"tcpack":3479662160,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:06.468777+0800","flow_id":2231058968123053,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41868,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3034198435,"tcpack":2647193204,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:06.482080+0800","flow_id":411612083791719,"in_iface":"eth2","event_type":"drop","src_ip":"192.168.0.1","src_port":853,"dest_ip":"192.168.0.120","dest_port":51380,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":40,"tos":0,"ttl":64,"ipid":0,"tcpseq":0,"tcpack":2249604229,"tcpwin":0,"syn":false,"ack":true,"psh":false,"rst":true,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream error"}}
{"timestamp":"2023-07-22T08:48:06.610754+0800","flow_id":478271561082340,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":44052,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":1279721089,"tcpack":2721257159,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:06.610618+0800","flow_id":502683678044030,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.120","dest_port":53718,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":584949462,"tcpack":783253451,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:06.623080+0800","flow_id":1240792446339433,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":80,"dest_ip":"192.168.0.120","dest_port":56470,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":3008205472,"tcpack":159219683,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:07.100763+0800","flow_id":309367683547292,"in_iface":"eth2","event_type":"drop","src_ip":"192.168.0.1","src_port":853,"dest_ip":"192.168.0.122","dest_port":58332,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":40,"tos":0,"ttl":64,"ipid":0,"tcpseq":0,"tcpack":3217478197,"tcpwin":0,"syn":false,"ack":true,"psh":false,"rst":true,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream error"}}
{"timestamp":"2023-07-22T08:48:07.109588+0800","flow_id":701137352501974,"in_iface":"eth2","event_type":"drop","src_ip":"13.251.3.40","src_port":443,"dest_ip":"192.168.0.100","dest_port":40994,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":240,"ipid":0,"tcpseq":1126242493,"tcpack":389311454,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:07.182231+0800","flow_id":1617477990428988,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51209,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":2494681712,"tcpack":654247206,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:07.221165+0800","flow_id":379859322582505,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46258,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3596437509,"tcpack":975943845,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:07.231808+0800","flow_id":425887794297131,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.122","dest_port":34120,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":1207434421,"tcpack":539976092,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:07.294624+0800","flow_id":1742836173473812,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4978,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2280873049,"tcpack":3479662160,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:07.345809+0800","flow_id":1516884924678710,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":443,"dest_ip":"192.168.0.122","dest_port":55564,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":780917166,"tcpack":571048034,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:07.535871+0800","flow_id":1515099852113944,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":80,"dest_ip":"192.168.0.122","dest_port":49880,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":164729194,"tcpack":3386918206,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:07.585549+0800","flow_id":1212610857992415,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":443,"dest_ip":"192.168.0.120","dest_port":48416,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3352528712,"tcpack":2638389904,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:07.589525+0800","flow_id":1240792446339433,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":80,"dest_ip":"192.168.0.120","dest_port":56470,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":3008205472,"tcpack":159219683,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:08.047604+0800","flow_id":204460173116604,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.100","src_port":47725,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":13695,"rrname":"n-devs-gw.tplinkcloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:08.131374+0800","flow_id":1297622619098,"in_iface":"eth2","event_type":"drop","src_ip":"13.228.231.9","src_port":443,"dest_ip":"192.168.0.100","dest_port":39960,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":239,"ipid":0,"tcpseq":564509967,"tcpack":848487068,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:08.187918+0800","flow_id":1515099852113944,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":80,"dest_ip":"192.168.0.122","dest_port":49880,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":164729194,"tcpack":3386918206,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:08.188289+0800","flow_id":1516884924678710,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":443,"dest_ip":"192.168.0.122","dest_port":55564,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":780917166,"tcpack":571048034,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:08.321707+0800","flow_id":1742836173473812,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4978,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2280873049,"tcpack":3479662160,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:09.130711+0800","flow_id":1297622619098,"in_iface":"eth2","event_type":"drop","src_ip":"13.228.231.9","src_port":443,"dest_ip":"192.168.0.100","dest_port":39960,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":239,"ipid":0,"tcpseq":564509967,"tcpack":848487068,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:09.221910+0800","flow_id":1617477990428988,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51209,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":2494681712,"tcpack":654247206,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:09.464649+0800","flow_id":1742836173473812,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4978,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2280873049,"tcpack":3479662160,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:09.594547+0800","flow_id":1212610857992415,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":443,"dest_ip":"192.168.0.120","dest_port":48416,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3352528712,"tcpack":2638389904,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:09.599194+0800","flow_id":1212610857992415,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":443,"dest_ip":"192.168.0.120","dest_port":48416,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3352528712,"tcpack":2638389904,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:09.606166+0800","flow_id":1240792446339433,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":80,"dest_ip":"192.168.0.120","dest_port":56470,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":3008205472,"tcpack":159219683,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:10.131036+0800","flow_id":1297622619098,"in_iface":"eth2","event_type":"drop","src_ip":"13.228.231.9","src_port":443,"dest_ip":"192.168.0.100","dest_port":39960,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":239,"ipid":0,"tcpseq":564509967,"tcpack":848487068,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:10.303813+0800","flow_id":1515099852113944,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":80,"dest_ip":"192.168.0.122","dest_port":49880,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":164729194,"tcpack":3386918206,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:10.303813+0800","flow_id":1516884924678710,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":443,"dest_ip":"192.168.0.122","dest_port":55564,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":780917166,"tcpack":571048034,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:10.644410+0800","flow_id":411612083791719,"in_iface":"eth2","event_type":"drop","src_ip":"192.168.0.1","src_port":853,"dest_ip":"192.168.0.120","dest_port":51380,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":40,"tos":0,"ttl":64,"ipid":0,"tcpseq":0,"tcpack":2249604229,"tcpwin":0,"syn":false,"ack":true,"psh":false,"rst":true,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream error"}}
{"timestamp":"2023-07-22T08:48:10.735541+0800","flow_id":502683678044030,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.120","dest_port":53718,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":584949462,"tcpack":783253451,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:10.735921+0800","flow_id":478271561082340,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":44052,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":1279721089,"tcpack":2721257159,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:11.128612+0800","flow_id":1297622619098,"in_iface":"eth2","event_type":"drop","src_ip":"13.228.231.9","src_port":443,"dest_ip":"192.168.0.100","dest_port":39960,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":239,"ipid":0,"tcpseq":564509967,"tcpack":848487068,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:11.227986+0800","flow_id":309367683547292,"in_iface":"eth2","event_type":"drop","src_ip":"192.168.0.1","src_port":853,"dest_ip":"192.168.0.122","dest_port":58332,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":40,"tos":0,"ttl":64,"ipid":0,"tcpseq":0,"tcpack":3217478197,"tcpwin":0,"syn":false,"ack":true,"psh":false,"rst":true,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream error"}}
{"timestamp":"2023-07-22T08:48:11.229568+0800","flow_id":1617477990428988,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51209,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":2494681712,"tcpack":654247206,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:11.270022+0800","flow_id":701137352501974,"in_iface":"eth2","event_type":"drop","src_ip":"13.251.3.40","src_port":443,"dest_ip":"192.168.0.100","dest_port":40994,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":240,"ipid":0,"tcpseq":1126242493,"tcpack":389311454,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:11.293446+0800","flow_id":379859322582505,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46258,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3596437509,"tcpack":975943845,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:11.304778+0800","flow_id":425887794297131,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.122","dest_port":34120,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":1207434421,"tcpack":539976092,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:11.459249+0800","flow_id":1065929755652415,"in_iface":"eth2","event_type":"drop","src_ip":"203.205.254.125","src_port":443,"dest_ip":"192.168.0.120","dest_port":37790,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":209,"tos":104,"ttl":54,"ipid":6870,"tcpseq":2361333913,"tcpack":54125386,"tcpwin":161,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:11.494938+0800","flow_id":1742836173473812,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4978,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2280873049,"tcpack":3479662160,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:11.540320+0800","flow_id":913282632992596,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.170","src_port":50675,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":1693,"rrname":"devs-pe.tplinkcloud.com.cn","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:11.623044+0800","flow_id":1240792446339433,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":80,"dest_ip":"192.168.0.120","dest_port":56470,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":3008205472,"tcpack":159219683,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:11.726319+0800","event_type":"stats","stats":{"uptime":24,"capture":{"kernel_packets":388,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":63138,"poll_signal":0,"poll_timeout":3060,"poll_data":60078,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":401,"bytes":42176,"invalid":0,"ipv4":257,"ipv6":28,"ethernet":401,"arp":73,"unknown_ethertype":43,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":171,"udp":82,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":28,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":105,"max_pkt_size":1021,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":62,"synack":86,"rst":8,"active_sessions":17,"sessions":17,"ssn_memcap_drop":0,"ssn_from_cache":0,"ssn_from_pool":17,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9701024,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":124,"active":124,"tcp":36,"udp":74,"icmpv4":2,"icmpv6":12,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":0,"flows_evicted_pkt_inject":0,"flows_evicted":0,"flows_injected":0,"flows_injected_max":0},"end":{"state":{"new":0,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":0,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":2,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":108,"flows_notimeout":108,"flows_timeout":0,"flows_evicted":0,"flows_evicted_needs_work":0},"spare":9800,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":0,"queue_avg":0,"queue_max":0},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:47:47.188074+0800","rules_loaded":0,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":6,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":0,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":31,"nfs_udp":0,"krb5_udp":0,"failed_udp":33},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":3,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":0,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":33,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:48:12.345991+0800","flow_id":1516884924678710,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":443,"dest_ip":"192.168.0.122","dest_port":55564,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":780917166,"tcpack":571048034,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:12.535189+0800","flow_id":1515099852113944,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":80,"dest_ip":"192.168.0.122","dest_port":49880,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":164729194,"tcpack":3386918206,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:13.139015+0800","flow_id":1297622619098,"in_iface":"eth2","event_type":"drop","src_ip":"13.228.231.9","src_port":443,"dest_ip":"192.168.0.100","dest_port":39960,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":239,"ipid":0,"tcpseq":564509967,"tcpack":848487068,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:13.628047+0800","flow_id":1212610857992415,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":443,"dest_ip":"192.168.0.120","dest_port":48416,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3352528712,"tcpack":2638389904,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:13.761481+0800","flow_id":1212610857992415,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":443,"dest_ip":"192.168.0.120","dest_port":48416,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3352528712,"tcpack":2638389904,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:13.772622+0800","flow_id":1240792446339433,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":80,"dest_ip":"192.168.0.120","dest_port":56470,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":3008205472,"tcpack":159219683,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:14.365480+0800","flow_id":1515099852113944,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":80,"dest_ip":"192.168.0.122","dest_port":49880,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":164729194,"tcpack":3386918206,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:14.365902+0800","flow_id":1516884924678710,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":443,"dest_ip":"192.168.0.122","dest_port":55564,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":780917166,"tcpack":571048034,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:14.526601+0800","flow_id":1698788000233256,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41872,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":4214131078,"tcpack":635969375,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:14.595113+0800","flow_id":1711566978532506,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51210,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3183781056,"tcpack":655056366,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:15.263493+0800","flow_id":1617477990428988,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51209,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":2494681712,"tcpack":654247206,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:15.526208+0800","flow_id":1698788000233256,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41872,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":4214131078,"tcpack":635969375,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:15.554990+0800","flow_id":1698788000233256,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41872,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":4214131078,"tcpack":635969375,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:15.618698+0800","flow_id":1742836173473812,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4978,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2280873049,"tcpack":3479662160,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:15.648758+0800","flow_id":1711566978532506,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51210,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3183781056,"tcpack":655056366,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:15.753470+0800","flow_id":2110232438441239,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":36616,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":127806868,"tcpack":155869530,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:15.767259+0800","flow_id":2169454298423016,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":40778,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":41484926,"tcpack":3936106002,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:15.963123+0800","flow_id":2110232438441239,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":36616,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":127806868,"tcpack":155869530,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:15.970140+0800","flow_id":2169454298423016,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":40778,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":41484926,"tcpack":3936106002,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:16.169423+0800","flow_id":2110232438441239,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":36616,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":127806868,"tcpack":155869530,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:16.181252+0800","flow_id":2169454298423016,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":40778,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":41484926,"tcpack":3936106002,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:16.195369+0800","flow_id":1711566978532506,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51210,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3183781056,"tcpack":655056366,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:16.377946+0800","flow_id":2110232438441239,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":36616,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":127806868,"tcpack":155869530,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:16.383972+0800","flow_id":2169454298423016,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":40778,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":41484926,"tcpack":3936106002,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:16.440270+0800","flow_id":202098252815668,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.122","dest_port":43232,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":4069518769,"tcpack":3894394336,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:16.446313+0800","flow_id":228053425888578,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3649232676,"tcpack":499701216,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:16.599239+0800","flow_id":2110232438441239,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":36616,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":127806868,"tcpack":155869530,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:16.612117+0800","flow_id":2169454298423016,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":40778,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":41484926,"tcpack":3936106002,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:16.648349+0800","flow_id":202098252815668,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.122","dest_port":43232,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":4069518769,"tcpack":3894394336,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:16.648350+0800","flow_id":228053425888578,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3649232676,"tcpack":499701216,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:16.857001+0800","flow_id":202098252815668,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.122","dest_port":43232,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":4069518769,"tcpack":3894394336,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:16.857001+0800","flow_id":228053425888578,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3649232676,"tcpack":499701216,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:17.064730+0800","flow_id":202098252815668,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.122","dest_port":43232,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":4069518769,"tcpack":3894394336,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:17.068308+0800","flow_id":228053425888578,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3649232676,"tcpack":499701216,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:17.213747+0800","flow_id":202098252815668,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.122","dest_port":43232,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":4069518769,"tcpack":3894394336,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:17.218931+0800","flow_id":228053425888578,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3649232676,"tcpack":499701216,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:17.395345+0800","flow_id":1297622619098,"in_iface":"eth2","event_type":"drop","src_ip":"13.228.231.9","src_port":443,"dest_ip":"192.168.0.100","dest_port":39960,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":239,"ipid":0,"tcpseq":564509967,"tcpack":848487068,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:17.574636+0800","flow_id":1698788000233256,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41872,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":4214131078,"tcpack":635969375,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:17.578526+0800","flow_id":1698788000233256,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41872,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":4214131078,"tcpack":635969375,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:18.025231+0800","flow_id":1240792446339433,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":80,"dest_ip":"192.168.0.120","dest_port":56470,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":3008205472,"tcpack":159219683,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:18.195591+0800","flow_id":1711566978532506,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51210,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3183781056,"tcpack":655056366,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:18.536726+0800","flow_id":1515099852113944,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":80,"dest_ip":"192.168.0.122","dest_port":49880,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":164729194,"tcpack":3386918206,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:18.548023+0800","flow_id":664891578449272,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":59366,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2054334094,"tcpack":1110836390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:18.547943+0800","flow_id":664549424751812,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":34578,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":432656495,"tcpack":3907211062,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:18.609414+0800","flow_id":2110232438441239,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":36616,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":127806868,"tcpack":155869530,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:18.620395+0800","flow_id":2169454298423016,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":40778,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":41484926,"tcpack":3936106002,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:18.837326+0800","flow_id":411612083791719,"in_iface":"eth2","event_type":"drop","src_ip":"192.168.0.1","src_port":853,"dest_ip":"192.168.0.120","dest_port":51380,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":40,"tos":0,"ttl":64,"ipid":0,"tcpseq":0,"tcpack":2249604229,"tcpwin":0,"syn":false,"ack":true,"psh":false,"rst":true,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream error"}}
{"timestamp":"2023-07-22T08:48:18.946324+0800","flow_id":1516884924678710,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":443,"dest_ip":"192.168.0.122","dest_port":55564,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":780917166,"tcpack":571048034,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:19.550519+0800","flow_id":664891578449272,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":59366,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2054334094,"tcpack":1110836390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:19.567957+0800","flow_id":664891578449272,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":59366,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2054334094,"tcpack":1110836390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:19.567956+0800","flow_id":664549424751812,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":34578,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":432656495,"tcpack":3907211062,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:19.729461+0800","event_type":"stats","stats":{"uptime":32,"capture":{"kernel_packets":514,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":73243,"poll_signal":0,"poll_timeout":4384,"poll_data":68859,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":526,"bytes":52500,"invalid":0,"ipv4":350,"ipv6":33,"ethernet":526,"arp":83,"unknown_ethertype":60,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":257,"udp":89,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":33,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":99,"max_pkt_size":1021,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":92,"synack":139,"rst":10,"active_sessions":23,"sessions":23,"ssn_memcap_drop":0,"ssn_from_cache":0,"ssn_from_pool":23,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9701536,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":139,"active":139,"tcp":48,"udp":77,"icmpv4":2,"icmpv6":12,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":0,"flows_evicted_pkt_inject":0,"flows_evicted":0,"flows_injected":0,"flows_injected_max":0},"end":{"state":{"new":0,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":0,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":4,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":127,"flows_notimeout":127,"flows_timeout":0,"flows_evicted":0,"flows_evicted_needs_work":0},"spare":9800,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":0,"queue_avg":0,"queue_max":0},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":8,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":0,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":31,"nfs_udp":0,"krb5_udp":0,"failed_udp":34},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":4,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":0,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":33,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:48:20.215919+0800","flow_id":1711566978532506,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51210,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3183781056,"tcpack":655056366,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:20.619627+0800","flow_id":664549424751812,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":34578,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":432656495,"tcpack":3907211062,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:20.710256+0800","flow_id":2110232438441239,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":36616,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":127806868,"tcpack":155869530,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:20.721279+0800","flow_id":2169454298423016,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":40778,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":41484926,"tcpack":3936106002,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:20.739879+0800","flow_id":1545928256501303,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36238,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3472787226,"tcpack":1840866801,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:20.832540+0800","flow_id":1443977121276446,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.10","dest_port":31755,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":301,"bytes_toclient":0,"start":"2023-07-22T08:47:49.139594+0800","end":"2023-07-22T08:47:49.139594+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:20.832829+0800","flow_id":1443381281924249,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.10","dest_port":18665,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":301,"bytes_toclient":0,"start":"2023-07-22T08:47:49.139455+0800","end":"2023-07-22T08:47:49.139455+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:20.994320+0800","flow_id":1449726617391670,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36252,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1435350753,"tcpack":689594488,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:21.040272+0800","flow_id":1545928256501303,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36238,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3472787226,"tcpack":1840866801,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:21.246130+0800","flow_id":1620073117287843,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.122","dest_port":34518,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3513889186,"tcpack":1987373722,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:21.252237+0800","flow_id":1646300058210061,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.122","dest_port":48198,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":1182537164,"tcpack":280982850,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:21.299693+0800","flow_id":1449726617391670,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36252,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1435350753,"tcpack":689594488,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:21.305061+0800","flow_id":202098252815668,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.122","dest_port":43232,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":4069518769,"tcpack":3894394336,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:21.310792+0800","flow_id":228053425888578,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3649232676,"tcpack":499701216,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:21.499020+0800","flow_id":309367683547292,"in_iface":"eth2","event_type":"drop","src_ip":"192.168.0.1","src_port":853,"dest_ip":"192.168.0.122","dest_port":58332,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":40,"tos":0,"ttl":64,"ipid":0,"tcpseq":0,"tcpack":3217478197,"tcpwin":0,"syn":false,"ack":true,"psh":false,"rst":true,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream error"}}
{"timestamp":"2023-07-22T08:48:21.573175+0800","flow_id":664891578449272,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":59366,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2054334094,"tcpack":1110836390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:21.572911+0800","flow_id":664549424751812,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":34578,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":432656495,"tcpack":3907211062,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:21.630018+0800","flow_id":1580009558409789,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4982,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3241782350,"tcpack":969057383,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:21.831038+0800","flow_id":1698788000233256,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41872,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":4214131078,"tcpack":635969375,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:21.833177+0800","flow_id":1688456840264659,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":52774,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":103,"bytes_toclient":0,"start":"2023-07-22T08:47:49.130980+0800","end":"2023-07-22T08:47:49.130980+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:21.833355+0800","flow_id":1446264595791545,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.10","dest_port":19396,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":301,"bytes_toclient":0,"start":"2023-07-22T08:47:49.140126+0800","end":"2023-07-22T08:47:49.140126+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:21.858474+0800","flow_id":1445677009193371,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.10","dest_port":30598,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":301,"bytes_toclient":0,"start":"2023-07-22T08:47:49.139989+0800","end":"2023-07-22T08:47:49.139989+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:21.859067+0800","flow_id":1628789476412946,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.10","dest_port":1678,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":144,"bytes_toclient":0,"start":"2023-07-22T08:47:49.117088+0800","end":"2023-07-22T08:47:49.117088+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:21.859523+0800","flow_id":1437229237458199,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":48663,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:47:49.072487+0800","end":"2023-07-22T08:47:49.072487+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:21.859904+0800","flow_id":1527532243507329,"in_iface":"eth2","event_type":"flow","src_ip":"fe80:0000:0000:0000:68ba:73ff:fea0:e476","dest_ip":"ff02:0000:0000:0000:0000:0000:0000:0016","proto":"IPv6-ICMP","icmp_type":143,"icmp_code":0,"flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:47:49.552264+0800","end":"2023-07-22T08:47:49.552264+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:21.860274+0800","flow_id":1621788962380293,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.10","src_port":42183,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:47:49.115458+0800","end":"2023-07-22T08:47:49.115458+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:21.860614+0800","flow_id":1612445939260130,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":48663,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:47:49.113282+0800","end":"2023-07-22T08:47:49.113282+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:21.861040+0800","flow_id":1671384424768114,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":50795,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":296,"bytes_toclient":0,"start":"2023-07-22T08:47:49.127005+0800","end":"2023-07-22T08:47:49.127005+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:21.861493+0800","flow_id":1621789433128196,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.10","src_port":18665,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:47:49.115458+0800","end":"2023-07-22T08:47:49.115458+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:22.201801+0800","flow_id":1711566978532506,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51210,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3183781056,"tcpack":655056366,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:22.260496+0800","flow_id":1646300058210061,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.122","dest_port":48198,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":1182537164,"tcpack":280982850,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:22.260913+0800","flow_id":1620073117287843,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.122","dest_port":34518,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3513889186,"tcpack":1987373722,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:22.635136+0800","flow_id":1580009558409789,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4982,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3241782350,"tcpack":969057383,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:22.646189+0800","flow_id":1580009558409789,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4982,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3241782350,"tcpack":969057383,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:22.886372+0800","flow_id":2173594394355928,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.11","dest_port":40462,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":307,"bytes_toclient":0,"start":"2023-07-22T08:47:51.309471+0800","end":"2023-07-22T08:47:51.309471+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:22.886760+0800","flow_id":1444289410367553,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.10","dest_port":58815,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":301,"bytes_toclient":0,"start":"2023-07-22T08:47:49.139666+0800","end":"2023-07-22T08:47:49.139666+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:23.080458+0800","flow_id":1545928256501303,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36238,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3472787226,"tcpack":1840866801,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:23.269667+0800","flow_id":1620073117287843,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.122","dest_port":34518,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3513889186,"tcpack":1987373722,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:23.289938+0800","flow_id":1646300058210061,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.122","dest_port":48198,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":1182537164,"tcpack":280982850,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:23.331231+0800","flow_id":1449726617391670,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36252,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1435350753,"tcpack":689594488,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:23.336844+0800","flow_id":228053425888578,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3649232676,"tcpack":499701216,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:23.336844+0800","flow_id":202098252815668,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.122","dest_port":43232,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":4069518769,"tcpack":3894394336,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:23.582324+0800","flow_id":664891578449272,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":59366,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2054334094,"tcpack":1110836390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:23.592828+0800","flow_id":664891578449272,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":59366,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2054334094,"tcpack":1110836390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:23.593268+0800","flow_id":664549424751812,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":34578,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":432656495,"tcpack":3907211062,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:23.912364+0800","flow_id":2139300655270650,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.11","src_port":39259,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:47:51.301486+0800","end":"2023-07-22T08:47:51.301486+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:23.912774+0800","flow_id":44941669567619,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":55058,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":89,"bytes_toclient":0,"start":"2023-07-22T08:47:52.010463+0800","end":"2023-07-22T08:47:52.010463+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:24.217358+0800","flow_id":1711566978532506,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51210,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3183781056,"tcpack":655056366,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:24.268335+0800","flow_id":1620073117287843,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.122","dest_port":34518,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3513889186,"tcpack":1987373722,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:24.278856+0800","flow_id":1646300058210061,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.122","dest_port":48198,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":1182537164,"tcpack":280982850,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:24.595885+0800","flow_id":1754903601389484,"in_iface":"eth2","event_type":"drop","src_ip":"91.108.56.117","src_port":443,"dest_ip":"192.168.0.120","dest_port":42544,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":54,"ipid":37685,"tcpseq":2121250457,"tcpack":1618710170,"tcpwin":2082,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":true,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:24.650669+0800","flow_id":1580009558409789,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4982,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3241782350,"tcpack":969057383,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:24.800319+0800","flow_id":2110232438441239,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":36616,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":127806868,"tcpack":155869530,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:24.811050+0800","flow_id":2169454298423016,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":40778,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":41484926,"tcpack":3936106002,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:24.829070+0800","flow_id":1580009558409789,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4982,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3241782350,"tcpack":969057383,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:24.913414+0800","flow_id":1869463548728544,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.11","src_port":18916,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":96,"bytes_toclient":0,"start":"2023-07-22T08:47:50.304196+0800","end":"2023-07-22T08:47:50.304196+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:24.913715+0800","flow_id":2141060310573350,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.11","src_port":64920,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:47:51.301896+0800","end":"2023-07-22T08:47:51.301896+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:24.913891+0800","flow_id":1615271214653814,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.10","src_port":1678,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":96,"bytes_toclient":0,"start":"2023-07-22T08:47:49.113940+0800","end":"2023-07-22T08:47:49.113940+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:24.914072+0800","flow_id":2163083368015433,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.11","dest_port":64920,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":307,"bytes_toclient":0,"start":"2023-07-22T08:47:51.307024+0800","end":"2023-07-22T08:47:51.307024+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:24.937439+0800","flow_id":2196388631490797,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.11","dest_port":41254,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":307,"bytes_toclient":0,"start":"2023-07-22T08:47:51.314778+0800","end":"2023-07-22T08:47:51.314778+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:24.937652+0800","flow_id":2159455180436430,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.11","dest_port":39259,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":307,"bytes_toclient":0,"start":"2023-07-22T08:47:51.306179+0800","end":"2023-07-22T08:47:51.306179+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:24.937816+0800","flow_id":2171576898762000,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.11","dest_port":63404,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":307,"bytes_toclient":0,"start":"2023-07-22T08:47:51.309001+0800","end":"2023-07-22T08:47:51.309001+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:25.614081+0800","flow_id":664549424751812,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":34578,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":432656495,"tcpack":3907211062,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:25.938422+0800","flow_id":1621790325885758,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.10","src_port":30598,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:47:49.115458+0800","end":"2023-07-22T08:47:49.115458+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:25.962768+0800","flow_id":2179892518802265,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.11","dest_port":18475,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":307,"bytes_toclient":0,"start":"2023-07-22T08:47:51.310937+0800","end":"2023-07-22T08:47:51.310937+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:25.963092+0800","flow_id":1621951139439934,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.10","src_port":19396,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:47:49.115495+0800","end":"2023-07-22T08:47:49.115495+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:25.963320+0800","flow_id":1621791398848559,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.10","src_port":58815,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:47:49.115458+0800","end":"2023-07-22T08:47:49.115458+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:26.206794+0800","flow_id":1711566978532506,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51210,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3183781056,"tcpack":655056366,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:26.276868+0800","flow_id":1620073117287843,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.122","dest_port":34518,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3513889186,"tcpack":1987373722,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:26.298579+0800","flow_id":1646300058210061,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.122","dest_port":48198,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":1182537164,"tcpack":280982850,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:26.341873+0800","flow_id":1065929755652415,"in_iface":"eth2","event_type":"drop","src_ip":"203.205.254.125","src_port":443,"dest_ip":"192.168.0.120","dest_port":37790,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":209,"tos":104,"ttl":54,"ipid":6871,"tcpseq":2361333913,"tcpack":54125386,"tcpwin":161,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:26.963791+0800","flow_id":1883107377770020,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.11","dest_port":18916,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":144,"bytes_toclient":0,"start":"2023-07-22T08:47:50.307373+0800","end":"2023-07-22T08:47:50.307373+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:26.964224+0800","flow_id":1985013284433686,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.11","dest_port":23222,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":134,"bytes_toclient":0,"start":"2023-07-22T08:47:51.331099+0800","end":"2023-07-22T08:47:51.331099+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:26.964404+0800","flow_id":2148073596874628,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.11","src_port":63404,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:47:51.303529+0800","end":"2023-07-22T08:47:51.303529+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:26.987559+0800","flow_id":1680389657624221,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":52774,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":103,"bytes_toclient":0,"start":"2023-07-22T08:47:49.129102+0800","end":"2023-07-22T08:47:49.129102+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:26.987907+0800","flow_id":1437230609302833,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":50795,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:47:49.072487+0800","end":"2023-07-22T08:47:49.072487+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:26.988211+0800","flow_id":2148075363797259,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.11","src_port":40462,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:47:51.303529+0800","end":"2023-07-22T08:47:51.303529+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:26.988413+0800","flow_id":1621950060726653,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.10","src_port":31755,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:47:49.115495+0800","end":"2023-07-22T08:47:49.115495+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:26.988621+0800","flow_id":1444941188073862,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.10","dest_port":42183,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":301,"bytes_toclient":0,"start":"2023-07-22T08:47:49.139818+0800","end":"2023-07-22T08:47:49.139818+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:26.988974+0800","flow_id":1616494520404630,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.10","src_port":4432,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:47:49.114225+0800","end":"2023-07-22T08:47:49.114225+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:26.989546+0800","flow_id":1436776795180955,"in_iface":"eth1","event_type":"flow","src_ip":"fe80:0000:0000:0000:7c0d:b9ff:fe07:7405","dest_ip":"ff02:0000:0000:0000:0000:0000:0000:0016","proto":"IPv6-ICMP","icmp_type":143,"icmp_code":0,"flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:47:49.072381+0800","end":"2023-07-22T08:47:49.072381+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:27.113574+0800","flow_id":1545928256501303,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36238,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3472787226,"tcpack":1840866801,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:27.363791+0800","flow_id":1449726617391670,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36252,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1435350753,"tcpack":689594488,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:27.615417+0800","flow_id":664891578449272,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":59366,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2054334094,"tcpack":1110836390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:27.734053+0800","event_type":"stats","stats":{"uptime":40,"capture":{"kernel_packets":636,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":90634,"poll_signal":0,"poll_timeout":5765,"poll_data":84869,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":646,"bytes":61468,"invalid":0,"ipv4":444,"ipv6":34,"ethernet":646,"arp":89,"unknown_ethertype":79,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":349,"udp":91,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":34,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":95,"max_pkt_size":1021,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":128,"synack":191,"rst":12,"active_sessions":28,"sessions":28,"ssn_memcap_drop":0,"ssn_from_cache":0,"ssn_from_pool":28,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9702208,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":151,"active":124,"tcp":58,"udp":79,"icmpv4":2,"icmpv6":12,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":0,"flows_evicted_pkt_inject":0,"flows_evicted":0,"flows_injected":0,"flows_injected_max":0},"end":{"state":{"new":27,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":0,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":5,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":191,"flows_notimeout":161,"flows_timeout":30,"flows_evicted":30,"flows_evicted_needs_work":0},"spare":9825,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":27,"queue_avg":0,"queue_max":4},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":10,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":0,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":31,"nfs_udp":0,"krb5_udp":0,"failed_udp":34},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":5,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":0,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":33,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:48:27.990109+0800","flow_id":2148080268646635,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.11","src_port":9044,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:47:51.303530+0800","end":"2023-07-22T08:47:51.303530+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:27.990363+0800","flow_id":1442553598941539,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.10","dest_port":4432,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":301,"bytes_toclient":0,"start":"2023-07-22T08:47:49.139262+0800","end":"2023-07-22T08:47:49.139262+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:28.014557+0800","flow_id":2178131299969983,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":37498,"dest_ip":"192.168.0.255","dest_port":20002,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":1021,"bytes_toclient":0,"start":"2023-07-22T08:47:51.572671+0800","end":"2023-07-22T08:47:51.572671+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:28.014804+0800","flow_id":137201388858324,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.100","dest_port":55058,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":151,"bytes_toclient":0,"start":"2023-07-22T08:47:52.031944+0800","end":"2023-07-22T08:47:52.031944+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:28.017265+0800","flow_id":2148072531801518,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.11","src_port":23222,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":102,"bytes_toclient":0,"start":"2023-07-22T08:47:51.303529+0800","end":"2023-07-22T08:47:51.303529+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:28.258641+0800","flow_id":1711566978532506,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51210,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3183781056,"tcpack":655056366,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:28.558173+0800","flow_id":1271435652120521,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.170","src_port":50676,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":1694,"rrname":"devs-pe.tplinkcloud.com.cn","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:28.594324+0800","flow_id":1646300058210061,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.122","dest_port":48198,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":1182537164,"tcpack":280982850,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:28.594660+0800","flow_id":1620073117287843,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.122","dest_port":34518,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3513889186,"tcpack":1987373722,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:28.941236+0800","flow_id":1580009558409789,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4982,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3241782350,"tcpack":969057383,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:29.044776+0800","flow_id":2148073426635180,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.11","src_port":41254,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:47:51.303529+0800","end":"2023-07-22T08:47:51.303529+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:29.045345+0800","flow_id":2174803641355757,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.11","dest_port":9044,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":307,"bytes_toclient":0,"start":"2023-07-22T08:47:51.309752+0800","end":"2023-07-22T08:47:51.309752+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:29.045866+0800","flow_id":1947955943429609,"in_iface":"eth2","event_type":"flow","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.0.200","dest_port":36812,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":2,"pkts_toclient":0,"bytes_toserver":267,"bytes_toclient":0,"start":"2023-07-22T08:47:58.912295+0800","end":"2023-07-22T08:47:58.912295+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:29.046354+0800","flow_id":1875341631545107,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":48044,"dest_ip":"192.168.0.255","dest_port":20002,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":1021,"bytes_toclient":0,"start":"2023-07-22T08:47:58.043420+0800","end":"2023-07-22T08:47:58.043420+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:29.646417+0800","flow_id":664549424751812,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":34578,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":432656495,"tcpack":3907211062,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:29.783965+0800","flow_id":202098252815668,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.122","dest_port":43232,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":986033704,"tcpack":3894394336,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:29.789504+0800","flow_id":228053425888578,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2796148891,"tcpack":499701216,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:29.987079+0800","flow_id":202098252815668,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.122","dest_port":43232,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":986033704,"tcpack":3894394336,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:29.991638+0800","flow_id":228053425888578,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2796148891,"tcpack":499701216,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:30.071463+0800","flow_id":2148078465770631,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.11","src_port":18475,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:47:51.303530+0800","end":"2023-07-22T08:47:51.303530+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:30.071948+0800","flow_id":1000268432075148,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":67,"dest_ip":"192.168.0.100","dest_port":68,"proto":"UDP","app_proto":"dhcp","flow":{"pkts_toserver":2,"pkts_toclient":0,"bytes_toserver":686,"bytes_toclient":0,"start":"2023-07-22T08:47:55.691645+0800","end":"2023-07-22T08:47:55.750950+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:30.072650+0800","flow_id":1839347602945510,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":36812,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":2,"pkts_toclient":0,"bytes_toserver":174,"bytes_toclient":0,"start":"2023-07-22T08:47:58.887008+0800","end":"2023-07-22T08:47:58.887009+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:30.192949+0800","flow_id":202098252815668,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.122","dest_port":43232,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":986033704,"tcpack":3894394336,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:30.205355+0800","flow_id":228053425888578,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2796148891,"tcpack":499701216,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:30.234855+0800","flow_id":664549424751812,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":34578,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":432656495,"tcpack":3907211062,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:30.234856+0800","flow_id":664891578449272,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":59366,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2054334094,"tcpack":1110836390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:30.401701+0800","flow_id":202098252815668,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.122","dest_port":43232,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":986033704,"tcpack":3894394336,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:30.414559+0800","flow_id":228053425888578,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2796148891,"tcpack":499701216,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:30.810535+0800","flow_id":202098252815668,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.122","dest_port":43232,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":986033704,"tcpack":3894394336,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:30.822497+0800","flow_id":228053425888578,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2796148891,"tcpack":499701216,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:30.883950+0800","flow_id":1826211547864118,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41876,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2748966415,"tcpack":3857078545,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:31.106513+0800","flow_id":1414493733397057,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","dest_ip":"192.168.0.100","proto":"ICMP","icmp_type":0,"icmp_code":0,"flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:47:57.722553+0800","end":"2023-07-22T08:47:57.722553+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:31.608563+0800","flow_id":2050811258510708,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51211,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1482080531,"tcpack":655865594,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:31.632371+0800","flow_id":228053425888578,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2796148891,"tcpack":499701216,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:31.644340+0800","flow_id":202098252815668,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.122","dest_port":43232,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":986033704,"tcpack":3894394336,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:31.892990+0800","flow_id":1826211547864118,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41876,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2748966415,"tcpack":3857078545,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:32.133198+0800","flow_id":1609414782634291,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":52905,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":2,"pkts_toclient":0,"bytes_toserver":141,"bytes_toclient":0,"start":"2023-07-22T08:47:49.440257+0800","end":"2023-07-22T08:47:58.955821+0800","age":9,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:32.133691+0800","flow_id":1682567628344296,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","dest_ip":"192.168.0.1","proto":"ICMP","icmp_type":8,"icmp_code":0,"flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:47:57.719433+0800","end":"2023-07-22T08:47:57.719433+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:32.291830+0800","flow_id":1711566978532506,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51210,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3183781056,"tcpack":655056366,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:32.614613+0800","flow_id":1620073117287843,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.122","dest_port":34518,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3513889186,"tcpack":1987373722,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:32.634707+0800","flow_id":2050811258510708,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51211,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1482080531,"tcpack":655865594,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:32.639826+0800","flow_id":1646300058210061,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.122","dest_port":48198,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":1182537164,"tcpack":280982850,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:32.896731+0800","flow_id":1826211547864118,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41876,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2748966415,"tcpack":3857078545,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:33.160966+0800","flow_id":854721593625867,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":50674,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:47:55.526685+0800","end":"2023-07-22T08:47:55.526685+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:33.161842+0800","flow_id":916801013899662,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.170","dest_port":50674,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":164,"bytes_toclient":0,"start":"2023-07-22T08:47:55.541139+0800","end":"2023-07-22T08:47:55.541139+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:33.162289+0800","flow_id":304166368404840,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":16481,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:48:01.464035+0800","end":"2023-07-22T08:48:01.464035+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:33.162700+0800","flow_id":986665145362587,"in_iface":"eth1","event_type":"flow","src_ip":"0.0.0.0","src_port":68,"dest_ip":"255.255.255.255","dest_port":67,"proto":"UDP","app_proto":"dhcp","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":2154,"bytes_toclient":0,"start":"2023-07-22T08:47:55.688477+0800","end":"2023-07-22T08:48:01.448680+0800","age":6,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:33.163080+0800","flow_id":443824207718657,"in_iface":"eth1","event_type":"flow","src_ip":"0000:0000:0000:0000:0000:0000:0000:0000","dest_ip":"ff02:0000:0000:0000:0000:0000:0000:0016","proto":"IPv6-ICMP","icmp_type":143,"icmp_code":0,"flow":{"pkts_toserver":4,"pkts_toclient":0,"bytes_toserver":360,"bytes_toclient":0,"start":"2023-07-22T08:48:01.234407+0800","end":"2023-07-22T08:48:02.168175+0800","age":1,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:33.163433+0800","flow_id":760035086854671,"in_iface":"eth1","event_type":"flow","src_ip":"fe80:0000:0000:0000:374b:175a:2f40:bba1","dest_ip":"ff02:0000:0000:0000:0000:0000:0000:0016","proto":"IPv6-ICMP","icmp_type":143,"icmp_code":0,"flow":{"pkts_toserver":2,"pkts_toclient":0,"bytes_toserver":180,"bytes_toclient":0,"start":"2023-07-22T08:48:02.242495+0800","end":"2023-07-22T08:48:02.768872+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:33.229410+0800","flow_id":2050811258510708,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51211,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1482080531,"tcpack":655865594,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:34.003226+0800","flow_id":1826211547864118,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41876,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2748966415,"tcpack":3857078545,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:34.188273+0800","flow_id":1632466434947493,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.100","dest_port":52905,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":2,"pkts_toclient":0,"bytes_toserver":221,"bytes_toclient":0,"start":"2023-07-22T08:47:49.445624+0800","end":"2023-07-22T08:47:58.972953+0800","age":9,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:34.188887+0800","flow_id":367958240623539,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":22470,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":102,"bytes_toclient":0,"start":"2023-07-22T08:48:01.478887+0800","end":"2023-07-22T08:48:01.478887+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:35.220884+0800","flow_id":744740488652735,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"118.143.17.83","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:02.173398+0800","end":"2023-07-22T08:48:02.173398+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:35.221431+0800","flow_id":510404030867992,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.122","src_port":46830,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:48:01.643125+0800","end":"2023-07-22T08:48:01.643125+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:35.221843+0800","flow_id":1162496845655096,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":13711,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":96,"bytes_toclient":0,"start":"2023-07-22T08:48:04.467272+0800","end":"2023-07-22T08:48:04.467272+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:35.233511+0800","flow_id":2050811258510708,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51211,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1482080531,"tcpack":655865594,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:35.471947+0800","flow_id":901097827440801,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":34276,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":3191024263,"tcpack":372804769,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:35.476641+0800","flow_id":921257727820093,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":56034,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3325340584,"tcpack":664533569,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:35.629070+0800","flow_id":1620073117287843,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.122","dest_port":34518,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3513889186,"tcpack":1987373722,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:35.640324+0800","flow_id":1646300058210061,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.122","dest_port":48198,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":1182537164,"tcpack":280982850,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:35.677252+0800","flow_id":901097827440801,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":34276,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":3191024263,"tcpack":372804769,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:35.682116+0800","flow_id":921257727820093,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":56034,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3325340584,"tcpack":664533569,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:35.741411+0800","event_type":"stats","stats":{"uptime":48,"capture":{"kernel_packets":708,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":111732,"poll_signal":0,"poll_timeout":6720,"poll_data":105012,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":714,"bytes":67429,"invalid":0,"ipv4":486,"ipv6":37,"ethernet":714,"arp":99,"unknown_ethertype":92,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":388,"udp":94,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":37,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":94,"max_pkt_size":1021,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":137,"synack":221,"rst":12,"active_sessions":32,"sessions":32,"ssn_memcap_drop":0,"ssn_from_cache":0,"ssn_from_pool":32,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9702560,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":162,"active":110,"tcp":66,"udp":82,"icmpv4":2,"icmpv6":12,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":0,"flows_evicted_pkt_inject":0,"flows_evicted":0,"flows_injected":0,"flows_injected_max":0},"end":{"state":{"new":52,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":0,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":6,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":227,"flows_notimeout":175,"flows_timeout":52,"flows_evicted":52,"flows_evicted_needs_work":0},"spare":9852,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":52,"queue_avg":0,"queue_max":4},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":10,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":0,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":32,"nfs_udp":0,"krb5_udp":0,"failed_udp":36},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":5,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":0,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":34,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:48:35.883865+0800","flow_id":901097827440801,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":34276,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":3191024263,"tcpack":372804769,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:35.890204+0800","flow_id":921257727820093,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":56034,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3325340584,"tcpack":664533569,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:36.033839+0800","flow_id":1826211547864118,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41876,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2748966415,"tcpack":3857078545,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:36.094411+0800","flow_id":921257727820093,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":56034,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3325340584,"tcpack":664533569,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:36.094410+0800","flow_id":901097827440801,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":34276,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":36,"ipid":0,"tcpseq":3191024263,"tcpack":372804769,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:36.251387+0800","flow_id":315158895249249,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.120","dest_port":16481,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":307,"bytes_toclient":0,"start":"2023-07-22T08:48:01.466594+0800","end":"2023-07-22T08:48:01.466594+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:36.251922+0800","flow_id":525536896144351,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.122","dest_port":46830,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":307,"bytes_toclient":0,"start":"2023-07-22T08:48:01.646649+0800","end":"2023-07-22T08:48:01.646649+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:36.252375+0800","flow_id":571686305848214,"in_iface":"eth2","event_type":"flow","src_ip":"118.143.17.83","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:02.198642+0800","end":"2023-07-22T08:48:02.198642+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:36.252531+0800","flow_id":461112420785101,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":67,"dest_ip":"192.168.0.122","dest_port":68,"proto":"UDP","app_proto":"dhcp","flow":{"pkts_toserver":2,"pkts_toclient":0,"bytes_toserver":684,"bytes_toclient":0,"start":"2023-07-22T08:48:01.435041+0800","end":"2023-07-22T08:48:01.451654+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:36.500877+0800","flow_id":901097827440801,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":34276,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":3191024263,"tcpack":372804769,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:36.514876+0800","flow_id":901097827440801,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":34276,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":3191024263,"tcpack":372804769,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:36.501105+0800","flow_id":921257727820093,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":56034,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3325340584,"tcpack":664533569,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:36.519705+0800","flow_id":921257727820093,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":56034,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":3325340584,"tcpack":664533569,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:37.234355+0800","flow_id":2050811258510708,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51211,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1482080531,"tcpack":655865594,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:37.276901+0800","flow_id":347669759520165,"in_iface":"eth1","event_type":"flow","src_ip":"0000:0000:0000:0000:0000:0000:0000:0000","dest_ip":"ff02:0000:0000:0000:0000:0001:ff88:c411","proto":"IPv6-ICMP","icmp_type":135,"icmp_code":0,"flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:48:01.408628+0800","end":"2023-07-22T08:48:01.408628+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:37.279146+0800","flow_id":418797812969532,"in_iface":"eth1","event_type":"flow","src_ip":"0000:0000:0000:0000:0000:0000:0000:0000","dest_ip":"ff02:0000:0000:0000:0000:0001:ff40:bba1","proto":"IPv6-ICMP","icmp_type":135,"icmp_code":0,"flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:48:01.228580+0800","end":"2023-07-22T08:48:01.228580+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:37.279357+0800","flow_id":542594982411517,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":67,"dest_ip":"192.168.0.120","dest_port":68,"proto":"UDP","app_proto":"dhcp","flow":{"pkts_toserver":2,"pkts_toclient":0,"bytes_toserver":684,"bytes_toclient":0,"start":"2023-07-22T08:48:01.257404+0800","end":"2023-07-22T08:48:01.273770+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:38.057636+0800","flow_id":1936396707888976,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4986,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":3019177836,"tcpack":3857813208,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:38.303056+0800","flow_id":1025799989761579,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"223.255.185.3","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:03.173301+0800","end":"2023-07-22T08:48:03.173301+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:38.303627+0800","flow_id":383775697738591,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.120","dest_port":22470,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":134,"bytes_toclient":0,"start":"2023-07-22T08:48:01.482570+0800","end":"2023-07-22T08:48:01.482570+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:39.081772+0800","flow_id":1936396707888976,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4986,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":3019177836,"tcpack":3857813208,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:39.214985+0800","flow_id":2050811258510708,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51211,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1482080531,"tcpack":655865594,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:39.332518+0800","flow_id":659375900601792,"in_iface":"eth1","event_type":"flow","src_ip":"fe80:0000:0000:0000:9a93:2853:5788:c411","dest_ip":"ff02:0000:0000:0000:0000:0000:0000:0016","proto":"IPv6-ICMP","icmp_type":143,"icmp_code":0,"flow":{"pkts_toserver":2,"pkts_toclient":0,"bytes_toserver":180,"bytes_toclient":0,"start":"2023-07-22T08:48:02.415666+0800","end":"2023-07-22T08:48:03.248114+0800","age":1,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:39.451845+0800","flow_id":2222134817081651,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.100","src_port":52905,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":34308,"rrname":"netflix.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:40.102492+0800","flow_id":1936396707888976,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4986,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":3019177836,"tcpack":3857813208,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:40.258512+0800","flow_id":1826211547864118,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41876,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2748966415,"tcpack":3857078545,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:40.332994+0800","flow_id":204460173116604,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":47725,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":85,"bytes_toclient":0,"start":"2023-07-22T08:48:08.047604+0800","end":"2023-07-22T08:48:08.047604+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:40.357804+0800","flow_id":1105456410219053,"in_iface":"eth2","event_type":"flow","src_ip":"223.255.185.3","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:03.191848+0800","end":"2023-07-22T08:48:03.191848+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:41.233413+0800","flow_id":2050811258510708,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51211,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1482080531,"tcpack":655865594,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:41.252869+0800","flow_id":1936396707888976,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4986,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":3019177836,"tcpack":3857813208,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:41.382121+0800","flow_id":1202905516633347,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.120","dest_port":13711,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":144,"bytes_toclient":0,"start":"2023-07-22T08:48:04.476681+0800","end":"2023-07-22T08:48:04.476681+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:42.408622+0800","flow_id":925454575178273,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.170","dest_port":50675,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":164,"bytes_toclient":0,"start":"2023-07-22T08:48:11.543154+0800","end":"2023-07-22T08:48:11.543154+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:43.219708+0800","flow_id":2050811258510708,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51211,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1482080531,"tcpack":655865594,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:43.275266+0800","flow_id":1936396707888976,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4986,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":3019177836,"tcpack":3857813208,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:43.409187+0800","flow_id":1520043331134102,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.122","dest_port":32900,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":144,"bytes_toclient":0,"start":"2023-07-22T08:48:05.091768+0800","end":"2023-07-22T08:48:05.091768+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:43.409401+0800","flow_id":1504442955769084,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.122","src_port":32900,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":96,"bytes_toclient":0,"start":"2023-07-22T08:48:05.088136+0800","end":"2023-07-22T08:48:05.088136+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:43.434395+0800","flow_id":462954531313086,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"223.255.185.2","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:09.173326+0800","end":"2023-07-22T08:48:09.173326+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:43.748253+0800","event_type":"stats","stats":{"uptime":56,"capture":{"kernel_packets":772,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":137053,"poll_signal":0,"poll_timeout":8091,"poll_data":128962,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":775,"bytes":71991,"invalid":0,"ipv4":529,"ipv6":37,"ethernet":775,"arp":100,"unknown_ethertype":109,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":429,"udp":96,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":37,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":92,"max_pkt_size":1021,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":152,"synack":247,"rst":12,"active_sessions":33,"sessions":33,"ssn_memcap_drop":0,"ssn_from_cache":0,"ssn_from_pool":33,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9702688,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":166,"active":90,"tcp":68,"udp":84,"icmpv4":2,"icmpv6":12,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":0,"flows_evicted_pkt_inject":0,"flows_evicted":0,"flows_injected":0,"flows_injected_max":0},"end":{"state":{"new":76,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":0,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":7,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":263,"flows_notimeout":187,"flows_timeout":76,"flows_evicted":76,"flows_evicted_needs_work":0},"spare":9876,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":76,"queue_avg":0,"queue_max":4},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":10,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":0,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":33,"nfs_udp":0,"krb5_udp":0,"failed_udp":37},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":5,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":0,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":35,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:48:44.459580+0800","flow_id":22570636597557,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.100","dest_port":47725,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":242,"bytes_toclient":0,"start":"2023-07-22T08:48:08.070791+0800","end":"2023-07-22T08:48:08.070791+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:44.459798+0800","flow_id":1654296239660570,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":54497,"dest_ip":"192.168.0.255","dest_port":20002,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":1021,"bytes_toclient":0,"start":"2023-07-22T08:48:13.385170+0800","end":"2023-07-22T08:48:13.385170+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:45.242566+0800","flow_id":2050811258510708,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51211,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1482080531,"tcpack":655865594,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:45.574442+0800","flow_id":1622787124304606,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.170","src_port":50677,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":1695,"rrname":"devs-pe.tplinkcloud.com.cn","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:46.511812+0800","flow_id":561098659144450,"in_iface":"eth2","event_type":"flow","src_ip":"223.255.185.2","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:09.196176+0800","end":"2023-07-22T08:48:09.196176+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:47.369838+0800","flow_id":1936396707888976,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4986,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":3019177836,"tcpack":3857813208,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:47.537160+0800","flow_id":913282632992596,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":50675,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:48:11.540320+0800","end":"2023-07-22T08:48:11.540320+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:48.323100+0800","flow_id":261804269474403,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41880,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2632516341,"tcpack":1764988198,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:48.637377+0800","flow_id":204240627498116,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51212,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3712289570,"tcpack":656674890,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:48.897093+0800","flow_id":193814073560069,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":42596,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":16816,"rrname":"www.youtube.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:48.897094+0800","flow_id":193815144220971,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":44558,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":374,"rrname":"www.youtube.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:48.946636+0800","flow_id":125124625704478,"in_iface":"eth1","event_type":"quic","src_ip":"192.168.0.177","src_port":38970,"dest_ip":"142.251.130.14","dest_port":443,"proto":"UDP","pkt_src":"wire/pcap","quic":{"version":"1","sni":"www.youtube.com","ja3":{"hash":"2a18e6bf307f97c5e27f0ab407dc65db","string":"771,4865-4867-4866,0-23-65281-10-16-5-34-51-42-43-13-45-28-57-41,29-23-24-25-256-257-258-259-260,"},"extensions":[{"name":"server_name","type":0,"values":["www.youtube.com"]},{"name":"extended_master_secret","type":23},{"name":"renegotiation_info","type":65281},{"name":"supported_groups","type":10},{"name":"alpn","type":16,"values":["h3"]},{"name":"status_request","type":5},{"name":"delegated_credentials","type":34},{"name":"key_share","type":51},{"name":"early_data","type":42},{"name":"supported_versions","type":43},{"name":"signature_algorithms","type":13},{"name":"psk_key_exchange_modes","type":45},{"name":"record_size_limit","type":28},{"name":"quic_transport_parameters","type":57},{"name":"pre_shared_key","type":41}]}}
{"timestamp":"2023-07-22T08:48:49.264493+0800","flow_id":291566759561244,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":43777,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":49523,"rrname":"i.ytimg.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:49.264493+0800","flow_id":291564120207786,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":59391,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":44174,"rrname":"i.ytimg.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:49.283381+0800","flow_id":2050811258510708,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51211,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1482080531,"tcpack":655865594,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:49.314712+0800","flow_id":507254080323004,"in_iface":"eth1","event_type":"quic","src_ip":"192.168.0.177","src_port":58363,"dest_ip":"142.251.220.86","dest_port":443,"proto":"UDP","pkt_src":"wire/pcap","quic":{"version":"1","sni":"i.ytimg.com","ja3":{"hash":"2a18e6bf307f97c5e27f0ab407dc65db","string":"771,4865-4867-4866,0-23-65281-10-16-5-34-51-42-43-13-45-28-57-41,29-23-24-25-256-257-258-259-260,"},"extensions":[{"name":"server_name","type":0,"values":["i.ytimg.com"]},{"name":"extended_master_secret","type":23},{"name":"renegotiation_info","type":65281},{"name":"supported_groups","type":10},{"name":"alpn","type":16,"values":["h3"]},{"name":"status_request","type":5},{"name":"delegated_credentials","type":34},{"name":"key_share","type":51},{"name":"early_data","type":42},{"name":"supported_versions","type":43},{"name":"signature_algorithms","type":13},{"name":"psk_key_exchange_modes","type":45},{"name":"record_size_limit","type":28},{"name":"quic_transport_parameters","type":57},{"name":"pre_shared_key","type":41}]}}
{"timestamp":"2023-07-22T08:48:49.338474+0800","flow_id":261804269474403,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41880,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2632516341,"tcpack":1764988198,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:49.399526+0800","flow_id":308577857231224,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":38455,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":39740,"rrname":"urlite-prod-gcp.ff.avast.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:49.425086+0800","flow_id":418358475852912,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48936,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1645836236,"tcpack":836953098,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:49.600390+0800","flow_id":326855786098781,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":50450,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":20293,"rrname":"accounts.google.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:49.600390+0800","flow_id":326857031619485,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":53680,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":10534,"rrname":"accounts.google.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:49.639686+0800","flow_id":204240627498116,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51212,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3712289570,"tcpack":656674890,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:49.642685+0800","flow_id":508515040299386,"in_iface":"eth1","event_type":"quic","src_ip":"192.168.0.177","src_port":34069,"dest_ip":"142.251.220.13","dest_port":443,"proto":"UDP","pkt_src":"wire/pcap","quic":{"version":"1","sni":"accounts.google.com","ja3":{"hash":"2a18e6bf307f97c5e27f0ab407dc65db","string":"771,4865-4867-4866,0-23-65281-10-16-5-34-51-42-43-13-45-28-57-41,29-23-24-25-256-257-258-259-260,"},"extensions":[{"name":"server_name","type":0,"values":["accounts.google.com"]},{"name":"extended_master_secret","type":23},{"name":"renegotiation_info","type":65281},{"name":"supported_groups","type":10},{"name":"alpn","type":16,"values":["h3"]},{"name":"status_request","type":5},{"name":"delegated_credentials","type":34},{"name":"key_share","type":51},{"name":"early_data","type":42},{"name":"supported_versions","type":43},{"name":"signature_algorithms","type":13},{"name":"psk_key_exchange_modes","type":45},{"name":"record_size_limit","type":28},{"name":"quic_transport_parameters","type":57},{"name":"pre_shared_key","type":41}]}}
{"timestamp":"2023-07-22T08:48:49.678324+0800","flow_id":380108404067827,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48938,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3055020837,"tcpack":2577758421,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:49.732595+0800","flow_id":418358475852912,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48936,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1645836236,"tcpack":836953098,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:49.983018+0800","flow_id":380108404067827,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48938,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3055020837,"tcpack":2577758421,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:50.199022+0800","flow_id":573320533064291,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":50325,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":40745,"rrname":"www.google.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:50.198986+0800","flow_id":573164581347613,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":35565,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":3322,"rrname":"www.google.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:50.225461+0800","flow_id":686873766225219,"in_iface":"eth1","event_type":"quic","src_ip":"192.168.0.177","src_port":48253,"dest_ip":"142.250.207.68","dest_port":443,"proto":"UDP","pkt_src":"wire/pcap","quic":{"version":"1","sni":"www.google.com","ja3":{"hash":"2a18e6bf307f97c5e27f0ab407dc65db","string":"771,4865-4867-4866,0-23-65281-10-16-5-34-51-42-43-13-45-28-57-41,29-23-24-25-256-257-258-259-260,"},"extensions":[{"name":"server_name","type":0,"values":["www.google.com"]},{"name":"extended_master_secret","type":23},{"name":"renegotiation_info","type":65281},{"name":"supported_groups","type":10},{"name":"alpn","type":16,"values":["h3"]},{"name":"status_request","type":5},{"name":"delegated_credentials","type":34},{"name":"key_share","type":51},{"name":"early_data","type":42},{"name":"supported_versions","type":43},{"name":"signature_algorithms","type":13},{"name":"psk_key_exchange_modes","type":45},{"name":"record_size_limit","type":28},{"name":"quic_transport_parameters","type":57},{"name":"pre_shared_key","type":41}]}}
{"timestamp":"2023-07-22T08:48:50.233503+0800","flow_id":204240627498116,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51212,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3712289570,"tcpack":656674890,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:50.346043+0800","flow_id":261804269474403,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41880,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2632516341,"tcpack":1764988198,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:50.442228+0800","flow_id":418358475852912,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48936,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1645836236,"tcpack":836953098,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:50.614451+0800","flow_id":534730598566056,"in_iface":"eth2","event_type":"flow","src_ip":"45.11.104.223","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:17.190037+0800","end":"2023-07-22T08:48:17.190037+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:50.614692+0800","flow_id":41479649217225,"in_iface":"eth1","event_type":"flow","src_ip":"fe80:0000:0000:0000:9a93:2853:5788:c411","dest_ip":"ff02:0000:0000:0000:0000:0000:0000:0002","proto":"IPv6-ICMP","icmp_type":133,"icmp_code":0,"flow":{"pkts_toserver":4,"pkts_toclient":0,"bytes_toserver":280,"bytes_toclient":0,"start":"2023-07-22T08:47:52.337337+0800","end":"2023-07-22T08:48:14.550193+0800","age":22,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:50.692012+0800","flow_id":380108404067827,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48938,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3055020837,"tcpack":2577758421,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:50.850284+0800","flow_id":837195670251547,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":33329,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":54094,"rrname":"youtube.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:50.850311+0800","flow_id":837309362953330,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":40143,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":43521,"rrname":"youtube.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:50.875184+0800","flow_id":662663794318082,"in_iface":"eth1","event_type":"quic","src_ip":"192.168.0.177","src_port":41524,"dest_ip":"142.250.199.78","dest_port":443,"proto":"UDP","pkt_src":"wire/pcap","quic":{"version":"1","sni":"youtube.com","ja3":{"hash":"b719940c5ab9a3373cb4475d8143ff88","string":"771,4865-4867-4866,0-23-65281-10-16-5-34-51-43-13-45-28-57-21,29-23-24-25-256-257-258-259-260,"},"extensions":[{"name":"server_name","type":0,"values":["youtube.com"]},{"name":"extended_master_secret","type":23},{"name":"renegotiation_info","type":65281},{"name":"supported_groups","type":10},{"name":"alpn","type":16,"values":["h3"]},{"name":"status_request","type":5},{"name":"delegated_credentials","type":34},{"name":"key_share","type":51},{"name":"supported_versions","type":43},{"name":"signature_algorithms","type":13},{"name":"psk_key_exchange_modes","type":45},{"name":"record_size_limit","type":28},{"name":"quic_transport_parameters","type":57},{"name":"padding","type":21}]}}
{"timestamp":"2023-07-22T08:48:51.508824+0800","flow_id":261804269474403,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41880,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2632516341,"tcpack":1764988198,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:51.528289+0800","flow_id":861611586918610,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":50447,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":49533,"rrname":"yt3.googleusercontent.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:51.528531+0800","flow_id":862651392713250,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":40274,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":34489,"rrname":"yt3.googleusercontent.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:51.570028+0800","flow_id":1040877566031346,"in_iface":"eth1","event_type":"quic","src_ip":"192.168.0.177","src_port":54796,"dest_ip":"172.217.31.1","dest_port":443,"proto":"UDP","pkt_src":"wire/pcap","quic":{"version":"1","sni":"yt3.googleusercontent.com","ja3":{"hash":"2a18e6bf307f97c5e27f0ab407dc65db","string":"771,4865-4867-4866,0-23-65281-10-16-5-34-51-42-43-13-45-28-57-41,29-23-24-25-256-257-258-259-260,"},"extensions":[{"name":"server_name","type":0,"values":["yt3.googleusercontent.com"]},{"name":"extended_master_secret","type":23},{"name":"renegotiation_info","type":65281},{"name":"supported_groups","type":10},{"name":"alpn","type":16,"values":["h3"]},{"name":"status_request","type":5},{"name":"delegated_credentials","type":34},{"name":"key_share","type":51},{"name":"early_data","type":42},{"name":"supported_versions","type":43},{"name":"signature_algorithms","type":13},{"name":"psk_key_exchange_modes","type":45},{"name":"record_size_limit","type":28},{"name":"quic_transport_parameters","type":57},{"name":"pre_shared_key","type":41}]}}
{"timestamp":"2023-07-22T08:48:51.744903+0800","flow_id":947536083215790,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":57115,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":59039,"rrname":"encrypted-tbn0.gstatic.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:51.744678+0800","flow_id":946571917290619,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":46750,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":42446,"rrname":"encrypted-tbn3.gstatic.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:51.744902+0800","flow_id":947530350020727,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":53812,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":25425,"rrname":"encrypted-tbn3.gstatic.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:51.745117+0800","flow_id":948453930021370,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":35935,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":311,"rrname":"encrypted-tbn0.gstatic.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:51.745322+0800","flow_id":949337919020264,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":55604,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":28548,"rrname":"encrypted-tbn2.gstatic.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:51.745118+0800","flow_id":948459829629045,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":50608,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":59143,"rrname":"encrypted-tbn2.gstatic.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:51.756450+0800","event_type":"stats","stats":{"uptime":64,"capture":{"kernel_packets":1005,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":179918,"poll_signal":0,"poll_timeout":9460,"poll_data":170458,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":1043,"bytes":227734,"invalid":0,"ipv4":776,"ipv6":37,"ethernet":1043,"arp":102,"unknown_ethertype":128,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":455,"udp":317,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":37,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":218,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":161,"synack":264,"rst":12,"active_sessions":37,"sessions":37,"ssn_memcap_drop":0,"ssn_from_cache":0,"ssn_from_pool":37,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9702848,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":217,"active":131,"tcp":76,"udp":127,"icmpv4":2,"icmpv6":12,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":0,"flows_evicted_pkt_inject":0,"flows_evicted":0,"flows_injected":0,"flows_injected_max":0},"end":{"state":{"new":86,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":0,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":8,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":300,"flows_notimeout":214,"flows_timeout":86,"flows_evicted":86,"flows_evicted_needs_work":0},"spare":9884,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":86,"queue_avg":0,"queue_max":4},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":24,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":4,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":43,"nfs_udp":0,"krb5_udp":0,"failed_udp":52},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":12,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":4,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":45,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:48:51.797327+0800","flow_id":891221010360036,"in_iface":"eth1","event_type":"quic","src_ip":"192.168.0.177","src_port":37476,"dest_ip":"142.250.66.110","dest_port":443,"proto":"UDP","pkt_src":"wire/pcap","quic":{"version":"1","sni":"encrypted-tbn3.gstatic.com","ja3":{"hash":"b719940c5ab9a3373cb4475d8143ff88","string":"771,4865-4867-4866,0-23-65281-10-16-5-34-51-43-13-45-28-57-21,29-23-24-25-256-257-258-259-260,"},"extensions":[{"name":"server_name","type":0,"values":["encrypted-tbn3.gstatic.com"]},{"name":"extended_master_secret","type":23},{"name":"renegotiation_info","type":65281},{"name":"supported_groups","type":10},{"name":"alpn","type":16,"values":["h3"]},{"name":"status_request","type":5},{"name":"delegated_credentials","type":34},{"name":"key_share","type":51},{"name":"supported_versions","type":43},{"name":"signature_algorithms","type":13},{"name":"psk_key_exchange_modes","type":45},{"name":"record_size_limit","type":28},{"name":"quic_transport_parameters","type":57},{"name":"padding","type":21}]}}
{"timestamp":"2023-07-22T08:48:51.797971+0800","flow_id":893984805059826,"in_iface":"eth1","event_type":"quic","src_ip":"192.168.0.177","src_port":60554,"dest_ip":"172.217.27.14","dest_port":443,"proto":"UDP","pkt_src":"wire/pcap","quic":{"version":"1","sni":"encrypted-tbn2.gstatic.com","ja3":{"hash":"b719940c5ab9a3373cb4475d8143ff88","string":"771,4865-4867-4866,0-23-65281-10-16-5-34-51-43-13-45-28-57-21,29-23-24-25-256-257-258-259-260,"},"extensions":[{"name":"server_name","type":0,"values":["encrypted-tbn2.gstatic.com"]},{"name":"extended_master_secret","type":23},{"name":"renegotiation_info","type":65281},{"name":"supported_groups","type":10},{"name":"alpn","type":16,"values":["h3"]},{"name":"status_request","type":5},{"name":"delegated_credentials","type":34},{"name":"key_share","type":51},{"name":"supported_versions","type":43},{"name":"signature_algorithms","type":13},{"name":"psk_key_exchange_modes","type":45},{"name":"record_size_limit","type":28},{"name":"quic_transport_parameters","type":57},{"name":"padding","type":21}]}}
{"timestamp":"2023-07-22T08:48:51.819549+0800","flow_id":986661794867240,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41194,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3628409530,"tcpack":1563178582,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:51.841061+0800","flow_id":1079058658277408,"in_iface":"eth1","event_type":"quic","src_ip":"192.168.0.177","src_port":59318,"dest_ip":"142.251.130.14","dest_port":443,"proto":"UDP","pkt_src":"wire/pcap","quic":{"version":"1","sni":"encrypted-tbn0.gstatic.com","ja3":{"hash":"2a18e6bf307f97c5e27f0ab407dc65db","string":"771,4865-4867-4866,0-23-65281-10-16-5-34-51-42-43-13-45-28-57-41,29-23-24-25-256-257-258-259-260,"},"extensions":[{"name":"server_name","type":0,"values":["encrypted-tbn0.gstatic.com"]},{"name":"extended_master_secret","type":23},{"name":"renegotiation_info","type":65281},{"name":"supported_groups","type":10},{"name":"alpn","type":16,"values":["h3"]},{"name":"status_request","type":5},{"name":"delegated_credentials","type":34},{"name":"key_share","type":51},{"name":"early_data","type":42},{"name":"supported_versions","type":43},{"name":"signature_algorithms","type":13},{"name":"psk_key_exchange_modes","type":45},{"name":"record_size_limit","type":28},{"name":"quic_transport_parameters","type":57},{"name":"pre_shared_key","type":41}]}}
{"timestamp":"2023-07-22T08:48:51.870181+0800","flow_id":922650848497169,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48722,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1702493463,"tcpack":2656666502,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:51.876466+0800","flow_id":949645883086967,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48730,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3869908451,"tcpack":3316410762,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:51.876628+0800","flow_id":950341419977161,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44898,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3073540060,"tcpack":176478161,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:52.057787+0800","flow_id":1374096837292686,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41200,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4027769290,"tcpack":384691083,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:52.117651+0800","flow_id":1349733794323144,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44902,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1476013466,"tcpack":2270904086,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:52.117940+0800","flow_id":1350974201271751,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1546814294,"tcpack":2428611954,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:52.117524+0800","flow_id":1349188034731632,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48750,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":336540036,"tcpack":1060443933,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:52.130174+0800","flow_id":986661794867240,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41194,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3628409530,"tcpack":1563178582,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.174779+0800","flow_id":949645883086967,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48730,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3869908451,"tcpack":3316410762,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.181587+0800","flow_id":922650848497169,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48722,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1702493463,"tcpack":2656666502,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.181795+0800","flow_id":950341419977161,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44898,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3073540060,"tcpack":176478161,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.235469+0800","flow_id":204240627498116,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51212,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3712289570,"tcpack":656674890,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.361025+0800","flow_id":1374096837292686,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41200,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4027769290,"tcpack":384691083,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.364805+0800","flow_id":1285350802377892,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":51998,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":5793,"rrname":"autopush.prod.mozaws.net","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:52.365718+0800","flow_id":1289273119374764,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":32800,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":35602,"rrname":"autopush.prod.mozaws.net","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:52.420509+0800","flow_id":1349188034731632,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48750,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":336540036,"tcpack":1060443933,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.426674+0800","flow_id":1350974201271751,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1546814294,"tcpack":2428611954,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.426674+0800","flow_id":1349733794323144,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44902,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1476013466,"tcpack":2270904086,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.453451+0800","flow_id":418358475852912,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48936,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1645836236,"tcpack":836953098,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.486185+0800","flow_id":1243726611291373,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":35946,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":30134,"rrname":"autopush.prod.mozaws.net","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:52.508163+0800","flow_id":1338119739940270,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47576,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4052300178,"tcpack":407765849,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:52.558314+0800","flow_id":1272044605037684,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":45340,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":9250,"rrname":"rr1---sn-jhi3-i3bd.googlevideo.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:52.558541+0800","flow_id":1273019210394907,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":50590,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":36191,"rrname":"rr1---sn-jhi3-i3bd.googlevideo.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:52.601485+0800","flow_id":1175985737073413,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":55755,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":20140,"rrname":"rr1.sn-jhi3-i3bd.googlevideo.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:52.659459+0800","flow_id":1143506250123389,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":53643,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":1397,"rrname":"rr1.sn-jhi3-i3bd.googlevideo.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:52.687522+0800","flow_id":1264036626286535,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60276,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":966724682,"tcpack":862125438,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:52.687731+0800","flow_id":1264934024282909,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60272,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":3643478569,"tcpack":724577720,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:52.707744+0800","flow_id":380108404067827,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48938,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3055020837,"tcpack":2577758421,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.714161+0800","flow_id":1378451980173069,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":45228,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2726805695,"tcpack":3551386493,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:52.714294+0800","flow_id":1379022640036363,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":53018,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":1012594120,"tcpack":3972466846,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:52.761603+0800","flow_id":1300738865302964,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":667715700,"tcpack":3225922527,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:52.780696+0800","flow_id":921257727820093,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":56034,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":150686322,"tcpack":664533569,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.791062+0800","flow_id":901097827440801,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":34276,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":36,"ipid":0,"tcpseq":3334843322,"tcpack":372804769,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.803328+0800","flow_id":986661794867240,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41194,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3628409530,"tcpack":1563178582,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.813412+0800","flow_id":1338119739940270,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47576,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4052300178,"tcpack":407765849,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.869908+0800","flow_id":922650848497169,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48722,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1702493463,"tcpack":2656666502,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.870137+0800","flow_id":950341419977161,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44898,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3073540060,"tcpack":176478161,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.870240+0800","flow_id":949645883086967,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48730,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3869908451,"tcpack":3316410762,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.933579+0800","flow_id":1194941631653457,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60300,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":3130863632,"tcpack":2599592516,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:52.933789+0800","flow_id":1195846254742208,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60290,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":328563946,"tcpack":3326851535,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:52.988347+0800","flow_id":921257727820093,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":56034,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":150686322,"tcpack":664533569,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.994114+0800","flow_id":1264036626286535,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60276,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":966724682,"tcpack":862125438,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.994210+0800","flow_id":1264934024282909,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60272,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":3643478569,"tcpack":724577720,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:52.999867+0800","flow_id":901097827440801,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":34276,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":3334843322,"tcpack":372804769,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.060843+0800","flow_id":1300738865302964,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":667715700,"tcpack":3225922527,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.065497+0800","flow_id":1374096837292686,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41200,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4027769290,"tcpack":384691083,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.120379+0800","flow_id":1350974201271751,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1546814294,"tcpack":2428611954,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.120749+0800","flow_id":1349188034731632,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48750,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":336540036,"tcpack":1060443933,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.121092+0800","flow_id":1349733794323144,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44902,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1476013466,"tcpack":2270904086,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.195521+0800","flow_id":921257727820093,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":56034,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":150686322,"tcpack":664533569,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.204766+0800","flow_id":901097827440801,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":34276,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":3334843322,"tcpack":372804769,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.238345+0800","flow_id":1195846254742208,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60290,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":328563946,"tcpack":3326851535,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.238344+0800","flow_id":1194941631653457,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60300,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":3130863632,"tcpack":2599592516,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.273365+0800","flow_id":1545928256501303,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36238,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1050408870,"tcpack":1840866801,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.273133+0800","flow_id":1449726617391670,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36252,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":574495532,"tcpack":689594488,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.403975+0800","flow_id":921257727820093,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":56034,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":150686322,"tcpack":664533569,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.415943+0800","flow_id":901097827440801,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":34276,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":36,"ipid":0,"tcpseq":3334843322,"tcpack":372804769,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.514018+0800","flow_id":261804269474403,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41880,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2632516341,"tcpack":1764988198,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.540253+0800","flow_id":1338119739940270,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47576,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4052300178,"tcpack":407765849,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.580732+0800","flow_id":1545928256501303,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36238,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1050408870,"tcpack":1840866801,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.580733+0800","flow_id":1449726617391670,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36252,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":574495532,"tcpack":689594488,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.687658+0800","flow_id":463115657752626,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"45.11.104.223","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:17.173363+0800","end":"2023-07-22T08:48:17.173363+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:53.696376+0800","flow_id":1264934024282909,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60272,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":3643478569,"tcpack":724577720,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.696652+0800","flow_id":1264036626286535,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60276,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":966724682,"tcpack":862125438,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.711366+0800","flow_id":1379022640036363,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":53018,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":1012594120,"tcpack":3972466846,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.730176+0800","flow_id":1378451980173069,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":45228,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2726805695,"tcpack":3551386493,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.736490+0800","flow_id":1379022640036363,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":53018,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":1012594120,"tcpack":3972466846,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.773744+0800","flow_id":1300738865302964,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":667715700,"tcpack":3225922527,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.811795+0800","flow_id":921257727820093,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":56034,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":150686322,"tcpack":664533569,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.852447+0800","flow_id":901097827440801,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":34276,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":3334843322,"tcpack":372804769,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.959026+0800","flow_id":1195846254742208,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60290,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":328563946,"tcpack":3326851535,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:53.959432+0800","flow_id":1194941631653457,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60300,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":3130863632,"tcpack":2599592516,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:54.132031+0800","flow_id":411612083791719,"in_iface":"eth2","event_type":"drop","src_ip":"192.168.0.1","src_port":853,"dest_ip":"192.168.0.120","dest_port":51380,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":40,"tos":0,"ttl":64,"ipid":0,"tcpseq":0,"tcpack":2249604229,"tcpwin":0,"syn":false,"ack":true,"psh":false,"rst":true,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream error"}}
{"timestamp":"2023-07-22T08:48:54.235245+0800","flow_id":204240627498116,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51212,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3712289570,"tcpack":656674890,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:54.469447+0800","flow_id":418358475852912,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48936,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1645836236,"tcpack":836953098,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:54.627366+0800","flow_id":921257727820093,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":56034,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":150686322,"tcpack":664533569,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:54.666577+0800","flow_id":901097827440801,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":34276,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":3334843322,"tcpack":372804769,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:54.718668+0800","flow_id":380108404067827,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48938,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3055020837,"tcpack":2577758421,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:54.793945+0800","flow_id":1378451980173069,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":45228,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2726805695,"tcpack":3551386493,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:54.818443+0800","flow_id":921257727820093,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":56034,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":150686322,"tcpack":664533569,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:54.823833+0800","flow_id":901097827440801,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":34276,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":3334843322,"tcpack":372804769,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:54.829792+0800","flow_id":986661794867240,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41194,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3628409530,"tcpack":1563178582,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:54.902632+0800","flow_id":922650848497169,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48722,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1702493463,"tcpack":2656666502,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:54.902657+0800","flow_id":950341419977161,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44898,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3073540060,"tcpack":176478161,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:54.902794+0800","flow_id":949645883086967,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48730,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3869908451,"tcpack":3316410762,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:55.080819+0800","flow_id":1374096837292686,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41200,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4027769290,"tcpack":384691083,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:55.145760+0800","flow_id":1349733794323144,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44902,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1476013466,"tcpack":2270904086,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:55.150115+0800","flow_id":1349188034731632,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48750,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":336540036,"tcpack":1060443933,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:55.150304+0800","flow_id":1349733794323144,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44902,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1476013466,"tcpack":2270904086,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:55.162585+0800","flow_id":1350974201271751,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1546814294,"tcpack":2428611954,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:55.543751+0800","flow_id":2053920016956820,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4990,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2197291545,"tcpack":880822602,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:55.556278+0800","flow_id":1338119739940270,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47576,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4052300178,"tcpack":407765849,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:55.589030+0800","flow_id":1449726617391670,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36252,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":574495532,"tcpack":689594488,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:55.600534+0800","flow_id":1545928256501303,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36238,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1050408870,"tcpack":1840866801,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:55.713967+0800","flow_id":1264036626286535,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60276,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":966724682,"tcpack":862125438,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:55.714310+0800","flow_id":1264934024282909,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60272,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":3643478569,"tcpack":724577720,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:55.759772+0800","flow_id":1379022640036363,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":53018,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":1012594120,"tcpack":3972466846,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:55.782004+0800","flow_id":1300738865302964,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":667715700,"tcpack":3225922527,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:55.791941+0800","flow_id":1300738865302964,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":667715700,"tcpack":3225922527,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:55.810150+0800","flow_id":1378451980173069,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":45228,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2726805695,"tcpack":3551386493,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:55.810316+0800","flow_id":1379022640036363,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":53018,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":1012594120,"tcpack":3972466846,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:55.969436+0800","flow_id":1194941631653457,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60300,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":3130863632,"tcpack":2599592516,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:55.974108+0800","flow_id":1195846254742208,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60290,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":328563946,"tcpack":3326851535,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:55.980443+0800","flow_id":2240646943011241,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":48660,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":43937,"rrname":"fonts.gstatic.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:55.981486+0800","flow_id":2245128175514179,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":43007,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":22453,"rrname":"jnn-pa.googleapis.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:55.981438+0800","flow_id":2244922120739109,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":43565,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":49479,"rrname":"jnn-pa.googleapis.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:55.980478+0800","flow_id":2240797336320905,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":45780,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":39304,"rrname":"fonts.gstatic.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:56.027912+0800","flow_id":119881444494360,"in_iface":"eth1","event_type":"quic","src_ip":"192.168.0.177","src_port":37267,"dest_ip":"172.217.24.106","dest_port":443,"proto":"UDP","pkt_src":"wire/pcap","quic":{"version":"1","sni":"jnn-pa.googleapis.com","ja3":{"hash":"b719940c5ab9a3373cb4475d8143ff88","string":"771,4865-4867-4866,0-23-65281-10-16-5-34-51-43-13-45-28-57-21,29-23-24-25-256-257-258-259-260,"},"extensions":[{"name":"server_name","type":0,"values":["jnn-pa.googleapis.com"]},{"name":"extended_master_secret","type":23},{"name":"renegotiation_info","type":65281},{"name":"supported_groups","type":10},{"name":"alpn","type":16,"values":["h3"]},{"name":"status_request","type":5},{"name":"delegated_credentials","type":34},{"name":"key_share","type":51},{"name":"supported_versions","type":43},{"name":"signature_algorithms","type":13},{"name":"psk_key_exchange_modes","type":45},{"name":"record_size_limit","type":28},{"name":"quic_transport_parameters","type":57},{"name":"padding","type":21}]}}
{"timestamp":"2023-07-22T08:48:56.039484+0800","flow_id":169583786466263,"in_iface":"eth1","event_type":"quic","src_ip":"192.168.0.177","src_port":44604,"dest_ip":"142.250.204.99","dest_port":443,"proto":"UDP","pkt_src":"wire/pcap","quic":{"version":"1","sni":"fonts.gstatic.com","ja3":{"hash":"2a18e6bf307f97c5e27f0ab407dc65db","string":"771,4865-4867-4866,0-23-65281-10-16-5-34-51-42-43-13-45-28-57-41,29-23-24-25-256-257-258-259-260,"},"extensions":[{"name":"server_name","type":0,"values":["fonts.gstatic.com"]},{"name":"extended_master_secret","type":23},{"name":"renegotiation_info","type":65281},{"name":"supported_groups","type":10},{"name":"alpn","type":16,"values":["h3"]},{"name":"status_request","type":5},{"name":"delegated_credentials","type":34},{"name":"key_share","type":51},{"name":"early_data","type":42},{"name":"supported_versions","type":43},{"name":"signature_algorithms","type":13},{"name":"psk_key_exchange_modes","type":45},{"name":"record_size_limit","type":28},{"name":"quic_transport_parameters","type":57},{"name":"pre_shared_key","type":41}]}}
{"timestamp":"2023-07-22T08:48:56.106629+0800","flow_id":1065929755652415,"in_iface":"eth2","event_type":"drop","src_ip":"203.205.254.125","src_port":443,"dest_ip":"192.168.0.120","dest_port":37790,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":209,"tos":104,"ttl":54,"ipid":6872,"tcpseq":2361333913,"tcpack":54125386,"tcpwin":161,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:56.110678+0800","flow_id":193884489994801,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45104,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4166588378,"tcpack":2570752288,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:56.110927+0800","flow_id":194954826696313,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.24.106","src_port":443,"dest_ip":"192.168.0.177","dest_port":40670,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1441506474,"tcpack":455243356,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:56.103444+0800","flow_id":162815411822615,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45106,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2163637452,"tcpack":2537779004,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:56.248817+0800","flow_id":204240627498116,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51212,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3712289570,"tcpack":656674890,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:56.306663+0800","flow_id":191210115572739,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":39603,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":14043,"rrname":"rr4---sn-i3belne6.googlevideo.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:56.306664+0800","flow_id":191212724216654,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":35274,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":31434,"rrname":"rr4---sn-i3belne6.googlevideo.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:56.353656+0800","flow_id":111570069957493,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45116,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2845011294,"tcpack":3695131078,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:56.353656+0800","flow_id":111568049991605,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45122,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3677832385,"tcpack":3721154265,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:56.357262+0800","flow_id":127054364387501,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.220.42","src_port":443,"dest_ip":"192.168.0.177","dest_port":56548,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4134150873,"tcpack":3577302899,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:48:56.357810+0800","flow_id":129407620124762,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":59180,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":24957,"rrname":"yt3.ggpht.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:56.358123+0800","flow_id":130752304860841,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":38250,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":4202,"rrname":"yt3.ggpht.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:48:56.395848+0800","flow_id":11304388647414,"in_iface":"eth1","event_type":"quic","src_ip":"192.168.0.177","src_port":60414,"dest_ip":"216.58.203.65","dest_port":443,"proto":"UDP","pkt_src":"wire/pcap","quic":{"version":"1","sni":"yt3.ggpht.com","ja3":{"hash":"2a18e6bf307f97c5e27f0ab407dc65db","string":"771,4865-4867-4866,0-23-65281-10-16-5-34-51-42-43-13-45-28-57-41,29-23-24-25-256-257-258-259-260,"},"extensions":[{"name":"server_name","type":0,"values":["yt3.ggpht.com"]},{"name":"extended_master_secret","type":23},{"name":"renegotiation_info","type":65281},{"name":"supported_groups","type":10},{"name":"alpn","type":16,"values":["h3"]},{"name":"status_request","type":5},{"name":"delegated_credentials","type":34},{"name":"key_share","type":51},{"name":"early_data","type":42},{"name":"supported_versions","type":43},{"name":"signature_algorithms","type":13},{"name":"psk_key_exchange_modes","type":45},{"name":"record_size_limit","type":28},{"name":"quic_transport_parameters","type":57},{"name":"pre_shared_key","type":41}]}}
{"timestamp":"2023-07-22T08:48:56.407135+0800","flow_id":162815411822615,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45106,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2163637452,"tcpack":2537779004,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:56.409497+0800","flow_id":193884489994801,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45104,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4166588378,"tcpack":2570752288,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:56.416032+0800","flow_id":194954826696313,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.24.106","src_port":443,"dest_ip":"192.168.0.177","dest_port":40670,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1441506474,"tcpack":455243356,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:56.552410+0800","flow_id":2053920016956820,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4990,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2197291545,"tcpack":880822602,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:56.562106+0800","flow_id":2053920016956820,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4990,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2197291545,"tcpack":880822602,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:56.587006+0800","flow_id":418358475852912,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48936,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1645836236,"tcpack":836953098,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:56.654612+0800","flow_id":111568049991605,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45122,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3677832385,"tcpack":3721154265,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:56.666476+0800","flow_id":127054364387501,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.220.42","src_port":443,"dest_ip":"192.168.0.177","dest_port":56548,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4134150873,"tcpack":3577302899,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:56.666476+0800","flow_id":111570069957493,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45116,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2845011294,"tcpack":3695131078,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:56.840590+0800","flow_id":380108404067827,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48938,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3055020837,"tcpack":2577758421,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:56.852349+0800","flow_id":986661794867240,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41194,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3628409530,"tcpack":1563178582,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:56.905836+0800","flow_id":950341419977161,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44898,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3073540060,"tcpack":176478161,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:56.919161+0800","flow_id":949645883086967,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48730,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3869908451,"tcpack":3316410762,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:56.962362+0800","flow_id":922650848497169,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48722,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1702493463,"tcpack":2656666502,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:57.058070+0800","flow_id":1493692153797503,"in_iface":"eth2","event_type":"flow","src_ip":"fe80:0000:0000:0000:68ba:73ff:fea0:e476","dest_ip":"ff02:0000:0000:0000:0000:0000:0000:0002","proto":"IPv6-ICMP","icmp_type":133,"icmp_code":0,"flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":420,"bytes_toclient":0,"start":"2023-07-22T08:47:49.806529+0800","end":"2023-07-22T08:48:26.777305+0800","age":37,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:57.089568+0800","flow_id":1374096837292686,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41200,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4027769290,"tcpack":384691083,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:57.127257+0800","flow_id":193884489994801,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45104,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4166588378,"tcpack":2570752288,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:57.127513+0800","flow_id":194954826696313,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.24.106","src_port":443,"dest_ip":"192.168.0.177","dest_port":40670,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1441506474,"tcpack":455243356,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:57.127483+0800","flow_id":162815411822615,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45106,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2163637452,"tcpack":2537779004,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:57.165038+0800","flow_id":1349188034731632,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48750,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":336540036,"tcpack":1060443933,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:57.222496+0800","flow_id":1350974201271751,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1546814294,"tcpack":2428611954,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:57.388659+0800","flow_id":111568049991605,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45122,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3677832385,"tcpack":3721154265,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:57.389126+0800","flow_id":111570069957493,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45116,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2845011294,"tcpack":3695131078,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:57.389600+0800","flow_id":127054364387501,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.220.42","src_port":443,"dest_ip":"192.168.0.177","dest_port":56548,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4134150873,"tcpack":3577302899,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:57.570096+0800","flow_id":1338119739940270,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47576,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4052300178,"tcpack":407765849,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:57.679552+0800","flow_id":261804269474403,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41880,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2632516341,"tcpack":1764988198,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:57.726725+0800","flow_id":1264934024282909,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60272,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":3643478569,"tcpack":724577720,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:57.726724+0800","flow_id":1264036626286535,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60276,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":966724682,"tcpack":862125438,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:57.761724+0800","flow_id":1378451980173069,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":45228,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2726805695,"tcpack":3551386493,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:57.762104+0800","flow_id":1379022640036363,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":53018,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":1012594120,"tcpack":3972466846,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:57.793930+0800","flow_id":746054256215060,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"47.243.51.23","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:26.173704+0800","end":"2023-07-22T08:48:26.173704+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:57.981788+0800","flow_id":1195846254742208,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60290,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":328563946,"tcpack":3326851535,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:57.986871+0800","flow_id":1194941631653457,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60300,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":3130863632,"tcpack":2599592516,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:58.238002+0800","flow_id":204240627498116,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51212,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3712289570,"tcpack":656674890,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:58.568879+0800","flow_id":2053920016956820,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4990,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2197291545,"tcpack":880822602,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:58.744426+0800","flow_id":2053920016956820,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4990,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2197291545,"tcpack":880822602,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:58.811670+0800","flow_id":921257727820093,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":56034,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":150686322,"tcpack":664533569,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:58.822688+0800","flow_id":901097827440801,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":34276,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":3334843322,"tcpack":372804769,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:58.888983+0800","flow_id":986661794867240,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41194,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3628409530,"tcpack":1563178582,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.143887+0800","flow_id":193884489994801,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45104,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4166588378,"tcpack":2570752288,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.155379+0800","flow_id":194954826696313,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.24.106","src_port":443,"dest_ip":"192.168.0.177","dest_port":40670,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1441506474,"tcpack":455243356,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.160700+0800","flow_id":162815411822615,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45106,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2163637452,"tcpack":2537779004,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.160899+0800","flow_id":1374096837292686,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41200,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4027769290,"tcpack":384691083,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.161075+0800","flow_id":949645883086967,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48730,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3869908451,"tcpack":3316410762,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.161294+0800","flow_id":950341419977161,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44898,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3073540060,"tcpack":176478161,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.161294+0800","flow_id":193884489994801,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45104,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4166588378,"tcpack":2570752288,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.161527+0800","flow_id":922650848497169,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48722,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1702493463,"tcpack":2656666502,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.178351+0800","flow_id":1349733794323144,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44902,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1476013466,"tcpack":2270904086,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.398798+0800","flow_id":111568049991605,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45122,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3677832385,"tcpack":3721154265,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.414349+0800","flow_id":127054364387501,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.220.42","src_port":443,"dest_ip":"192.168.0.177","dest_port":56548,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4134150873,"tcpack":3577302899,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.414441+0800","flow_id":111570069957493,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45116,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2845011294,"tcpack":3695131078,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.414723+0800","flow_id":1349188034731632,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48750,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":336540036,"tcpack":1060443933,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.414862+0800","flow_id":1349733794323144,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44902,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1476013466,"tcpack":2270904086,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.415143+0800","flow_id":1350974201271751,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1546814294,"tcpack":2428611954,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.622866+0800","flow_id":1449726617391670,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36252,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":574495532,"tcpack":689594488,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.632756+0800","flow_id":1545928256501303,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36238,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1050408870,"tcpack":1840866801,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.653469+0800","flow_id":1338119739940270,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47576,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4052300178,"tcpack":407765849,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.760371+0800","event_type":"stats","stats":{"uptime":72,"capture":{"kernel_packets":1822,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":358643,"poll_signal":0,"poll_timeout":10415,"poll_data":348228,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":2311,"bytes":1227002,"invalid":0,"ipv4":2023,"ipv6":37,"ethernet":2311,"arp":107,"unknown_ethertype":144,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":661,"udp":1358,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":37,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":530,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":244,"synack":385,"rst":13,"active_sessions":60,"sessions":60,"ssn_memcap_drop":0,"ssn_from_cache":0,"ssn_from_pool":60,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9705088,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":337,"active":249,"tcp":122,"udp":200,"icmpv4":2,"icmpv6":13,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":0,"flows_evicted_pkt_inject":0,"flows_evicted":1,"flows_injected":0,"flows_injected_max":0},"end":{"state":{"new":88,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":0,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":9,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":372,"flows_notimeout":285,"flows_timeout":87,"flows_evicted":87,"flows_evicted_needs_work":0},"spare":9887,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":87,"queue_avg":0,"queue_max":4},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":30,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":12,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":68,"nfs_udp":0,"krb5_udp":0,"failed_udp":86},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":15,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":12,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":70,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:48:59.786612+0800","flow_id":1378451980173069,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":45228,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2726805695,"tcpack":3551386493,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.815580+0800","flow_id":1300738865302964,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":667715700,"tcpack":3225922527,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:48:59.859424+0800","flow_id":1190638504310332,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":37029,"dest_ip":"192.168.0.255","dest_port":20002,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":1021,"bytes_toclient":0,"start":"2023-07-22T08:48:28.735969+0800","end":"2023-07-22T08:48:28.735969+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:59.859822+0800","flow_id":828271260339050,"in_iface":"eth2","event_type":"flow","src_ip":"47.243.51.23","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:26.192846+0800","end":"2023-07-22T08:48:26.192846+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:48:59.909336+0800","flow_id":1300738865302964,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":667715700,"tcpack":3225922527,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:00.259668+0800","flow_id":204240627498116,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51212,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3712289570,"tcpack":656674890,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:00.615206+0800","flow_id":418358475852912,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48936,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1645836236,"tcpack":836953098,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:00.862913+0800","flow_id":380108404067827,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48938,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3055020837,"tcpack":2577758421,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:00.874281+0800","flow_id":1296334934649056,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.170","dest_port":50676,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":164,"bytes_toclient":0,"start":"2023-07-22T08:48:28.563970+0800","end":"2023-07-22T08:48:28.563970+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:01.175075+0800","flow_id":162815411822615,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45106,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2163637452,"tcpack":2537779004,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:01.206688+0800","flow_id":194954826696313,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.24.106","src_port":443,"dest_ip":"192.168.0.177","dest_port":40670,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1441506474,"tcpack":455243356,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:01.414798+0800","flow_id":111568049991605,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45122,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3677832385,"tcpack":3721154265,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:01.421327+0800","flow_id":127054364387501,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.220.42","src_port":443,"dest_ip":"192.168.0.177","dest_port":56548,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4134150873,"tcpack":3577302899,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:01.426406+0800","flow_id":111570069957493,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45116,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2845011294,"tcpack":3695131078,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:01.493931+0800","flow_id":178250002696119,"in_iface":"eth1","event_type":"flow","src_ip":"fe80:0000:0000:0000:7c0d:b9ff:fe07:7405","dest_ip":"ff02:0000:0000:0000:0000:0000:0000:0002","proto":"IPv6-ICMP","icmp_type":133,"icmp_code":0,"flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":350,"bytes_toclient":0,"start":"2023-07-22T08:47:52.434718+0800","end":"2023-07-22T08:48:28.792753+0800","age":36,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:01.760015+0800","flow_id":1264934024282909,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60272,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":3643478569,"tcpack":724577720,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:01.760014+0800","flow_id":1264036626286535,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60276,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":966724682,"tcpack":862125438,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:01.778051+0800","flow_id":1379022640036363,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":53018,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":1012594120,"tcpack":3972466846,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:01.900870+0800","flow_id":1271435652120521,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":50676,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:48:28.558173+0800","end":"2023-07-22T08:48:28.558173+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:02.014012+0800","flow_id":1195846254742208,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60290,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":328563946,"tcpack":3326851535,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:02.017415+0800","flow_id":1763646998877658,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":43884,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":17211,"rrname":"www.reddit.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:49:02.017415+0800","flow_id":1763647542561316,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":37740,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":21581,"rrname":"www.reddit.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:49:02.020095+0800","flow_id":1194941631653457,"in_iface":"eth2","event_type":"drop","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60300,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":120,"ipid":0,"tcpseq":3130863632,"tcpack":2599592516,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:02.048234+0800","flow_id":1896014029177591,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":59571,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":50541,"rrname":"reddit.map.fastly.net","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:49:02.130868+0800","flow_id":1969451156594589,"in_iface":"eth2","event_type":"drop","src_ip":"151.101.109.140","src_port":443,"dest_ip":"192.168.0.177","dest_port":35516,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":48,"ipid":0,"tcpseq":226269521,"tcpack":488097785,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:02.313260+0800","flow_id":204240627498116,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51212,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3712289570,"tcpack":656674890,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:02.381867+0800","flow_id":1921585296563476,"in_iface":"eth2","event_type":"drop","src_ip":"151.101.109.140","src_port":443,"dest_ip":"192.168.0.177","dest_port":35528,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":50,"ipid":0,"tcpseq":2186457085,"tcpack":744231031,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:02.591748+0800","flow_id":1697114017237561,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.170","src_port":50678,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":1696,"rrname":"devs-pe.tplinkcloud.com.cn","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:49:02.928281+0800","flow_id":986661794867240,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41194,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3628409530,"tcpack":1563178582,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:02.984019+0800","flow_id":2053920016956820,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4990,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2197291545,"tcpack":880822602,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:03.126146+0800","flow_id":1969451156594589,"in_iface":"eth2","event_type":"drop","src_ip":"151.101.109.140","src_port":443,"dest_ip":"192.168.0.177","dest_port":35516,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":48,"ipid":0,"tcpseq":226269521,"tcpack":488097785,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:03.170854+0800","flow_id":1374096837292686,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41200,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4027769290,"tcpack":384691083,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:03.175669+0800","flow_id":922650848497169,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48722,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1702493463,"tcpack":2656666502,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:03.181328+0800","flow_id":950341419977161,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44898,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3073540060,"tcpack":176478161,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:03.181313+0800","flow_id":193884489994801,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45104,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4166588378,"tcpack":2570752288,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:03.192854+0800","flow_id":949645883086967,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48730,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3869908451,"tcpack":3316410762,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:03.249636+0800","flow_id":193884489994801,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45104,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4166588378,"tcpack":2570752288,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:03.249951+0800","flow_id":194954826696313,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.24.106","src_port":443,"dest_ip":"192.168.0.177","dest_port":40670,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1441506474,"tcpack":455243356,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:03.249886+0800","flow_id":162815411822615,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45106,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2163637452,"tcpack":2537779004,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:03.386842+0800","flow_id":1921585296563476,"in_iface":"eth2","event_type":"drop","src_ip":"151.101.109.140","src_port":443,"dest_ip":"192.168.0.177","dest_port":35528,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":50,"ipid":0,"tcpseq":2186457085,"tcpack":744231031,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:03.431530+0800","flow_id":1350974201271751,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1546814294,"tcpack":2428611954,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:03.441982+0800","flow_id":1349188034731632,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48750,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":336540036,"tcpack":1060443933,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:03.497136+0800","flow_id":127054364387501,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.220.42","src_port":443,"dest_ip":"192.168.0.177","dest_port":56548,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4134150873,"tcpack":3577302899,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:03.497482+0800","flow_id":111570069957493,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45116,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2845011294,"tcpack":3695131078,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:03.497772+0800","flow_id":111568049991605,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45122,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3677832385,"tcpack":3721154265,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:03.715427+0800","flow_id":1338119739940270,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47576,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4052300178,"tcpack":407765849,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:03.820490+0800","flow_id":1378451980173069,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":45228,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2726805695,"tcpack":3551386493,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:03.957795+0800","flow_id":1953324952094517,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":41868,"dest_ip":"185.125.188.132","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:47:58.913545+0800","end":"2023-07-22T08:48:02.005948+0800","age":4,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:04.784568+0800","flow_id":418358475852912,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48936,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1645836236,"tcpack":836953098,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:04.989186+0800","flow_id":429487469602331,"in_iface":"eth1","event_type":"flow","src_ip":"fe80:0000:0000:0000:374b:175a:2f40:bba1","dest_ip":"ff02:0000:0000:0000:0000:0000:0000:0002","proto":"IPv6-ICMP","icmp_type":133,"icmp_code":0,"flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":350,"bytes_toclient":0,"start":"2023-07-22T08:47:53.231069+0800","end":"2023-07-22T08:48:30.173355+0800","age":37,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:05.035422+0800","flow_id":380108404067827,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48938,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3055020837,"tcpack":2577758421,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:05.642018+0800","flow_id":505649179766019,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51213,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":846591040,"tcpack":657484254,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:06.346305+0800","flow_id":204240627498116,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51212,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3712289570,"tcpack":656674890,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:06.661254+0800","flow_id":505649179766019,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51213,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":846591040,"tcpack":657484254,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:06.811126+0800","flow_id":669012338141674,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41884,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":1924382772,"tcpack":1944328293,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:07.079642+0800","flow_id":986661794867240,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41194,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3628409530,"tcpack":1563178582,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:07.241505+0800","flow_id":505649179766019,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51213,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":846591040,"tcpack":657484254,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:07.256728+0800","flow_id":162815411822615,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45106,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2163637452,"tcpack":2537779004,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:07.287996+0800","flow_id":194954826696313,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.24.106","src_port":443,"dest_ip":"192.168.0.177","dest_port":40670,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1441506474,"tcpack":455243356,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:07.340852+0800","flow_id":1374096837292686,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41200,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4027769290,"tcpack":384691083,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:07.341058+0800","flow_id":922650848497169,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48722,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1702493463,"tcpack":2656666502,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:07.341266+0800","flow_id":950341419977161,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44898,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3073540060,"tcpack":176478161,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:07.352888+0800","flow_id":949645883086967,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48730,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3869908451,"tcpack":3316410762,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:07.503069+0800","flow_id":111570069957493,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45116,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2845011294,"tcpack":3695131078,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:07.560437+0800","flow_id":111568049991605,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45122,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3677832385,"tcpack":3721154265,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:07.567233+0800","flow_id":127054364387501,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.220.42","src_port":443,"dest_ip":"192.168.0.177","dest_port":56548,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4134150873,"tcpack":3577302899,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:07.588245+0800","flow_id":1349188034731632,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48750,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":336540036,"tcpack":1060443933,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:07.588462+0800","flow_id":1350974201271751,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1546814294,"tcpack":2428611954,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:07.598732+0800","flow_id":1349733794323144,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44902,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1542177444,"tcpack":2270904086,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:07.766950+0800","event_type":"stats","stats":{"uptime":80,"capture":{"kernel_packets":2452,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":391308,"poll_signal":0,"poll_timeout":11599,"poll_data":379709,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":2457,"bytes":1238118,"invalid":0,"ipv4":2146,"ipv6":40,"ethernet":2457,"arp":114,"unknown_ethertype":157,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":771,"udp":1371,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":40,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":503,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":276,"synack":463,"rst":13,"active_sessions":62,"sessions":63,"ssn_memcap_drop":0,"ssn_from_cache":0,"ssn_from_pool":63,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9705760,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":354,"active":258,"tcp":128,"udp":210,"icmpv4":2,"icmpv6":14,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":0,"flows_evicted_pkt_inject":0,"flows_evicted":2,"flows_injected":0,"flows_injected_max":0},"end":{"state":{"new":96,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":1,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":10,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":474,"flows_notimeout":380,"flows_timeout":94,"flows_evicted":94,"flows_evicted_needs_work":0},"spare":9894,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":94,"queue_avg":0,"queue_max":4},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":32,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":12,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":72,"nfs_udp":0,"krb5_udp":0,"failed_udp":90},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":16,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":12,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":74,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:49:07.811203+0800","flow_id":669012338141674,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41884,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":1924382772,"tcpack":1944328293,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:07.842930+0800","flow_id":1338119739940270,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47576,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4052300178,"tcpack":407765849,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:07.899578+0800","flow_id":1349733794323144,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44902,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1542177444,"tcpack":2270904086,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:08.055821+0800","flow_id":1378451980173069,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":45228,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2726805695,"tcpack":3551386493,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:08.055822+0800","flow_id":1379022640036363,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":53018,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":4170395282,"tcpack":3972466846,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:08.104277+0800","flow_id":1300738865302964,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1814690098,"tcpack":3225922527,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:08.408641+0800","flow_id":1300738865302964,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1814690098,"tcpack":3225922527,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:08.841086+0800","flow_id":669012338141674,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41884,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":1924382772,"tcpack":1944328293,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:09.086090+0800","flow_id":1379022640036363,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":53018,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":4170395282,"tcpack":3972466846,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:09.242806+0800","flow_id":505649179766019,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51213,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":846591040,"tcpack":657484254,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:09.845828+0800","flow_id":669012338141674,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41884,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":1924382772,"tcpack":1944328293,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:09.956114+0800","flow_id":1349733794323144,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44902,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1542177444,"tcpack":2270904086,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:10.118881+0800","flow_id":738929403525063,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":40994,"dest_ip":"13.251.3.40","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:48:02.040973+0800","end":"2023-07-22T08:48:05.038173+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:10.119435+0800","flow_id":2023239739406757,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.100","dest_port":52905,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":119,"bytes_toclient":0,"start":"2023-07-22T08:48:39.471072+0800","end":"2023-07-22T08:48:39.471072+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:10.442387+0800","flow_id":1300738865302964,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1814690098,"tcpack":3225922527,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:11.134159+0800","flow_id":1379022640036363,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":53018,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":4170395282,"tcpack":3972466846,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:11.148492+0800","flow_id":2231058968123053,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41868,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:47:59.126242+0800","end":"2023-07-22T08:48:06.468777+0800","age":7,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:11.249692+0800","flow_id":505649179766019,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51213,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":846591040,"tcpack":657484254,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:11.438602+0800","flow_id":162815411822615,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45106,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2163637452,"tcpack":2537779004,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:11.438964+0800","flow_id":193884489994801,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45104,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":595132403,"tcpack":2570752288,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:11.438820+0800","flow_id":194954826696313,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.24.106","src_port":443,"dest_ip":"192.168.0.177","dest_port":40670,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1441506474,"tcpack":455243356,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:11.685464+0800","flow_id":111570069957493,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45116,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2845011294,"tcpack":3695131078,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:11.685667+0800","flow_id":111568049991605,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45122,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3677832385,"tcpack":3721154265,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:11.697045+0800","flow_id":127054364387501,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.220.42","src_port":443,"dest_ip":"192.168.0.177","dest_port":56548,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4134150873,"tcpack":3577302899,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:11.738732+0800","flow_id":193884489994801,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45104,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":595132403,"tcpack":2570752288,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:11.852965+0800","flow_id":669012338141674,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41884,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":1924382772,"tcpack":1944328293,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:12.174941+0800","flow_id":1673394319304760,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":51209,"dest_ip":"146.56.252.164","dest_port":50443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":434,"bytes_toclient":0,"start":"2023-07-22T08:47:57.520689+0800","end":"2023-07-22T08:48:09.132642+0800","age":12,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:12.175709+0800","flow_id":701137352501974,"in_iface":"eth2","event_type":"flow","src_ip":"13.251.3.40","src_port":443,"dest_ip":"192.168.0.100","dest_port":40994,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:48:02.097710+0800","end":"2023-07-22T08:48:11.270022+0800","age":9,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:12.176188+0800","flow_id":1944799483048380,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":4978,"dest_ip":"185.125.188.133","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:48:06.059592+0800","end":"2023-07-22T08:48:09.259197+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:12.176631+0800","flow_id":379859322582505,"in_iface":"eth2","event_type":"flow","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46258,"proto":"TCP","flow":{"pkts_toserver":8,"pkts_toclient":0,"bytes_toserver":592,"bytes_toclient":0,"start":"2023-07-22T08:48:01.743802+0800","end":"2023-07-22T08:48:11.293446+0800","age":10,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:12.952527+0800","flow_id":150424177379253,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.120","src_port":43701,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":17279,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:49:12.952950+0800","flow_id":152240833512293,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.120","src_port":8533,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":4221,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:49:13.094116+0800","flow_id":404226839363586,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":35818,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":2633722819,"tcpack":759551691,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:13.105273+0800","flow_id":452144856469593,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.152","src_port":80,"dest_ip":"192.168.0.120","dest_port":58444,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":1221249738,"tcpack":4133650469,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:13.204926+0800","flow_id":388933228944393,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":53718,"dest_ip":"27.185.201.156","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:48:01.483771+0800","end":"2023-07-22T08:48:10.639202+0800","age":9,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:13.253427+0800","flow_id":505649179766019,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51213,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":846591040,"tcpack":657484254,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:13.259112+0800","flow_id":505649179766019,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51213,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":846591040,"tcpack":657484254,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:13.300604+0800","flow_id":404226839363586,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":35818,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":2633722819,"tcpack":759551691,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:13.311512+0800","flow_id":452144856469593,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.152","src_port":80,"dest_ip":"192.168.0.120","dest_port":58444,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":1221249738,"tcpack":4133650469,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:13.507324+0800","flow_id":404226839363586,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":35818,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":2633722819,"tcpack":759551691,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:13.519364+0800","flow_id":452144856469593,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.152","src_port":80,"dest_ip":"192.168.0.120","dest_port":58444,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":1221249738,"tcpack":4133650469,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:13.714180+0800","flow_id":404226839363586,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":35818,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":2633722819,"tcpack":759551691,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:13.724031+0800","flow_id":452144856469593,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.152","src_port":80,"dest_ip":"192.168.0.120","dest_port":58444,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":1221249738,"tcpack":4133650469,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:13.802551+0800","flow_id":193884489994801,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45104,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":595132403,"tcpack":2570752288,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:13.897781+0800","flow_id":478241182773656,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4994,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2103905428,"tcpack":3886326903,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:13.989108+0800","flow_id":1349733794323144,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44902,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1542177444,"tcpack":2270904086,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:14.123725+0800","flow_id":404226839363586,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":35818,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":2633722819,"tcpack":759551691,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:14.150552+0800","flow_id":452144856469593,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.152","src_port":80,"dest_ip":"192.168.0.120","dest_port":58444,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":1221249738,"tcpack":4133650469,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:14.151026+0800","flow_id":452144856469593,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.152","src_port":80,"dest_ip":"192.168.0.120","dest_port":58444,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":1221249738,"tcpack":4133650469,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:14.151027+0800","flow_id":404226839363586,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":35818,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":2633722819,"tcpack":759551691,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:14.229794+0800","flow_id":335064385448364,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.122","src_port":34120,"dest_ip":"125.64.3.135","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:48:01.667837+0800","end":"2023-07-22T08:48:11.222644+0800","age":10,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:14.230777+0800","flow_id":322031699230868,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.122","src_port":46258,"dest_ip":"27.185.201.156","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:48:01.664802+0800","end":"2023-07-22T08:48:11.222903+0800","age":10,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:14.231175+0800","flow_id":1212610857992415,"in_iface":"eth2","event_type":"flow","src_ip":"94.74.89.198","src_port":443,"dest_ip":"192.168.0.120","dest_port":48416,"proto":"TCP","flow":{"pkts_toserver":8,"pkts_toclient":0,"bytes_toserver":592,"bytes_toclient":0,"start":"2023-07-22T08:48:04.544476+0800","end":"2023-07-22T08:48:13.761481+0800","age":9,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:14.231764+0800","flow_id":813140549699655,"in_iface":"eth2","event_type":"flow","src_ip":"205.189.160.58","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:42.189324+0800","end":"2023-07-22T08:48:42.189324+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:14.473925+0800","flow_id":1300738865302964,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1814690098,"tcpack":3225922527,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:14.907301+0800","flow_id":478241182773656,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4994,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2103905428,"tcpack":3886326903,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:15.167325+0800","flow_id":1379022640036363,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":53018,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":4170395282,"tcpack":3972466846,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:15.258388+0800","flow_id":30350169348359,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":39960,"dest_ip":"13.228.231.9","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:48:08.072602+0800","end":"2023-07-22T08:48:11.068046+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:15.258970+0800","flow_id":1556987333319659,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.122","src_port":55564,"dest_ip":"159.138.85.194","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:48:05.100370+0800","end":"2023-07-22T08:48:14.295057+0800","age":9,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:15.259849+0800","flow_id":478271561082340,"in_iface":"eth2","event_type":"flow","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":44052,"proto":"TCP","flow":{"pkts_toserver":8,"pkts_toclient":0,"bytes_toserver":592,"bytes_toclient":0,"start":"2023-07-22T08:48:01.570108+0800","end":"2023-07-22T08:48:10.735921+0800","age":9,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:15.261890+0800","flow_id":505649179766019,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51213,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":846591040,"tcpack":657484254,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:15.773311+0800","event_type":"stats","stats":{"uptime":88,"capture":{"kernel_packets":2569,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":417954,"poll_signal":0,"poll_timeout":12972,"poll_data":404982,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":2579,"bytes":1248661,"invalid":0,"ipv4":2246,"ipv6":40,"ethernet":2579,"arp":116,"unknown_ethertype":177,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":862,"udp":1380,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":40,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":484,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":309,"synack":521,"rst":13,"active_sessions":60,"sessions":67,"ssn_memcap_drop":0,"ssn_from_cache":0,"ssn_from_pool":67,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9705536,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":370,"active":262,"tcp":136,"udp":218,"icmpv4":2,"icmpv6":14,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":0,"flows_evicted_pkt_inject":0,"flows_evicted":2,"flows_injected":0,"flows_injected_max":0},"end":{"state":{"new":108,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":7,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":12,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":528,"flows_notimeout":422,"flows_timeout":106,"flows_evicted":106,"flows_evicted_needs_work":0},"spare":9906,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":106,"queue_avg":0,"queue_max":4},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":36,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":12,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":74,"nfs_udp":0,"krb5_udp":0,"failed_udp":92},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":18,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":12,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":76,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:49:15.915652+0800","flow_id":478241182773656,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4994,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2103905428,"tcpack":3886326903,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:16.006531+0800","flow_id":1153952421477612,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":49890,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3701140817,"tcpack":1094145864,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:16.006304+0800","flow_id":1152976785714978,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.120","dest_port":37780,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":567224815,"tcpack":1701976821,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:16.105333+0800","flow_id":669012338141674,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41884,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":1924382772,"tcpack":1944328293,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:16.142099+0800","flow_id":452144856469593,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.152","src_port":80,"dest_ip":"192.168.0.120","dest_port":58444,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":1221249738,"tcpack":4133650469,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:16.148484+0800","flow_id":404226839363586,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":35818,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":2633722819,"tcpack":759551691,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:16.285767+0800","flow_id":1559237059096723,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.122","src_port":49880,"dest_ip":"159.138.85.194","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:48:05.100894+0800","end":"2023-07-22T08:48:14.294826+0800","age":9,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:16.286053+0800","flow_id":1617477990428988,"in_iface":"eth2","event_type":"flow","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51209,"proto":"TCP","flow":{"pkts_toserver":10,"pkts_toclient":0,"bytes_toserver":620,"bytes_toclient":0,"start":"2023-07-22T08:47:57.573206+0800","end":"2023-07-22T08:48:15.263493+0800","age":18,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:16.286529+0800","flow_id":1248950642229138,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":56470,"dest_ip":"159.138.85.194","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:48:04.487401+0800","end":"2023-07-22T08:48:13.715558+0800","age":9,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:16.287021+0800","flow_id":2222134817081651,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":52905,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":71,"bytes_toclient":0,"start":"2023-07-22T08:48:39.451845+0800","end":"2023-07-22T08:48:39.451845+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:16.999310+0800","flow_id":1153952421477612,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":49890,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3701140817,"tcpack":1094145864,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:16.999533+0800","flow_id":1152976785714978,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.120","dest_port":37780,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":567224815,"tcpack":1701976821,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:17.107285+0800","flow_id":478241182773656,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4994,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2103905428,"tcpack":3886326903,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:17.255794+0800","flow_id":505649179766019,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51213,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":846591040,"tcpack":657484254,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:17.312316+0800","flow_id":1957933659083702,"in_iface":"eth2","event_type":"flow","src_ip":"45.125.1.20","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:46.193722+0800","end":"2023-07-22T08:48:46.193722+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:17.312580+0800","flow_id":417528234267800,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":44052,"dest_ip":"27.185.201.156","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:48:01.490429+0800","end":"2023-07-22T08:48:10.639163+0800","age":9,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:17.312942+0800","flow_id":1871882128677750,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"45.125.1.20","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:46.173687+0800","end":"2023-07-22T08:48:46.173687+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:17.313515+0800","flow_id":502683678044030,"in_iface":"eth2","event_type":"flow","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.120","dest_port":53718,"proto":"TCP","flow":{"pkts_toserver":8,"pkts_toclient":0,"bytes_toserver":592,"bytes_toclient":0,"start":"2023-07-22T08:48:01.575792+0800","end":"2023-07-22T08:48:10.735541+0800","age":9,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:17.372697+0800","flow_id":1969451156594589,"in_iface":"eth2","event_type":"drop","src_ip":"151.101.109.140","src_port":443,"dest_ip":"192.168.0.177","dest_port":35516,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":50,"ipid":0,"tcpseq":1591058213,"tcpack":488097785,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:17.622137+0800","flow_id":1921585296563476,"in_iface":"eth2","event_type":"drop","src_ip":"151.101.109.140","src_port":443,"dest_ip":"192.168.0.177","dest_port":35528,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":50,"ipid":0,"tcpseq":884844221,"tcpack":744231031,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:17.834254+0800","flow_id":193884489994801,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45104,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":595132403,"tcpack":2570752288,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:18.017375+0800","flow_id":1153952421477612,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":49890,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3701140817,"tcpack":1094145864,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:18.027431+0800","flow_id":1152976785714978,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.120","dest_port":37780,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":567224815,"tcpack":1701976821,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:18.230827+0800","flow_id":452144856469593,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.152","src_port":80,"dest_ip":"192.168.0.120","dest_port":58444,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":1221249738,"tcpack":4133650469,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:18.243952+0800","flow_id":404226839363586,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":35818,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":2633722819,"tcpack":759551691,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:18.342742+0800","flow_id":425887794297131,"in_iface":"eth2","event_type":"flow","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.122","dest_port":34120,"proto":"TCP","flow":{"pkts_toserver":8,"pkts_toclient":0,"bytes_toserver":592,"bytes_toclient":0,"start":"2023-07-22T08:48:01.754519+0800","end":"2023-07-22T08:48:11.304778+0800","age":10,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:18.343492+0800","flow_id":1701892046161419,"in_iface":"eth2","event_type":"flow","src_ip":"58.176.194.96","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:46.199644+0800","end":"2023-07-22T08:48:46.199644+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:18.343860+0800","flow_id":1742836173473812,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4978,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:48:06.274713+0800","end":"2023-07-22T08:48:15.618698+0800","age":9,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:18.398920+0800","flow_id":1969451156594589,"in_iface":"eth2","event_type":"drop","src_ip":"151.101.109.140","src_port":443,"dest_ip":"192.168.0.177","dest_port":35516,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":50,"ipid":0,"tcpseq":1591058213,"tcpack":488097785,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:18.642719+0800","flow_id":1921585296563476,"in_iface":"eth2","event_type":"drop","src_ip":"151.101.109.140","src_port":443,"dest_ip":"192.168.0.177","dest_port":35528,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":50,"ipid":0,"tcpseq":884844221,"tcpack":744231031,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:19.034853+0800","flow_id":1153952421477612,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":49890,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3701140817,"tcpack":1094145864,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:19.034852+0800","flow_id":1152976785714978,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.120","dest_port":37780,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":567224815,"tcpack":1701976821,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:19.119803+0800","flow_id":478241182773656,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4994,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2103905428,"tcpack":3886326903,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:19.370164+0800","flow_id":1027519199354034,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"203.9.150.169","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:43.173701+0800","end":"2023-07-22T08:48:43.173701+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:19.371054+0800","flow_id":1644022263559948,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.170","dest_port":50677,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":164,"bytes_toclient":0,"start":"2023-07-22T08:48:45.579386+0800","end":"2023-07-22T08:48:45.579386+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:19.371609+0800","flow_id":746138562509951,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"205.189.160.58","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:42.173723+0800","end":"2023-07-22T08:48:42.173723+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:19.608253+0800","flow_id":2049477770111923,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.170","src_port":50679,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":1697,"rrname":"devs-pe.tplinkcloud.com.cn","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:49:20.400417+0800","flow_id":1249622725148039,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":48416,"dest_ip":"94.74.89.198","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:48:04.487558+0800","end":"2023-07-22T08:48:13.713388+0800","age":9,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:20.401023+0800","flow_id":386639597977744,"in_iface":"eth2","event_type":"flow","src_ip":"142.251.220.13","src_port":443,"dest_ip":"192.168.0.177","dest_port":34069,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":20,"pkts_toclient":0,"bytes_toserver":7620,"bytes_toclient":0,"start":"2023-07-22T08:48:49.679845+0800","end":"2023-07-22T08:48:49.983877+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:20.401355+0800","flow_id":1224097110343984,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":55939,"dest_ip":"192.168.0.255","dest_port":20002,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":1021,"bytes_toclient":0,"start":"2023-07-22T08:48:44.088399+0800","end":"2023-07-22T08:48:44.088399+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:20.401663+0800","flow_id":1516884924678710,"in_iface":"eth2","event_type":"flow","src_ip":"159.138.85.194","src_port":443,"dest_ip":"192.168.0.122","dest_port":55564,"proto":"TCP","flow":{"pkts_toserver":8,"pkts_toclient":0,"bytes_toserver":528,"bytes_toclient":0,"start":"2023-07-22T08:48:05.156569+0800","end":"2023-07-22T08:48:18.946324+0800","age":13,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:20.401993+0800","flow_id":1990732275499889,"in_iface":"eth2","event_type":"flow","src_ip":"118.143.17.82","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:47.201359+0800","end":"2023-07-22T08:48:47.201359+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:20.402429+0800","flow_id":291566759561244,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":43777,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":71,"bytes_toclient":0,"start":"2023-07-22T08:48:49.264493+0800","end":"2023-07-22T08:48:49.264493+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:20.402666+0800","flow_id":1908511250696275,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":41872,"dest_ip":"185.125.188.132","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:48:14.313287+0800","end":"2023-07-22T08:48:17.365825+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:20.402918+0800","flow_id":193815144220971,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":44558,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":75,"bytes_toclient":0,"start":"2023-07-22T08:48:48.897094+0800","end":"2023-07-22T08:48:48.897094+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:20.403091+0800","flow_id":106173017803240,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":44558,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":221,"bytes_toclient":0,"start":"2023-07-22T08:48:48.942224+0800","end":"2023-07-22T08:48:48.942224+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:20.403267+0800","flow_id":193814073560069,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":42596,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":75,"bytes_toclient":0,"start":"2023-07-22T08:48:48.897093+0800","end":"2023-07-22T08:48:48.897093+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:20.403538+0800","flow_id":1297622619098,"in_iface":"eth2","event_type":"flow","src_ip":"13.228.231.9","src_port":443,"dest_ip":"192.168.0.100","dest_port":39960,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:48:08.131374+0800","end":"2023-07-22T08:48:17.395345+0800","age":9,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:20.403730+0800","flow_id":1114266870142481,"in_iface":"eth2","event_type":"flow","src_ip":"203.9.150.169","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:43.193899+0800","end":"2023-07-22T08:48:43.193899+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:20.403934+0800","flow_id":308577857231224,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":38455,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":88,"bytes_toclient":0,"start":"2023-07-22T08:48:49.399526+0800","end":"2023-07-22T08:48:49.399526+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:20.404191+0800","flow_id":78526596964430,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":42596,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":365,"bytes_toclient":0,"start":"2023-07-22T08:48:48.935787+0800","end":"2023-07-22T08:48:48.935787+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:20.921803+0800","flow_id":418358475852912,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48936,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3905480675,"tcpack":836953098,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:21.034415+0800","flow_id":1152976785714978,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.120","dest_port":37780,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":567224815,"tcpack":1701976821,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:21.088876+0800","flow_id":1153952421477612,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":49890,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3701140817,"tcpack":1094145864,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:21.161703+0800","flow_id":380108404067827,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48938,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":29258025,"tcpack":2577758421,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:21.230956+0800","flow_id":418358475852912,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48936,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3905480675,"tcpack":836953098,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:21.319956+0800","flow_id":505649179766019,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51213,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":846591040,"tcpack":657484254,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:21.429666+0800","flow_id":326855786098781,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":50450,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":79,"bytes_toclient":0,"start":"2023-07-22T08:48:49.600390+0800","end":"2023-07-22T08:48:49.600390+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:21.430110+0800","flow_id":415626064360524,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":43777,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":327,"bytes_toclient":0,"start":"2023-07-22T08:48:49.293378+0800","end":"2023-07-22T08:48:49.293378+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:21.430487+0800","flow_id":1871876005623774,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"58.176.194.96","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:46.173686+0800","end":"2023-07-22T08:48:46.173686+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:21.464499+0800","flow_id":380108404067827,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48938,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":29258025,"tcpack":2577758421,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:22.455728+0800","flow_id":1515099852113944,"in_iface":"eth2","event_type":"flow","src_ip":"159.138.85.194","src_port":80,"dest_ip":"192.168.0.122","dest_port":49880,"proto":"TCP","flow":{"pkts_toserver":8,"pkts_toclient":0,"bytes_toserver":528,"bytes_toclient":0,"start":"2023-07-22T08:48:05.156153+0800","end":"2023-07-22T08:48:18.536726+0800","age":13,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:22.456367+0800","flow_id":880242128390297,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":53812,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":114,"bytes_toclient":0,"start":"2023-07-22T08:48:51.794771+0800","end":"2023-07-22T08:48:51.794771+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:22.456703+0800","flow_id":1240792446339433,"in_iface":"eth2","event_type":"flow","src_ip":"159.138.85.194","src_port":80,"dest_ip":"192.168.0.120","dest_port":56470,"proto":"TCP","flow":{"pkts_toserver":8,"pkts_toclient":0,"bytes_toserver":528,"bytes_toclient":0,"start":"2023-07-22T08:48:04.551038+0800","end":"2023-07-22T08:48:18.025231+0800","age":14,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:22.456913+0800","flow_id":508515040299386,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":34069,"dest_ip":"142.251.220.13","dest_port":443,"proto":"UDP","app_proto":"quic","flow":{"pkts_toserver":11,"pkts_toclient":0,"bytes_toserver":3121,"bytes_toclient":0,"start":"2023-07-22T08:48:49.642685+0800","end":"2023-07-22T08:48:49.939400+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:22.457406+0800","flow_id":326857031619485,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":53680,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":79,"bytes_toclient":0,"start":"2023-07-22T08:48:49.600390+0800","end":"2023-07-22T08:48:49.600390+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:22.457810+0800","flow_id":461983922460511,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":50450,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":95,"bytes_toclient":0,"start":"2023-07-22T08:48:49.631852+0800","end":"2023-07-22T08:48:49.631852+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:22.458170+0800","flow_id":1622787124304606,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":50677,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:48:45.574442+0800","end":"2023-07-22T08:48:45.574442+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:22.458503+0800","flow_id":650515910958330,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":40143,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":99,"bytes_toclient":0,"start":"2023-07-22T08:48:50.872356+0800","end":"2023-07-22T08:48:50.872356+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:22.458958+0800","flow_id":1007014453125921,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":40274,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":113,"bytes_toclient":0,"start":"2023-07-22T08:48:51.562143+0800","end":"2023-07-22T08:48:51.562143+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:22.459434+0800","flow_id":891221010360036,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":37476,"dest_ip":"142.250.66.110","dest_port":443,"proto":"UDP","app_proto":"quic","flow":{"pkts_toserver":9,"pkts_toclient":0,"bytes_toserver":2485,"bytes_toclient":0,"start":"2023-07-22T08:48:51.797327+0800","end":"2023-07-22T08:48:51.885471+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:22.459813+0800","flow_id":927244425045798,"in_iface":"eth2","event_type":"flow","src_ip":"172.217.31.1","src_port":443,"dest_ip":"192.168.0.177","dest_port":54796,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":58,"pkts_toclient":0,"bytes_toserver":76678,"bytes_toclient":0,"start":"2023-07-22T08:48:51.609106+0800","end":"2023-07-22T08:48:51.815942+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:22.460151+0800","flow_id":440674769774686,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":53680,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":107,"bytes_toclient":0,"start":"2023-07-22T08:48:49.626890+0800","end":"2023-07-22T08:48:49.626890+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:22.680866+0800","flow_id":672500195315536,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51214,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":387957548,"tcpack":658293686,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:23.215224+0800","flow_id":478241182773656,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4994,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2103905428,"tcpack":3886326903,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:23.226616+0800","flow_id":986661794867240,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41194,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3996231890,"tcpack":1563178582,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:23.255714+0800","flow_id":418358475852912,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48936,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3905480675,"tcpack":836953098,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:23.471624+0800","flow_id":380108404067827,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48938,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":29258025,"tcpack":2577758421,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:23.478641+0800","flow_id":949645883086967,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48730,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":692061498,"tcpack":3316410762,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:23.479083+0800","flow_id":922650848497169,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48722,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1542798123,"tcpack":2656666502,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:23.483541+0800","flow_id":574798299870449,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":33329,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":87,"bytes_toclient":0,"start":"2023-07-22T08:48:50.854726+0800","end":"2023-07-22T08:48:50.854726+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:23.484011+0800","flow_id":573320533064291,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":50325,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":74,"bytes_toclient":0,"start":"2023-07-22T08:48:50.199022+0800","end":"2023-07-22T08:48:50.199022+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:23.484368+0800","flow_id":334858538007734,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":38455,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":88,"bytes_toclient":0,"start":"2023-07-22T08:48:49.405645+0800","end":"2023-07-22T08:48:49.405645+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:23.484875+0800","flow_id":959613721659200,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":50447,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":101,"bytes_toclient":0,"start":"2023-07-22T08:48:51.551107+0800","end":"2023-07-22T08:48:51.551107+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:23.485197+0800","flow_id":947530350020727,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":53812,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:48:51.744902+0800","end":"2023-07-22T08:48:51.744902+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:23.485391+0800","flow_id":1143506250123389,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":53643,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":92,"bytes_toclient":0,"start":"2023-07-22T08:48:52.659459+0800","end":"2023-07-22T08:48:52.659459+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:23.485576+0800","flow_id":950341419977161,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44898,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3509851206,"tcpack":176478161,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:23.485215+0800","flow_id":1374096837292686,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41200,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1825941106,"tcpack":384691083,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:23.491649+0800","flow_id":1165276350466787,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":53643,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":92,"bytes_toclient":0,"start":"2023-07-22T08:48:52.664528+0800","end":"2023-07-22T08:48:52.664528+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:23.528538+0800","flow_id":986661794867240,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41194,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3996231890,"tcpack":1563178582,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:23.690434+0800","flow_id":672500195315536,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51214,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":387957548,"tcpack":658293686,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:23.726669+0800","flow_id":1349188034731632,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48750,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2599180908,"tcpack":1060443933,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:23.727004+0800","flow_id":1349733794323144,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44902,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3686819252,"tcpack":2270904086,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:23.727108+0800","flow_id":1350974201271751,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4095868906,"tcpack":2428611954,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:23.780216+0800","flow_id":922650848497169,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48722,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1542798123,"tcpack":2656666502,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:23.780153+0800","event_type":"stats","stats":{"uptime":96,"capture":{"kernel_packets":2643,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":426488,"poll_signal":0,"poll_timeout":14041,"poll_data":412447,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":2647,"bytes":1253844,"invalid":0,"ipv4":2297,"ipv6":40,"ethernet":2647,"arp":118,"unknown_ethertype":192,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":909,"udp":1384,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":40,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":473,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":327,"synack":550,"rst":13,"active_sessions":56,"sessions":70,"ssn_memcap_drop":0,"ssn_from_cache":0,"ssn_from_pool":70,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9705632,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":383,"active":244,"tcp":142,"udp":225,"icmpv4":2,"icmpv6":14,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":0,"flows_evicted_pkt_inject":0,"flows_evicted":2,"flows_injected":0,"flows_injected_max":0},"end":{"state":{"new":139,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":14,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":12,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":585,"flows_notimeout":448,"flows_timeout":137,"flows_evicted":137,"flows_evicted_needs_work":0},"spare":9937,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":137,"queue_avg":0,"queue_max":4},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":40,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":12,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":75,"nfs_udp":0,"krb5_udp":0,"failed_udp":94},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":20,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":12,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":77,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:49:23.784783+0800","flow_id":949645883086967,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48730,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":692061498,"tcpack":3316410762,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:23.791051+0800","flow_id":1374096837292686,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41200,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1825941106,"tcpack":384691083,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:23.796012+0800","flow_id":950341419977161,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44898,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3509851206,"tcpack":176478161,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:23.978049+0800","flow_id":1338119739940270,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47576,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1498290446,"tcpack":407765849,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:24.027717+0800","flow_id":1349733794323144,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44902,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3686819252,"tcpack":2270904086,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:24.031407+0800","flow_id":1350974201271751,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4095868906,"tcpack":2428611954,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:24.037682+0800","flow_id":1349188034731632,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48750,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2599180908,"tcpack":1060443933,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:24.237611+0800","flow_id":1300738865302964,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3915955563,"tcpack":3225922527,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:24.265755+0800","flow_id":672500195315536,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51214,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":387957548,"tcpack":658293686,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:24.281323+0800","flow_id":1338119739940270,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47576,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1498290446,"tcpack":407765849,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:24.510751+0800","flow_id":745866566847720,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"162.159.200.123","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:50.173660+0800","end":"2023-07-22T08:48:50.173660+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:24.511135+0800","flow_id":881744441855321,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":50608,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":102,"bytes_toclient":0,"start":"2023-07-22T08:48:51.795121+0800","end":"2023-07-22T08:48:51.795121+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:24.511502+0800","flow_id":668953208704420,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":50325,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":102,"bytes_toclient":0,"start":"2023-07-22T08:48:50.221288+0800","end":"2023-07-22T08:48:50.221288+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:24.511952+0800","flow_id":981763565114832,"in_iface":"eth2","event_type":"flow","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":59318,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":2542,"bytes_toclient":0,"start":"2023-07-22T08:48:51.883944+0800","end":"2023-07-22T08:48:51.949094+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:24.512373+0800","flow_id":417890829293513,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":59391,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":183,"bytes_toclient":0,"start":"2023-07-22T08:48:49.293905+0800","end":"2023-07-22T08:48:49.293905+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:24.512755+0800","flow_id":837309362953330,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":40143,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":71,"bytes_toclient":0,"start":"2023-07-22T08:48:50.850311+0800","end":"2023-07-22T08:48:50.850311+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:24.512979+0800","flow_id":1272044605037684,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":45340,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":94,"bytes_toclient":0,"start":"2023-07-22T08:48:52.558314+0800","end":"2023-07-22T08:48:52.558314+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:24.513267+0800","flow_id":949337919020264,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":55604,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:48:51.745322+0800","end":"2023-07-22T08:48:51.745322+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:24.513587+0800","flow_id":670289649557173,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":35565,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:50.221599+0800","end":"2023-07-22T08:48:50.221599+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:24.513908+0800","flow_id":745868585033846,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"162.159.200.1","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:50.173661+0800","end":"2023-07-22T08:48:50.173661+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:24.514306+0800","flow_id":2153456404489416,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"118.143.17.82","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:47.173710+0800","end":"2023-07-22T08:48:47.173710+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:24.514679+0800","flow_id":1369909939561708,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":45340,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":141,"bytes_toclient":0,"start":"2023-07-22T08:48:52.581101+0800","end":"2023-07-22T08:48:52.581101+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:24.514966+0800","flow_id":686873766225219,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":48253,"dest_ip":"142.250.207.68","dest_port":443,"proto":"UDP","app_proto":"quic","flow":{"pkts_toserver":4,"pkts_toclient":0,"bytes_toserver":1706,"bytes_toclient":0,"start":"2023-07-22T08:48:50.225461+0800","end":"2023-07-22T08:48:50.301647+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:24.515390+0800","flow_id":837195670251547,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":33329,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":71,"bytes_toclient":0,"start":"2023-07-22T08:48:50.850284+0800","end":"2023-07-22T08:48:50.850284+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:24.515827+0800","flow_id":946571917290619,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":46750,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:48:51.744678+0800","end":"2023-07-22T08:48:51.744678+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:24.543812+0800","flow_id":1300738865302964,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3915955563,"tcpack":3225922527,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:25.068172+0800","flow_id":1152976785714978,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.120","dest_port":37780,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":567224815,"tcpack":1701976821,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:25.122091+0800","flow_id":1153952421477612,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":49890,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3701140817,"tcpack":1094145864,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:25.536361+0800","flow_id":986661794867240,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41194,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3996231890,"tcpack":1563178582,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:25.540306+0800","flow_id":291564120207786,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":59391,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":71,"bytes_toclient":0,"start":"2023-07-22T08:48:49.264493+0800","end":"2023-07-22T08:48:49.264493+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:25.540756+0800","flow_id":1698788000233256,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41872,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:48:14.526601+0800","end":"2023-07-22T08:48:21.831038+0800","age":7,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:25.541090+0800","flow_id":893984805059826,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":60554,"dest_ip":"172.217.27.14","dest_port":443,"proto":"UDP","app_proto":"quic","flow":{"pkts_toserver":9,"pkts_toclient":0,"bytes_toserver":2744,"bytes_toclient":0,"start":"2023-07-22T08:48:51.797971+0800","end":"2023-07-22T08:48:51.907598+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:25.541309+0800","flow_id":1289273119374764,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":32800,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":84,"bytes_toclient":0,"start":"2023-07-22T08:48:52.365718+0800","end":"2023-07-22T08:48:52.365718+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:25.541607+0800","flow_id":1175985737073413,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":55755,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":92,"bytes_toclient":0,"start":"2023-07-22T08:48:52.601485+0800","end":"2023-07-22T08:48:52.601485+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:25.541813+0800","flow_id":1161710269006665,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":51998,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":100,"bytes_toclient":0,"start":"2023-07-22T08:48:52.467089+0800","end":"2023-07-22T08:48:52.467089+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:25.542083+0800","flow_id":576907918411667,"in_iface":"eth2","event_type":"flow","src_ip":"162.159.200.1","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:50.199857+0800","end":"2023-07-22T08:48:50.199857+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:25.542512+0800","flow_id":948459829629045,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":50608,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:48:51.745118+0800","end":"2023-07-22T08:48:51.745118+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:25.542726+0800","flow_id":1023975238766832,"in_iface":"eth2","event_type":"flow","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":37476,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":11,"pkts_toclient":0,"bytes_toserver":8150,"bytes_toclient":0,"start":"2023-07-22T08:48:51.828236+0800","end":"2023-07-22T08:48:51.926956+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:25.542993+0800","flow_id":1308032410882392,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"17.253.84.253","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:52.173478+0800","end":"2023-07-22T08:48:52.173478+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:25.543204+0800","flow_id":841635489944036,"in_iface":"eth2","event_type":"flow","src_ip":"142.250.207.68","src_port":443,"dest_ip":"192.168.0.177","dest_port":48253,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":9,"pkts_toclient":0,"bytes_toserver":6187,"bytes_toclient":0,"start":"2023-07-22T08:48:50.261494+0800","end":"2023-07-22T08:48:50.314276+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:25.820169+0800","flow_id":922650848497169,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48722,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1542798123,"tcpack":2656666502,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:25.825258+0800","flow_id":949645883086967,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48730,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":692061498,"tcpack":3316410762,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:25.847484+0800","flow_id":1374096837292686,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41200,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1825941106,"tcpack":384691083,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:25.858998+0800","flow_id":950341419977161,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44898,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3509851206,"tcpack":176478161,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:26.043998+0800","flow_id":1349188034731632,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48750,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2599180908,"tcpack":1060443933,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:26.075363+0800","flow_id":1349733794323144,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44902,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3686819252,"tcpack":2270904086,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:26.081058+0800","flow_id":1350974201271751,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4095868906,"tcpack":2428611954,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:26.144719+0800","flow_id":1747465020235212,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41888,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2419583731,"tcpack":3296804684,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:26.264619+0800","flow_id":672500195315536,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51214,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":387957548,"tcpack":658293686,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:26.314641+0800","flow_id":1338119739940270,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47576,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1498290446,"tcpack":407765849,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:26.568358+0800","flow_id":1300738865302964,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3915955563,"tcpack":3225922527,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:26.569461+0800","flow_id":861611586918610,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":50447,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":85,"bytes_toclient":0,"start":"2023-07-22T08:48:51.528289+0800","end":"2023-07-22T08:48:51.528289+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:26.569954+0800","flow_id":1170039653440634,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":50590,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":182,"bytes_toclient":0,"start":"2023-07-22T08:48:52.600101+0800","end":"2023-07-22T08:48:52.600101+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:26.570325+0800","flow_id":1754903601389484,"in_iface":"eth2","event_type":"flow","src_ip":"91.108.56.117","src_port":443,"dest_ip":"192.168.0.120","dest_port":42544,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":198,"bytes_toclient":0,"start":"2023-07-22T08:47:50.801811+0800","end":"2023-07-22T08:48:24.595885+0800","age":34,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:26.570720+0800","flow_id":1108044831171328,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":57115,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":102,"bytes_toclient":0,"start":"2023-07-22T08:48:51.782274+0800","end":"2023-07-22T08:48:51.782274+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:26.571365+0800","flow_id":1196655604511105,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":55755,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":92,"bytes_toclient":0,"start":"2023-07-22T08:48:52.606298+0800","end":"2023-07-22T08:48:52.606298+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:26.571509+0800","flow_id":1521919251753935,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":4982,"dest_ip":"185.125.188.133","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:48:21.419885+0800","end":"2023-07-22T08:48:24.619326+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:26.571801+0800","flow_id":948453930021370,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":35935,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:48:51.745117+0800","end":"2023-07-22T08:48:51.745117+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:26.572133+0800","flow_id":1327992241828473,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":32800,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":84,"bytes_toclient":0,"start":"2023-07-22T08:48:52.374733+0800","end":"2023-07-22T08:48:52.374733+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:26.572603+0800","flow_id":1079058658277408,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":59318,"dest_ip":"142.251.130.14","dest_port":443,"proto":"UDP","app_proto":"quic","flow":{"pkts_toserver":8,"pkts_toclient":0,"bytes_toserver":2233,"bytes_toclient":0,"start":"2023-07-22T08:48:51.841061+0800","end":"2023-07-22T08:48:51.950150+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:27.144654+0800","flow_id":1747465020235212,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41888,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2419583731,"tcpack":3296804684,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:27.187473+0800","flow_id":1747465020235212,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41888,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2419583731,"tcpack":3296804684,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:27.288159+0800","flow_id":418358475852912,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48936,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3905480675,"tcpack":836953098,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:27.505593+0800","flow_id":380108404067827,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48938,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":29258025,"tcpack":2577758421,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:27.558069+0800","flow_id":162815411822615,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45106,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1261884186,"tcpack":2537779004,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:27.558305+0800","flow_id":194954826696313,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.24.106","src_port":443,"dest_ip":"192.168.0.177","dest_port":40670,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2769190875,"tcpack":455243356,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:27.568219+0800","flow_id":193884489994801,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45104,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1459587916,"tcpack":2570752288,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:27.595790+0800","flow_id":2240797336320905,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":45780,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":77,"bytes_toclient":0,"start":"2023-07-22T08:48:55.980478+0800","end":"2023-07-22T08:48:55.980478+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:27.596199+0800","flow_id":799785417162160,"in_iface":"eth2","event_type":"flow","src_ip":"142.250.199.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":41524,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":13,"pkts_toclient":0,"bytes_toserver":10635,"bytes_toclient":0,"start":"2023-07-22T08:48:50.907110+0800","end":"2023-07-22T08:48:51.035158+0800","age":1,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:27.596400+0800","flow_id":507254080323004,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":58363,"dest_ip":"142.251.220.86","dest_port":443,"proto":"UDP","app_proto":"quic","flow":{"pkts_toserver":102,"pkts_toclient":0,"bytes_toserver":11225,"bytes_toclient":0,"start":"2023-07-22T08:48:49.314712+0800","end":"2023-07-22T08:48:56.113912+0800","age":7,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:27.596726+0800","flow_id":1109085781016582,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":46750,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":102,"bytes_toclient":0,"start":"2023-07-22T08:48:51.782517+0800","end":"2023-07-22T08:48:51.782517+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:27.597069+0800","flow_id":104675649307265,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":43007,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":193,"bytes_toclient":0,"start":"2023-07-22T08:48:56.024371+0800","end":"2023-07-22T08:48:56.024371+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:27.597497+0800","flow_id":98248198965486,"in_iface":"eth2","event_type":"flow","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":44604,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":3692,"bytes_toclient":0,"start":"2023-07-22T08:48:56.088411+0800","end":"2023-07-22T08:48:56.154673+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:27.597915+0800","flow_id":30108340309088,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":48660,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":93,"bytes_toclient":0,"start":"2023-07-22T08:48:56.007010+0800","end":"2023-07-22T08:48:56.007010+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:27.598336+0800","flow_id":1285350802377892,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":51998,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":84,"bytes_toclient":0,"start":"2023-07-22T08:48:52.364805+0800","end":"2023-07-22T08:48:52.364805+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:27.598634+0800","flow_id":1109837084675313,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":35935,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":114,"bytes_toclient":0,"start":"2023-07-22T08:48:51.782692+0800","end":"2023-07-22T08:48:51.782692+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:27.599028+0800","flow_id":37212578172807,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":39603,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":139,"bytes_toclient":0,"start":"2023-07-22T08:48:56.336344+0800","end":"2023-07-22T08:48:56.336344+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:27.599337+0800","flow_id":814939173933118,"in_iface":"eth2","event_type":"flow","src_ip":"162.159.200.123","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:50.189742+0800","end":"2023-07-22T08:48:50.189742+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:27.599654+0800","flow_id":266275017380293,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":59180,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":134,"bytes_toclient":0,"start":"2023-07-22T08:48:56.389676+0800","end":"2023-07-22T08:48:56.389676+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:27.599975+0800","flow_id":80184653304677,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":43565,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":337,"bytes_toclient":0,"start":"2023-07-22T08:48:56.018669+0800","end":"2023-07-22T08:48:56.018669+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:27.600417+0800","flow_id":1024702148171259,"in_iface":"eth2","event_type":"flow","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":60554,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":12,"pkts_toclient":0,"bytes_toserver":8499,"bytes_toclient":0,"start":"2023-07-22T08:48:51.828406+0800","end":"2023-07-22T08:48:51.949094+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:27.600591+0800","flow_id":11304388647414,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":60414,"dest_ip":"216.58.203.65","dest_port":443,"proto":"UDP","app_proto":"quic","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":1779,"bytes_toclient":0,"start":"2023-07-22T08:48:56.395848+0800","end":"2023-07-22T08:48:56.476410+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:27.600726+0800","flow_id":662663794318082,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":41524,"dest_ip":"142.250.199.78","dest_port":443,"proto":"UDP","app_proto":"quic","flow":{"pkts_toserver":11,"pkts_toclient":0,"bytes_toserver":2520,"bytes_toclient":0,"start":"2023-07-22T08:48:50.875184+0800","end":"2023-07-22T08:48:51.003139+0800","age":1,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:27.662135+0800","flow_id":1999424223872940,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":48897,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":26519,"rrname":"safebrowsing.googleapis.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:49:27.703376+0800","flow_id":2176554965214439,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38850,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":248539869,"tcpack":260322006,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:27.821859+0800","flow_id":111570069957493,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45116,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2681953858,"tcpack":3695131078,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:27.822064+0800","flow_id":111568049991605,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45122,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2264493109,"tcpack":3721154265,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:27.834768+0800","flow_id":127054364387501,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.220.42","src_port":443,"dest_ip":"192.168.0.177","dest_port":56548,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":78858308,"tcpack":3577302899,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:27.857575+0800","flow_id":162815411822615,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45106,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1261884186,"tcpack":2537779004,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:27.868460+0800","flow_id":194954826696313,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.24.106","src_port":443,"dest_ip":"192.168.0.177","dest_port":40670,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2769190875,"tcpack":455243356,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:27.873915+0800","flow_id":193884489994801,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45104,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1459587916,"tcpack":2570752288,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:27.952397+0800","flow_id":2120190754599125,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38862,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4294329006,"tcpack":3811993320,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:28.006635+0800","flow_id":2176554965214439,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38850,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":248539869,"tcpack":260322006,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:28.127750+0800","flow_id":111570069957493,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45116,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2681953858,"tcpack":3695131078,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:28.132549+0800","flow_id":111568049991605,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45122,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2264493109,"tcpack":3721154265,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:28.141377+0800","flow_id":127054364387501,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.220.42","src_port":443,"dest_ip":"192.168.0.177","dest_port":56548,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":78858308,"tcpack":3577302899,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:28.257355+0800","flow_id":2120190754599125,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38862,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4294329006,"tcpack":3811993320,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:28.270271+0800","flow_id":672500195315536,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51214,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":387957548,"tcpack":658293686,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:28.622665+0800","flow_id":1375281545141936,"in_iface":"eth2","event_type":"flow","src_ip":"17.253.84.253","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:52.189135+0800","end":"2023-07-22T08:48:52.189135+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:28.623089+0800","flow_id":573164581347613,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":35565,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":74,"bytes_toclient":0,"start":"2023-07-22T08:48:50.198986+0800","end":"2023-07-22T08:48:50.198986+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:28.623534+0800","flow_id":862651392713250,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":40274,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":85,"bytes_toclient":0,"start":"2023-07-22T08:48:51.528531+0800","end":"2023-07-22T08:48:51.528531+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:28.623856+0800","flow_id":191212724216654,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":35274,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":93,"bytes_toclient":0,"start":"2023-07-22T08:48:56.306664+0800","end":"2023-07-22T08:48:56.306664+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:28.624197+0800","flow_id":947536083215790,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":57115,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:48:51.744903+0800","end":"2023-07-22T08:48:51.744903+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:28.624630+0800","flow_id":1273019210394907,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":50590,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":94,"bytes_toclient":0,"start":"2023-07-22T08:48:52.558541+0800","end":"2023-07-22T08:48:52.558541+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:28.624995+0800","flow_id":296535022825549,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.122","src_port":58332,"dest_ip":"192.168.0.1","dest_port":853,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:48:01.593330+0800","end":"2023-07-22T08:48:21.494888+0800","age":20,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:28.625344+0800","flow_id":1259583865286833,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":35946,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":84,"bytes_toclient":0,"start":"2023-07-22T08:48:52.489877+0800","end":"2023-07-22T08:48:52.489877+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:28.625704+0800","flow_id":2240646943011241,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":48660,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":77,"bytes_toclient":0,"start":"2023-07-22T08:48:55.980443+0800","end":"2023-07-22T08:48:55.980443+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:28.626091+0800","flow_id":1040877566031346,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":54796,"dest_ip":"172.217.31.1","dest_port":443,"proto":"UDP","app_proto":"quic","flow":{"pkts_toserver":14,"pkts_toclient":0,"bytes_toserver":2677,"bytes_toclient":0,"start":"2023-07-22T08:48:51.570028+0800","end":"2023-07-22T08:48:51.770346+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:28.626471+0800","flow_id":881049418397738,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":55604,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":114,"bytes_toclient":0,"start":"2023-07-22T08:48:51.794959+0800","end":"2023-07-22T08:48:51.794959+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:28.626967+0800","flow_id":2061331506134560,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":36616,"dest_ip":"125.64.3.135","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:48:15.676549+0800","end":"2023-07-22T08:48:24.721211+0800","age":9,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:28.723168+0800","flow_id":2176554965214439,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38850,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":248539869,"tcpack":260322006,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:28.979733+0800","flow_id":2120190754599125,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38862,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4294329006,"tcpack":3811993320,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:29.193169+0800","flow_id":1747465020235212,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41888,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2419583731,"tcpack":3296804684,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:29.252741+0800","flow_id":1747465020235212,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41888,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2419583731,"tcpack":3296804684,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:29.459305+0800","flow_id":283850436135219,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.100","src_port":52905,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":44945,"rrname":"amazon.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:49:29.567779+0800","flow_id":986661794867240,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41194,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3996231890,"tcpack":1563178582,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:29.649228+0800","flow_id":309367683547292,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":853,"dest_ip":"192.168.0.122","dest_port":58332,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":360,"bytes_toclient":0,"start":"2023-07-22T08:48:01.596318+0800","end":"2023-07-22T08:48:21.499020+0800","age":20,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:29.649654+0800","flow_id":47992755126866,"in_iface":"eth2","event_type":"flow","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":38970,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":247,"pkts_toclient":0,"bytes_toserver":276167,"bytes_toclient":0,"start":"2023-07-22T08:48:48.994214+0800","end":"2023-07-22T08:48:56.420101+0800","age":8,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:29.650141+0800","flow_id":2110232438441239,"in_iface":"eth2","event_type":"flow","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":36616,"proto":"TCP","flow":{"pkts_toserver":8,"pkts_toclient":0,"bytes_toserver":592,"bytes_toclient":0,"start":"2023-07-22T08:48:15.753470+0800","end":"2023-07-22T08:48:24.800319+0800","age":9,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:29.650603+0800","flow_id":119881444494360,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":37267,"dest_ip":"172.217.24.106","dest_port":443,"proto":"UDP","app_proto":"quic","flow":{"pkts_toserver":21,"pkts_toclient":0,"bytes_toserver":3621,"bytes_toclient":0,"start":"2023-07-22T08:48:56.027912+0800","end":"2023-07-22T08:48:56.246086+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:29.651180+0800","flow_id":2244922120739109,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":43565,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":81,"bytes_toclient":0,"start":"2023-07-22T08:48:55.981438+0800","end":"2023-07-22T08:48:55.981438+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:29.651533+0800","flow_id":528007411997567,"in_iface":"eth2","event_type":"flow","src_ip":"fe80:0000:0000:0000:68ba:73ff:fea0:e476","dest_ip":"ff02:0000:0000:0000:0000:0000:0000:0002","proto":"IPv6-ICMP","icmp_type":133,"icmp_code":0,"flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":70,"bytes_toclient":0,"start":"2023-07-22T08:48:57.057400+0800","end":"2023-07-22T08:48:57.057400+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:29.651867+0800","flow_id":169583786466263,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":44604,"dest_ip":"142.250.204.99","dest_port":443,"proto":"UDP","app_proto":"quic","flow":{"pkts_toserver":4,"pkts_toclient":0,"bytes_toserver":1900,"bytes_toclient":0,"start":"2023-07-22T08:48:56.039484+0800","end":"2023-07-22T08:48:56.151937+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:29.652181+0800","flow_id":1243726611291373,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":35946,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":84,"bytes_toclient":0,"start":"2023-07-22T08:48:52.486185+0800","end":"2023-07-22T08:48:52.486185+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:29.652648+0800","flow_id":2198797859037551,"in_iface":"eth1","event_type":"flow","src_ip":"fe80:0000:0000:0000:6cba:73ff:fea0:e476","dest_ip":"ff02:0000:0000:0000:0000:0000:0000:0002","proto":"IPv6-ICMP","icmp_type":133,"icmp_code":0,"flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":420,"bytes_toclient":0,"start":"2023-07-22T08:47:51.905163+0800","end":"2023-07-22T08:48:57.740962+0800","age":66,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:29.850966+0800","flow_id":922650848497169,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48722,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1542798123,"tcpack":2656666502,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:29.856471+0800","flow_id":949645883086967,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48730,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":692061498,"tcpack":3316410762,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:29.874551+0800","flow_id":194954826696313,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.24.106","src_port":443,"dest_ip":"192.168.0.177","dest_port":40670,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2769190875,"tcpack":455243356,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:29.884728+0800","flow_id":1374096837292686,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41200,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1825941106,"tcpack":384691083,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:29.891572+0800","flow_id":950341419977161,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44898,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3509851206,"tcpack":176478161,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:29.905658+0800","flow_id":193884489994801,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45104,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1459587916,"tcpack":2570752288,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:29.910677+0800","flow_id":162815411822615,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45106,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1261884186,"tcpack":2537779004,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:30.075044+0800","flow_id":1349188034731632,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48750,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2599180908,"tcpack":1060443933,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:30.107797+0800","flow_id":1349733794323144,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44902,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3686819252,"tcpack":2270904086,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:30.112453+0800","flow_id":1350974201271751,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4095868906,"tcpack":2428611954,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:30.148660+0800","flow_id":127054364387501,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.220.42","src_port":443,"dest_ip":"192.168.0.177","dest_port":56548,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":78858308,"tcpack":3577302899,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:30.163550+0800","flow_id":111568049991605,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45122,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2264493109,"tcpack":3721154265,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:30.191057+0800","flow_id":111570069957493,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45116,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2681953858,"tcpack":3695131078,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:30.268448+0800","flow_id":672500195315536,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51214,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":387957548,"tcpack":658293686,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:30.345326+0800","flow_id":1338119739940270,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47576,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1498290446,"tcpack":407765849,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:30.599875+0800","flow_id":1300738865302964,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3915955563,"tcpack":3225922527,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:30.675799+0800","flow_id":191210115572739,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":39603,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":93,"bytes_toclient":0,"start":"2023-07-22T08:48:56.306663+0800","end":"2023-07-22T08:48:56.306663+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:30.676262+0800","flow_id":125124625704478,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":38970,"dest_ip":"142.251.130.14","dest_port":443,"proto":"UDP","app_proto":"quic","flow":{"pkts_toserver":91,"pkts_toclient":0,"bytes_toserver":24767,"bytes_toclient":0,"start":"2023-07-22T08:48:48.946636+0800","end":"2023-07-22T08:48:56.383907+0800","age":8,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:30.730450+0800","flow_id":2176554965214439,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38850,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":248539869,"tcpack":260322006,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:31.002468+0800","flow_id":2120190754599125,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38862,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4294329006,"tcpack":3811993320,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:31.703991+0800","flow_id":2061334949022171,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":40778,"dest_ip":"125.64.3.134","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:48:15.676549+0800","end":"2023-07-22T08:48:24.721697+0800","age":9,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:31.704409+0800","flow_id":195268541762212,"in_iface":"eth2","event_type":"flow","src_ip":"216.58.203.65","src_port":443,"dest_ip":"192.168.0.177","dest_port":60414,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":9,"pkts_toclient":0,"bytes_toserver":8025,"bytes_toclient":0,"start":"2023-07-22T08:48:56.438680+0800","end":"2023-07-22T08:48:56.495151+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:31.786830+0800","event_type":"stats","stats":{"uptime":104,"capture":{"kernel_packets":2763,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":449071,"poll_signal":0,"poll_timeout":15264,"poll_data":433807,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":2771,"bytes":1263040,"invalid":0,"ipv4":2398,"ipv6":40,"ethernet":2771,"arp":127,"unknown_ethertype":206,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1004,"udp":1390,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":40,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":455,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":353,"synack":619,"rst":13,"active_sessions":56,"sessions":73,"ssn_memcap_drop":0,"ssn_from_cache":1,"ssn_from_pool":72,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9705632,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":393,"active":160,"tcp":148,"udp":229,"icmpv4":2,"icmpv6":14,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":1,"flows_evicted_pkt_inject":1,"flows_evicted":2,"flows_injected":1,"flows_injected_max":0},"end":{"state":{"new":233,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":17,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":14,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":710,"flows_notimeout":479,"flows_timeout":231,"flows_evicted":231,"flows_evicted_needs_work":1},"spare":10030,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":230,"queue_avg":0,"queue_max":4},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":40,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":12,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":77,"nfs_udp":0,"krb5_udp":0,"failed_udp":96},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":20,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":12,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":79,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:49:32.281308+0800","flow_id":672500195315536,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51214,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":387957548,"tcpack":658293686,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:32.704906+0800","flow_id":130752304860841,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":38250,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":73,"bytes_toclient":0,"start":"2023-07-22T08:48:56.358123+0800","end":"2023-07-22T08:48:56.358123+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:32.705221+0800","flow_id":535170813547220,"in_iface":"eth2","event_type":"flow","src_ip":"209.58.185.100","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:57.190140+0800","end":"2023-07-22T08:48:57.190140+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:32.705405+0800","flow_id":827636030788821,"in_iface":"eth2","event_type":"flow","src_ip":"157.119.101.135","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:58.192699+0800","end":"2023-07-22T08:48:58.192699+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:32.705612+0800","flow_id":160885632685639,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.122","src_port":43232,"dest_ip":"27.185.201.156","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:48:16.365139+0800","end":"2023-07-22T08:48:29.701967+0800","age":13,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:32.705842+0800","flow_id":2169454298423016,"in_iface":"eth2","event_type":"flow","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":40778,"proto":"TCP","flow":{"pkts_toserver":8,"pkts_toclient":0,"bytes_toserver":592,"bytes_toclient":0,"start":"2023-07-22T08:48:15.767259+0800","end":"2023-07-22T08:48:24.811050+0800","age":9,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:32.706116+0800","flow_id":268378585785336,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":38250,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":146,"bytes_toclient":0,"start":"2023-07-22T08:48:56.390166+0800","end":"2023-07-22T08:48:56.390166+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:32.706292+0800","flow_id":66774665750344,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":35274,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":151,"bytes_toclient":0,"start":"2023-07-22T08:48:56.343227+0800","end":"2023-07-22T08:48:56.343227+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:32.706451+0800","flow_id":363883917568039,"in_iface":"eth2","event_type":"flow","src_ip":"142.251.220.86","src_port":443,"dest_ip":"192.168.0.177","dest_port":58363,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":430,"pkts_toclient":0,"bytes_toserver":578441,"bytes_toclient":0,"start":"2023-07-22T08:48:49.346867+0800","end":"2023-07-22T08:48:56.106629+0800","age":7,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:32.733822+0800","flow_id":2245128175514179,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":43007,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":81,"bytes_toclient":0,"start":"2023-07-22T08:48:55.981486+0800","end":"2023-07-22T08:48:55.981486+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:32.733983+0800","flow_id":251607949539454,"in_iface":"eth2","event_type":"flow","src_ip":"172.217.24.106","src_port":443,"dest_ip":"192.168.0.177","dest_port":37267,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":62,"pkts_toclient":0,"bytes_toserver":75903,"bytes_toclient":0,"start":"2023-07-22T08:48:56.058582+0800","end":"2023-07-22T08:48:56.274975+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:32.742316+0800","flow_id":2176554965214439,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38850,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":248539869,"tcpack":260322006,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:32.937898+0800","flow_id":1213492626953159,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":33686,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":30837,"rrname":"safebrowsing.googleapis.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:49:33.028359+0800","flow_id":2120190754599125,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38862,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4294329006,"tcpack":3811993320,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:33.256882+0800","flow_id":1747465020235212,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41888,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2419583731,"tcpack":3296804684,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:33.302979+0800","flow_id":1582763096891204,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4998,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":1896819944,"tcpack":911540923,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:33.505944+0800","flow_id":1969451156594589,"in_iface":"eth2","event_type":"drop","src_ip":"151.101.109.140","src_port":443,"dest_ip":"192.168.0.177","dest_port":35516,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":50,"ipid":0,"tcpseq":3958351163,"tcpack":488097785,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:33.734344+0800","flow_id":1737387556698479,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":51210,"dest_ip":"1.13.11.21","dest_port":50443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":434,"bytes_toclient":0,"start":"2023-07-22T08:48:14.535589+0800","end":"2023-07-22T08:48:26.150258+0800","age":12,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:33.734564+0800","flow_id":464424224326065,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"209.58.185.100","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:57.173668+0800","end":"2023-07-22T08:48:57.173668+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:33.734701+0800","flow_id":1580009558409789,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4982,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:48:21.630018+0800","end":"2023-07-22T08:48:28.941236+0800","age":7,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:33.734826+0800","flow_id":1555482805766071,"in_iface":"eth1","event_type":"flow","src_ip":"fe80:0000:0000:0000:7c0d:b9ff:fe07:7405","dest_ip":"ff02:0000:0000:0000:0000:0000:0000:0002","proto":"IPv6-ICMP","icmp_type":133,"icmp_code":0,"flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":70,"bytes_toclient":0,"start":"2023-07-22T08:49:01.493236+0800","end":"2023-07-22T08:49:01.493236+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:33.759014+0800","flow_id":129407620124762,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":59180,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":73,"bytes_toclient":0,"start":"2023-07-22T08:48:56.357810+0800","end":"2023-07-22T08:48:56.357810+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:33.759627+0800","flow_id":1763646998877658,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":43884,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":74,"bytes_toclient":0,"start":"2023-07-22T08:49:02.017415+0800","end":"2023-07-22T08:49:02.017415+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:33.759859+0800","flow_id":202098252815668,"in_iface":"eth2","event_type":"flow","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.122","dest_port":43232,"proto":"TCP","flow":{"pkts_toserver":13,"pkts_toclient":0,"bytes_toserver":962,"bytes_toclient":0,"start":"2023-07-22T08:48:16.440270+0800","end":"2023-07-22T08:48:31.644340+0800","age":15,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:33.760143+0800","flow_id":228053425888578,"in_iface":"eth2","event_type":"flow","src_ip":"27.185.201.156","src_port":80,"dest_ip":"192.168.0.122","dest_port":46488,"proto":"TCP","flow":{"pkts_toserver":13,"pkts_toclient":0,"bytes_toserver":962,"bytes_toclient":0,"start":"2023-07-22T08:48:16.446313+0800","end":"2023-07-22T08:48:31.632371+0800","age":15,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:33.760329+0800","flow_id":156313190637793,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":45780,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":105,"bytes_toclient":0,"start":"2023-07-22T08:48:56.036394+0800","end":"2023-07-22T08:48:56.036394+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:33.760490+0800","flow_id":746098400272643,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"157.119.101.135","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:48:58.173714+0800","end":"2023-07-22T08:48:58.173714+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:33.760652+0800","flow_id":160889325593334,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.122","src_port":46488,"dest_ip":"27.185.201.156","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:48:16.365139+0800","end":"2023-07-22T08:48:29.701722+0800","age":13,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:33.760928+0800","flow_id":1028259058854272,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":46124,"dest_ip":"192.168.0.255","dest_port":20002,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":1021,"bytes_toclient":0,"start":"2023-07-22T08:48:59.436018+0800","end":"2023-07-22T08:48:59.436018+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:33.763426+0800","flow_id":1921585296563476,"in_iface":"eth2","event_type":"drop","src_ip":"151.101.109.140","src_port":443,"dest_ip":"192.168.0.177","dest_port":35528,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":50,"ipid":0,"tcpseq":3984642788,"tcpack":744231031,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:33.905822+0800","flow_id":194954826696313,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.24.106","src_port":443,"dest_ip":"192.168.0.177","dest_port":40670,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2769190875,"tcpack":455243356,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:33.938539+0800","flow_id":193884489994801,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45104,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1459587916,"tcpack":2570752288,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:33.938540+0800","flow_id":162815411822615,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45106,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1261884186,"tcpack":2537779004,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:34.181296+0800","flow_id":127054364387501,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.220.42","src_port":443,"dest_ip":"192.168.0.177","dest_port":56548,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":78858308,"tcpack":3577302899,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:34.194984+0800","flow_id":111568049991605,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45122,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2264493109,"tcpack":3721154265,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:34.223604+0800","flow_id":111570069957493,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45116,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2681953858,"tcpack":3695131078,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:34.268568+0800","flow_id":672500195315536,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51214,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":387957548,"tcpack":658293686,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:34.316539+0800","flow_id":1582763096891204,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4998,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":1896819944,"tcpack":911540923,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:34.327005+0800","flow_id":1582763096891204,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4998,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":1896819944,"tcpack":911540923,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:34.532634+0800","flow_id":1969451156594589,"in_iface":"eth2","event_type":"drop","src_ip":"151.101.109.140","src_port":443,"dest_ip":"192.168.0.177","dest_port":35516,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":50,"ipid":0,"tcpseq":3958351163,"tcpack":488097785,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:34.779706+0800","flow_id":1921585296563476,"in_iface":"eth2","event_type":"drop","src_ip":"151.101.109.140","src_port":443,"dest_ip":"192.168.0.177","dest_port":35528,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":50,"ipid":0,"tcpseq":3984642788,"tcpack":744231031,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:34.785940+0800","flow_id":1768477191877619,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":41876,"dest_ip":"185.125.188.132","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:48:30.673899+0800","end":"2023-07-22T08:48:33.792487+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:34.785962+0800","flow_id":1912453885246186,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":37740,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":125,"bytes_toclient":0,"start":"2023-07-22T08:49:02.052061+0800","end":"2023-07-22T08:49:02.052061+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:34.982778+0800","flow_id":2176554965214439,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38850,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":248539869,"tcpack":260322006,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:35.757801+0800","flow_id":2128834374158605,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":53943,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":8849,"rrname":"connectivity-check.ubuntu.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:49:35.786470+0800","flow_id":1896014029177591,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":59571,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":81,"bytes_toclient":0,"start":"2023-07-22T08:49:02.048234+0800","end":"2023-07-22T08:49:02.048234+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:35.786838+0800","flow_id":1711566978532506,"in_iface":"eth2","event_type":"flow","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51210,"proto":"TCP","flow":{"pkts_toserver":10,"pkts_toclient":0,"bytes_toserver":620,"bytes_toclient":0,"start":"2023-07-22T08:48:14.595113+0800","end":"2023-07-22T08:48:32.291830+0800","age":18,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:35.787037+0800","flow_id":691532935120342,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":34578,"dest_ip":"94.74.89.198","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:48:18.488690+0800","end":"2023-07-22T08:48:30.171602+0800","age":12,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:35.787244+0800","flow_id":1920267286137355,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":59571,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":81,"bytes_toclient":0,"start":"2023-07-22T08:49:02.053881+0800","end":"2023-07-22T08:49:02.053881+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:35.809906+0800","flow_id":664549424751812,"in_iface":"eth2","event_type":"flow","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":34578,"proto":"TCP","flow":{"pkts_toserver":8,"pkts_toclient":0,"bytes_toserver":592,"bytes_toclient":0,"start":"2023-07-22T08:48:18.547943+0800","end":"2023-07-22T08:48:30.234855+0800","age":12,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:35.998720+0800","flow_id":2037673139653514,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.190.18","src_port":80,"dest_ip":"192.168.0.177","dest_port":53738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":51,"ipid":0,"tcpseq":3783398238,"tcpack":575535466,"tcpwin":65160,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:36.297877+0800","flow_id":672500195315536,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51214,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":387957548,"tcpack":658293686,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:36.334350+0800","flow_id":1582763096891204,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4998,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":1896819944,"tcpack":911540923,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:36.507435+0800","flow_id":1582763096891204,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4998,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":1896819944,"tcpack":911540923,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:36.624180+0800","flow_id":147559922308115,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.170","src_port":50680,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":1698,"rrname":"devs-pe.tplinkcloud.com.cn","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:49:36.834503+0800","flow_id":664891578449272,"in_iface":"eth2","event_type":"flow","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":59366,"proto":"TCP","flow":{"pkts_toserver":8,"pkts_toclient":0,"bytes_toserver":592,"bytes_toclient":0,"start":"2023-07-22T08:48:18.548023+0800","end":"2023-07-22T08:48:30.234856+0800","age":12,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:36.834792+0800","flow_id":1719546740932806,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.170","dest_port":50678,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":164,"bytes_toclient":0,"start":"2023-07-22T08:49:02.596971+0800","end":"2023-07-22T08:49:02.596971+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:36.834819+0800","flow_id":1658786657667015,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.122","src_port":34518,"dest_ip":"94.74.90.89","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:48:21.189608+0800","end":"2023-07-22T08:48:35.573484+0800","age":14,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:36.835406+0800","flow_id":1697114017237561,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":50678,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:49:02.591748+0800","end":"2023-07-22T08:49:02.591748+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:37.006201+0800","flow_id":2037673139653514,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.190.18","src_port":80,"dest_ip":"192.168.0.177","dest_port":53738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":51,"ipid":0,"tcpseq":3783398238,"tcpack":575535466,"tcpwin":65160,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:37.029660+0800","flow_id":2037673139653514,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.190.18","src_port":80,"dest_ip":"192.168.0.177","dest_port":53738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":51,"ipid":0,"tcpseq":3783398238,"tcpack":575535466,"tcpwin":65160,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:37.059498+0800","flow_id":2120190754599125,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38862,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4294329006,"tcpack":3811993320,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:37.835958+0800","flow_id":692878066194032,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":59366,"dest_ip":"94.74.90.89","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:48:18.489003+0800","end":"2023-07-22T08:48:30.171878+0800","age":12,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:37.836313+0800","flow_id":464674965428373,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"119.28.230.190","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:05.173726+0800","end":"2023-07-22T08:49:05.173726+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:37.859239+0800","flow_id":1889871556452613,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":43884,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":167,"bytes_toclient":0,"start":"2023-07-22T08:49:02.046804+0800","end":"2023-07-22T08:49:02.046804+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:38.885965+0800","flow_id":540552733808961,"in_iface":"eth2","event_type":"flow","src_ip":"119.28.230.190","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:05.191393+0800","end":"2023-07-22T08:49:05.191393+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:39.015300+0800","flow_id":2176554965214439,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38850,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":248539869,"tcpack":260322006,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:39.048230+0800","flow_id":2037673139653514,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.190.18","src_port":80,"dest_ip":"192.168.0.177","dest_port":53738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":51,"ipid":0,"tcpseq":3783398238,"tcpack":575535466,"tcpwin":65160,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:39.216899+0800","flow_id":931574455658295,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":59600,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":52222,"rrname":"connectivity-check.ubuntu.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:49:39.679093+0800","flow_id":946358258903471,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51215,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":2382485318,"tcpack":659103186,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:39.708689+0800","flow_id":1073474550779826,"in_iface":"eth2","event_type":"drop","src_ip":"122.248.242.180","src_port":443,"dest_ip":"192.168.0.100","dest_port":41334,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":3079941655,"tcpack":497761647,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:39.795120+0800","event_type":"stats","stats":{"uptime":112,"capture":{"kernel_packets":2857,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":530802,"poll_signal":0,"poll_timeout":16654,"poll_data":514148,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":2859,"bytes":1270910,"invalid":0,"ipv4":2464,"ipv6":40,"ethernet":2859,"arp":130,"unknown_ethertype":225,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1061,"udp":1399,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":40,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":444,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":366,"synack":663,"rst":13,"active_sessions":50,"sessions":75,"ssn_memcap_drop":0,"ssn_from_cache":1,"ssn_from_pool":74,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9705120,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":406,"active":133,"tcp":152,"udp":238,"icmpv4":2,"icmpv6":14,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":3,"flows_evicted_pkt_inject":3,"flows_evicted":2,"flows_injected":3,"flows_injected_max":0},"end":{"state":{"new":273,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":25,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":15,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":771,"flows_notimeout":500,"flows_timeout":271,"flows_evicted":271,"flows_evicted_needs_work":3},"spare":10068,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":268,"queue_avg":0,"queue_max":8},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":42,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":12,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":80,"nfs_udp":0,"krb5_udp":0,"failed_udp":100},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":21,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":12,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":82,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:49:39.914174+0800","flow_id":1620073117287843,"in_iface":"eth2","event_type":"flow","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.122","dest_port":34518,"proto":"TCP","flow":{"pkts_toserver":8,"pkts_toclient":0,"bytes_toserver":592,"bytes_toclient":0,"start":"2023-07-22T08:48:21.246130+0800","end":"2023-07-22T08:48:35.629070+0800","age":14,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:39.914435+0800","flow_id":1763647542561316,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":37740,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":74,"bytes_toclient":0,"start":"2023-07-22T08:49:02.017415+0800","end":"2023-07-22T08:49:02.017415+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:40.330848+0800","flow_id":672500195315536,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51214,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":387957548,"tcpack":658293686,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:40.623590+0800","flow_id":1582763096891204,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4998,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":1896819944,"tcpack":911540923,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:40.701558+0800","flow_id":1073474550779826,"in_iface":"eth2","event_type":"drop","src_ip":"122.248.242.180","src_port":443,"dest_ip":"192.168.0.100","dest_port":41334,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":3079941655,"tcpack":497761647,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:40.714821+0800","flow_id":946358258903471,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51215,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":2382485318,"tcpack":659103186,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:40.939396+0800","flow_id":1590621412698047,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"118.143.17.83","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:09.173737+0800","end":"2023-07-22T08:49:09.173737+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:41.066142+0800","flow_id":2037673139653514,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.190.18","src_port":80,"dest_ip":"192.168.0.177","dest_port":53738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":51,"ipid":0,"tcpseq":3783398238,"tcpack":575535466,"tcpwin":65160,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:41.277129+0800","flow_id":946358258903471,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51215,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":2382485318,"tcpack":659103186,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:41.705383+0800","flow_id":1073474550779826,"in_iface":"eth2","event_type":"drop","src_ip":"122.248.242.180","src_port":443,"dest_ip":"192.168.0.100","dest_port":41334,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":3079941655,"tcpack":497761647,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:41.965022+0800","flow_id":1646300058210061,"in_iface":"eth2","event_type":"flow","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.122","dest_port":48198,"proto":"TCP","flow":{"pkts_toserver":8,"pkts_toclient":0,"bytes_toserver":592,"bytes_toclient":0,"start":"2023-07-22T08:48:21.252237+0800","end":"2023-07-22T08:48:35.640324+0800","age":14,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:42.395088+0800","flow_id":1696892541747112,"in_iface":"eth1","event_type":"quic","src_ip":"192.168.0.177","src_port":54026,"dest_ip":"142.251.130.14","dest_port":443,"proto":"UDP","pkt_src":"wire/pcap","quic":{"version":"1","sni":"www.youtube.com","ja3":{"hash":"2a18e6bf307f97c5e27f0ab407dc65db","string":"771,4865-4867-4866,0-23-65281-10-16-5-34-51-42-43-13-45-28-57-41,29-23-24-25-256-257-258-259-260,"},"extensions":[{"name":"server_name","type":0,"values":["www.youtube.com"]},{"name":"extended_master_secret","type":23},{"name":"renegotiation_info","type":65281},{"name":"supported_groups","type":10},{"name":"alpn","type":16,"values":["h3"]},{"name":"status_request","type":5},{"name":"delegated_credentials","type":34},{"name":"key_share","type":51},{"name":"early_data","type":42},{"name":"supported_versions","type":43},{"name":"signature_algorithms","type":13},{"name":"psk_key_exchange_modes","type":45},{"name":"record_size_limit","type":28},{"name":"quic_transport_parameters","type":57},{"name":"pre_shared_key","type":41}]}}
{"timestamp":"2023-07-22T08:49:42.702444+0800","flow_id":1073474550779826,"in_iface":"eth2","event_type":"drop","src_ip":"122.248.242.180","src_port":443,"dest_ip":"192.168.0.100","dest_port":41334,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":3079941655,"tcpack":497761647,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:42.795156+0800","flow_id":1726322911912469,"in_iface":"eth1","event_type":"quic","src_ip":"192.168.0.177","src_port":43541,"dest_ip":"142.251.220.86","dest_port":443,"proto":"UDP","pkt_src":"wire/pcap","quic":{"version":"1","sni":"i.ytimg.com","ja3":{"hash":"2a18e6bf307f97c5e27f0ab407dc65db","string":"771,4865-4867-4866,0-23-65281-10-16-5-34-51-42-43-13-45-28-57-41,29-23-24-25-256-257-258-259-260,"},"extensions":[{"name":"server_name","type":0,"values":["i.ytimg.com"]},{"name":"extended_master_secret","type":23},{"name":"renegotiation_info","type":65281},{"name":"supported_groups","type":10},{"name":"alpn","type":16,"values":["h3"]},{"name":"status_request","type":5},{"name":"delegated_credentials","type":34},{"name":"key_share","type":51},{"name":"early_data","type":42},{"name":"supported_versions","type":43},{"name":"signature_algorithms","type":13},{"name":"psk_key_exchange_modes","type":45},{"name":"record_size_limit","type":28},{"name":"quic_transport_parameters","type":57},{"name":"pre_shared_key","type":41}]}}
{"timestamp":"2023-07-22T08:49:42.995451+0800","flow_id":1652660854774678,"in_iface":"eth2","event_type":"flow","src_ip":"118.143.17.83","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:09.188182+0800","end":"2023-07-22T08:49:09.188182+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:42.996193+0800","flow_id":1656957815944572,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.122","src_port":48198,"dest_ip":"94.74.90.89","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:48:21.189182+0800","end":"2023-07-22T08:48:35.573484+0800","age":14,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:43.092908+0800","flow_id":2087890843009670,"in_iface":"eth1","event_type":"quic","src_ip":"192.168.0.177","src_port":54603,"dest_ip":"142.251.220.13","dest_port":443,"proto":"UDP","pkt_src":"wire/pcap","quic":{"version":"1","sni":"accounts.google.com","ja3":{"hash":"2a18e6bf307f97c5e27f0ab407dc65db","string":"771,4865-4867-4866,0-23-65281-10-16-5-34-51-42-43-13-45-28-57-41,29-23-24-25-256-257-258-259-260,"},"extensions":[{"name":"server_name","type":0,"values":["accounts.google.com"]},{"name":"extended_master_secret","type":23},{"name":"renegotiation_info","type":65281},{"name":"supported_groups","type":10},{"name":"alpn","type":16,"values":["h3"]},{"name":"status_request","type":5},{"name":"delegated_credentials","type":34},{"name":"key_share","type":51},{"name":"early_data","type":42},{"name":"supported_versions","type":43},{"name":"signature_algorithms","type":13},{"name":"psk_key_exchange_modes","type":45},{"name":"record_size_limit","type":28},{"name":"quic_transport_parameters","type":57},{"name":"pre_shared_key","type":41}]}}
{"timestamp":"2023-07-22T08:49:43.106520+0800","flow_id":2037673139653514,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.190.18","src_port":80,"dest_ip":"192.168.0.177","dest_port":53738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":51,"ipid":0,"tcpseq":3783398238,"tcpack":575535466,"tcpwin":65160,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:43.178671+0800","flow_id":2176554965214439,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38850,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":248539869,"tcpack":260322006,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:43.273378+0800","flow_id":946358258903471,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51215,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":2382485318,"tcpack":659103186,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:44.020787+0800","flow_id":1590626843891243,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"223.255.185.3","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:09.173738+0800","end":"2023-07-22T08:49:09.173738+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:44.220369+0800","flow_id":102056085725176,"in_iface":"eth1","event_type":"quic","src_ip":"192.168.0.177","src_port":51223,"dest_ip":"142.250.199.78","dest_port":443,"proto":"UDP","pkt_src":"wire/pcap","quic":{"version":"1","sni":"youtube.com","ja3":{"hash":"2a18e6bf307f97c5e27f0ab407dc65db","string":"771,4865-4867-4866,0-23-65281-10-16-5-34-51-42-43-13-45-28-57-41,29-23-24-25-256-257-258-259-260,"},"extensions":[{"name":"server_name","type":0,"values":["youtube.com"]},{"name":"extended_master_secret","type":23},{"name":"renegotiation_info","type":65281},{"name":"supported_groups","type":10},{"name":"alpn","type":16,"values":["h3"]},{"name":"status_request","type":5},{"name":"delegated_credentials","type":34},{"name":"key_share","type":51},{"name":"early_data","type":42},{"name":"supported_versions","type":43},{"name":"signature_algorithms","type":13},{"name":"psk_key_exchange_modes","type":45},{"name":"record_size_limit","type":28},{"name":"quic_transport_parameters","type":57},{"name":"pre_shared_key","type":41}]}}
{"timestamp":"2023-07-22T08:49:44.713917+0800","flow_id":1073474550779826,"in_iface":"eth2","event_type":"drop","src_ip":"122.248.242.180","src_port":443,"dest_ip":"192.168.0.100","dest_port":41334,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":3079941655,"tcpack":497761647,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:44.868031+0800","flow_id":68990661541867,"in_iface":"eth1","event_type":"quic","src_ip":"192.168.0.177","src_port":58990,"dest_ip":"172.217.31.1","dest_port":443,"proto":"UDP","pkt_src":"wire/pcap","quic":{"version":"1","sni":"yt3.googleusercontent.com","ja3":{"hash":"2a18e6bf307f97c5e27f0ab407dc65db","string":"771,4865-4867-4866,0-23-65281-10-16-5-34-51-42-43-13-45-28-57-41,29-23-24-25-256-257-258-259-260,"},"extensions":[{"name":"server_name","type":0,"values":["yt3.googleusercontent.com"]},{"name":"extended_master_secret","type":23},{"name":"renegotiation_info","type":65281},{"name":"supported_groups","type":10},{"name":"alpn","type":16,"values":["h3"]},{"name":"status_request","type":5},{"name":"delegated_credentials","type":34},{"name":"key_share","type":51},{"name":"early_data","type":42},{"name":"supported_versions","type":43},{"name":"signature_algorithms","type":13},{"name":"psk_key_exchange_modes","type":45},{"name":"record_size_limit","type":28},{"name":"quic_transport_parameters","type":57},{"name":"pre_shared_key","type":41}]}}
{"timestamp":"2023-07-22T08:49:45.277804+0800","flow_id":946358258903471,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51215,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":2382485318,"tcpack":659103186,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:45.581245+0800","flow_id":526105876795050,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":53456,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":46761,"rrname":"encrypted-tbn1.gstatic.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:49:45.581245+0800","flow_id":526104013199908,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":56223,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":15550,"rrname":"encrypted-tbn1.gstatic.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:49:45.782855+0800","flow_id":547589840879800,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54166,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1189254602,"tcpack":625243591,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:46.029289+0800","flow_id":688745750283095,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54172,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3482312322,"tcpack":2145283298,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:46.072206+0800","flow_id":152240833512293,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":8533,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:49:12.952950+0800","end":"2023-07-22T08:49:12.952950+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:46.072955+0800","flow_id":1672959028974125,"in_iface":"eth2","event_type":"flow","src_ip":"223.255.185.3","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:09.192908+0800","end":"2023-07-22T08:49:09.192908+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:46.073191+0800","flow_id":1826211547864118,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41876,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:48:30.883950+0800","end":"2023-07-22T08:48:40.258512+0800","age":10,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:46.073379+0800","flow_id":270049089249395,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.120","dest_port":8533,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":301,"bytes_toclient":0,"start":"2023-07-22T08:49:12.980379+0800","end":"2023-07-22T08:49:12.980379+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:46.079130+0800","flow_id":547589840879800,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54166,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1189254602,"tcpack":625243591,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:46.335633+0800","flow_id":688745750283095,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54172,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3482312322,"tcpack":2145283298,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:46.554345+0800","flow_id":692045478575606,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41892,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":457880647,"tcpack":2672647133,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:46.798298+0800","flow_id":547589840879800,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54166,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1189254602,"tcpack":625243591,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:47.018602+0800","flow_id":924322803799446,"in_iface":"eth1","event_type":"quic","src_ip":"192.168.0.177","src_port":46273,"dest_ip":"142.250.207.78","dest_port":443,"proto":"UDP","pkt_src":"wire/pcap","quic":{"version":"1","sni":"encrypted-tbn1.gstatic.com","ja3":{"hash":"b719940c5ab9a3373cb4475d8143ff88","string":"771,4865-4867-4866,0-23-65281-10-16-5-34-51-43-13-45-28-57-21,29-23-24-25-256-257-258-259-260,"},"extensions":[{"name":"server_name","type":0,"values":["encrypted-tbn1.gstatic.com"]},{"name":"extended_master_secret","type":23},{"name":"renegotiation_info","type":65281},{"name":"supported_groups","type":10},{"name":"alpn","type":16,"values":["h3"]},{"name":"status_request","type":5},{"name":"delegated_credentials","type":34},{"name":"key_share","type":51},{"name":"supported_versions","type":43},{"name":"signature_algorithms","type":13},{"name":"psk_key_exchange_modes","type":45},{"name":"record_size_limit","type":28},{"name":"quic_transport_parameters","type":57},{"name":"padding","type":21}]}}
{"timestamp":"2023-07-22T08:49:47.049392+0800","flow_id":688745750283095,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54172,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3482312322,"tcpack":2145283298,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:47.146467+0800","flow_id":2037673139653514,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.190.18","src_port":80,"dest_ip":"192.168.0.177","dest_port":53738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":51,"ipid":0,"tcpseq":3783398238,"tcpack":575535466,"tcpwin":65160,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:47.282408+0800","flow_id":946358258903471,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51215,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":2382485318,"tcpack":659103186,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:47.567904+0800","flow_id":692045478575606,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41892,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":457880647,"tcpack":2672647133,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:47.577557+0800","flow_id":692045478575606,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41892,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":457880647,"tcpack":2672647133,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:47.802293+0800","event_type":"stats","stats":{"uptime":120,"capture":{"kernel_packets":3218,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":575162,"poll_signal":0,"poll_timeout":17818,"poll_data":557344,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":3240,"bytes":1546896,"invalid":0,"ipv4":2827,"ipv6":40,"ethernet":3240,"arp":132,"unknown_ethertype":241,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1100,"udp":1723,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":40,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":477,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":377,"synack":691,"rst":13,"active_sessions":54,"sessions":80,"ssn_memcap_drop":0,"ssn_from_cache":3,"ssn_from_pool":77,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9705248,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":435,"active":154,"tcp":162,"udp":257,"icmpv4":2,"icmpv6":14,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":4,"flows_evicted_pkt_inject":4,"flows_evicted":2,"flows_injected":4,"flows_injected_max":0},"end":{"state":{"new":281,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":26,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":16,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":798,"flows_notimeout":519,"flows_timeout":279,"flows_evicted":279,"flows_evicted_needs_work":4},"spare":10074,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":275,"queue_avg":0,"queue_max":8},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":42,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":18,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":83,"nfs_udp":0,"krb5_udp":0,"failed_udp":110},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":21,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":18,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":85,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:49:48.124120+0800","flow_id":150424177379253,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":43701,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:49:12.952527+0800","end":"2023-07-22T08:49:12.952527+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:48.124685+0800","flow_id":1663439987776810,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":4986,"dest_ip":"185.125.188.133","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:48:37.846051+0800","end":"2023-07-22T08:48:41.045846+0800","age":4,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:48.125393+0800","flow_id":2096267068088018,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":51211,"dest_ip":"146.56.252.164","dest_port":50443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":434,"bytes_toclient":0,"start":"2023-07-22T08:48:31.553611+0800","end":"2023-07-22T08:48:43.166441+0800","age":12,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:48.823408+0800","flow_id":547589840879800,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54166,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1189254602,"tcpack":625243591,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:48.828719+0800","flow_id":1307524615131812,"in_iface":"eth1","event_type":"quic","src_ip":"192.168.0.177","src_port":41495,"dest_ip":"172.217.24.106","dest_port":443,"proto":"UDP","pkt_src":"wire/pcap","quic":{"version":"1","sni":"jnn-pa.googleapis.com","ja3":{"hash":"2a18e6bf307f97c5e27f0ab407dc65db","string":"771,4865-4867-4866,0-23-65281-10-16-5-34-51-42-43-13-45-28-57-41,29-23-24-25-256-257-258-259-260,"},"extensions":[{"name":"server_name","type":0,"values":["jnn-pa.googleapis.com"]},{"name":"extended_master_secret","type":23},{"name":"renegotiation_info","type":65281},{"name":"supported_groups","type":10},{"name":"alpn","type":16,"values":["h3"]},{"name":"status_request","type":5},{"name":"delegated_credentials","type":34},{"name":"key_share","type":51},{"name":"early_data","type":42},{"name":"supported_versions","type":43},{"name":"signature_algorithms","type":13},{"name":"psk_key_exchange_modes","type":45},{"name":"record_size_limit","type":28},{"name":"quic_transport_parameters","type":57},{"name":"pre_shared_key","type":41}]}}
{"timestamp":"2023-07-22T08:49:48.936324+0800","flow_id":1073474550779826,"in_iface":"eth2","event_type":"drop","src_ip":"122.248.242.180","src_port":443,"dest_ip":"192.168.0.100","dest_port":41334,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":3079941655,"tcpack":497761647,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:49.063111+0800","flow_id":688745750283095,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54172,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3482312322,"tcpack":2145283298,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:49.153367+0800","flow_id":1503134941597902,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59484,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1056016610,"tcpack":3296224975,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:49.283789+0800","flow_id":946358258903471,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51215,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":2382485318,"tcpack":659103186,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:49.410503+0800","flow_id":1481622634028862,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1534785576,"tcpack":3682152478,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:49.458440+0800","flow_id":1503134941597902,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59484,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1056016610,"tcpack":3296224975,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:49.578276+0800","flow_id":692045478575606,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41892,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":457880647,"tcpack":2672647133,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:49.713926+0800","flow_id":1481622634028862,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1534785576,"tcpack":3682152478,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:49.728665+0800","flow_id":692045478575606,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41892,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":457880647,"tcpack":2672647133,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:50.179535+0800","flow_id":1871974387340734,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"223.255.185.2","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:18.173709+0800","end":"2023-07-22T08:49:18.173709+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:50.179752+0800","flow_id":251834550901064,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.120","dest_port":43701,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":301,"bytes_toclient":0,"start":"2023-07-22T08:49:12.976138+0800","end":"2023-07-22T08:49:12.976138+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:50.195716+0800","flow_id":1503134941597902,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59484,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1056016610,"tcpack":3296224975,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:50.407722+0800","flow_id":1481622634028862,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1534785576,"tcpack":3682152478,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:50.831540+0800","flow_id":547589840879800,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54166,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1189254602,"tcpack":625243591,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:51.071512+0800","flow_id":688745750283095,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54172,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3482312322,"tcpack":2145283298,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:51.180642+0800","flow_id":601025373987842,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":44390,"dest_ip":"192.168.0.255","dest_port":20002,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":1021,"bytes_toclient":0,"start":"2023-07-22T08:49:14.795297+0800","end":"2023-07-22T08:49:14.795297+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:51.204394+0800","flow_id":1936396707888976,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4986,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:48:38.057636+0800","end":"2023-07-22T08:48:47.369838+0800","age":9,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:51.281550+0800","flow_id":946358258903471,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51215,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":2382485318,"tcpack":659103186,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:51.300100+0800","flow_id":2037673139653514,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.190.18","src_port":80,"dest_ip":"192.168.0.177","dest_port":53738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":51,"ipid":0,"tcpseq":3783398238,"tcpack":575535466,"tcpwin":65160,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:52.202810+0800","flow_id":1503134941597902,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59484,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1056016610,"tcpack":3296224975,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:52.230603+0800","flow_id":1955141964210946,"in_iface":"eth2","event_type":"flow","src_ip":"223.255.185.2","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:18.193072+0800","end":"2023-07-22T08:49:18.193072+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:52.429474+0800","flow_id":1481622634028862,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1534785576,"tcpack":3682152478,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:52.923987+0800","flow_id":547589840879800,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54166,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1189254602,"tcpack":625243591,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:53.161724+0800","flow_id":688745750283095,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54172,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3482312322,"tcpack":2145283298,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:53.321544+0800","flow_id":946358258903471,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51215,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":2382485318,"tcpack":659103186,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:53.639637+0800","flow_id":495424196509945,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.170","src_port":50681,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":1699,"rrname":"devs-pe.tplinkcloud.com.cn","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:49:53.743931+0800","flow_id":692045478575606,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41892,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":457880647,"tcpack":2672647133,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:53.790345+0800","flow_id":298284602254041,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5002,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2873410539,"tcpack":1938216464,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:54.251054+0800","flow_id":1503134941597902,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59484,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1056016610,"tcpack":3296224975,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:54.283544+0800","flow_id":150558507099141,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":41880,"dest_ip":"185.125.188.132","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:48:48.100590+0800","end":"2023-07-22T08:48:51.286058+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:54.283948+0800","flow_id":2049477770111923,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":50679,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:49:19.608253+0800","end":"2023-07-22T08:49:19.608253+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:54.284152+0800","flow_id":2076236713915225,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.170","dest_port":50679,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":164,"bytes_toclient":0,"start":"2023-07-22T08:49:19.614483+0800","end":"2023-07-22T08:49:19.614483+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:54.434493+0800","flow_id":1481622634028862,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1534785576,"tcpack":3682152478,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:54.803163+0800","flow_id":298284602254041,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5002,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2873410539,"tcpack":1938216464,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:54.807918+0800","flow_id":298284602254041,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5002,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2873410539,"tcpack":1938216464,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:55.310725+0800","flow_id":1419204167370709,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":36238,"dest_ip":"34.120.208.123","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:47:49.133826+0800","end":"2023-07-22T08:48:53.233922+0800","age":64,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:55.311021+0800","flow_id":2050811258510708,"in_iface":"eth2","event_type":"flow","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51211,"proto":"TCP","flow":{"pkts_toserver":10,"pkts_toclient":0,"bytes_toserver":620,"bytes_toclient":0,"start":"2023-07-22T08:48:31.608563+0800","end":"2023-07-22T08:48:49.283381+0800","age":18,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:49:55.630676+0800","flow_id":1065929755652415,"in_iface":"eth2","event_type":"drop","src_ip":"203.205.254.125","src_port":443,"dest_ip":"192.168.0.120","dest_port":37790,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":209,"tos":104,"ttl":54,"ipid":6873,"tcpseq":2361333913,"tcpack":54125386,"tcpwin":161,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:55.808771+0800","event_type":"stats","stats":{"uptime":128,"capture":{"kernel_packets":3565,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":610776,"poll_signal":0,"poll_timeout":18930,"poll_data":591846,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":3574,"bytes":1774719,"invalid":0,"ipv4":3147,"ipv6":40,"ethernet":3574,"arp":132,"unknown_ethertype":255,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1143,"udp":2000,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":40,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":496,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":398,"synack":713,"rst":13,"active_sessions":55,"sessions":83,"ssn_memcap_drop":0,"ssn_from_cache":4,"ssn_from_pool":79,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9705248,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":452,"active":159,"tcp":167,"udp":269,"icmpv4":2,"icmpv6":14,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":6,"flows_evicted_pkt_inject":6,"flows_evicted":2,"flows_injected":6,"flows_injected_max":0},"end":{"state":{"new":293,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":28,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":17,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":849,"flows_notimeout":558,"flows_timeout":291,"flows_evicted":291,"flows_evicted_needs_work":6},"spare":10085,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":285,"queue_avg":0,"queue_max":8},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":50,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":84,"nfs_udp":0,"krb5_udp":0,"failed_udp":112},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":25,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":86,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:49:56.241965+0800","flow_id":1503134941597902,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59484,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1056016610,"tcpack":3296224975,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:56.490422+0800","flow_id":1481622634028862,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1534785576,"tcpack":3682152478,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:56.688884+0800","flow_id":1269885772622294,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51216,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1654773147,"tcpack":659912754,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:49:56.747802+0800","flow_id":1349188034731632,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48750,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4081657290,"tcpack":1060443933,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:56.747425+0800","flow_id":922650848497169,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48722,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3377164554,"tcpack":2656666502,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:56.747090+0800","flow_id":986661794867240,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41194,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2470950191,"tcpack":1563178582,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:56.764807+0800","flow_id":1374096837292686,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41200,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1156045344,"tcpack":384691083,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:56.765021+0800","flow_id":1338119739940270,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47576,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2151277092,"tcpack":407765849,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:56.765375+0800","flow_id":949645883086967,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48730,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3440171,"tcpack":3316410762,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:56.765621+0800","flow_id":950341419977161,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44898,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":290104983,"tcpack":176478161,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:56.765112+0800","flow_id":1350974201271751,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2135386973,"tcpack":2428611954,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:56.765907+0800","flow_id":1300738865302964,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2443299563,"tcpack":3225922527,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:56.765711+0800","flow_id":1349733794323144,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44902,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1302521129,"tcpack":2270904086,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:56.818723+0800","flow_id":298284602254041,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5002,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2873410539,"tcpack":1938216464,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:56.976918+0800","flow_id":547589840879800,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54166,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1189254602,"tcpack":625243591,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:56.982741+0800","flow_id":298284602254041,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5002,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2873410539,"tcpack":1938216464,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:57.051861+0800","flow_id":1349188034731632,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48750,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4081657290,"tcpack":1060443933,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:57.052061+0800","flow_id":922650848497169,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48722,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3377164554,"tcpack":2656666502,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:57.051839+0800","flow_id":986661794867240,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41194,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2470950191,"tcpack":1563178582,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:57.072647+0800","flow_id":1300738865302964,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2443299563,"tcpack":3225922527,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:57.072696+0800","flow_id":949645883086967,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48730,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3440171,"tcpack":3316410762,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:57.077617+0800","flow_id":1350974201271751,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2135386973,"tcpack":2428611954,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:57.077617+0800","flow_id":1349733794323144,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44902,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1302521129,"tcpack":2270904086,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:57.066816+0800","flow_id":1374096837292686,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41200,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1156045344,"tcpack":384691083,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:57.072556+0800","flow_id":1338119739940270,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47576,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2151277092,"tcpack":407765849,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:57.066860+0800","flow_id":950341419977161,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44898,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":290104983,"tcpack":176478161,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:57.214154+0800","flow_id":688745750283095,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54172,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3482312322,"tcpack":2145283298,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:57.352322+0800","flow_id":946358258903471,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51215,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":2382485318,"tcpack":659103186,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:57.364439+0800","flow_id":868187564460200,"in_iface":"eth2","event_type":"flow","src_ip":"45.11.104.223","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:23.202140+0800","end":"2023-07-22T08:49:23.202140+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:49:57.365194+0800","flow_id":1173451395754877,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":60276,"dest_ip":"182.239.127.168","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:48:52.666431+0800","end":"2023-07-22T08:48:55.698498+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:57.738190+0800","flow_id":1269885772622294,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51216,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1654773147,"tcpack":659912754,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:58.302260+0800","flow_id":1269885772622294,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51216,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1654773147,"tcpack":659912754,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:59.076163+0800","flow_id":1300738865302964,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2443299563,"tcpack":3225922527,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:59.089737+0800","flow_id":1349733794323144,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44902,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1302521129,"tcpack":2270904086,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:59.100741+0800","flow_id":986661794867240,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41194,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2470950191,"tcpack":1563178582,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:59.110357+0800","flow_id":1338119739940270,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47576,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2151277092,"tcpack":407765849,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:59.113910+0800","flow_id":949645883086967,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48730,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3440171,"tcpack":3316410762,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:59.120664+0800","flow_id":1349188034731632,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48750,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4081657290,"tcpack":1060443933,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:59.120664+0800","flow_id":922650848497169,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48722,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3377164554,"tcpack":2656666502,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:59.126255+0800","flow_id":950341419977161,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44898,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":290104983,"tcpack":176478161,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:59.132219+0800","flow_id":1374096837292686,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41200,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1156045344,"tcpack":384691083,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:59.137045+0800","flow_id":1350974201271751,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2135386973,"tcpack":2428611954,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:59.308801+0800","flow_id":2176554965214439,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38850,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1001019672,"tcpack":260322006,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:49:59.415985+0800","flow_id":1126788097577292,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":60290,"dest_ip":"182.239.127.168","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:48:52.917710+0800","end":"2023-07-22T08:48:55.954386+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:59.416030+0800","flow_id":399719370595813,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":51380,"dest_ip":"192.168.0.1","dest_port":853,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:48:01.420746+0800","end":"2023-07-22T08:48:54.128569+0800","age":53,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:49:59.616238+0800","flow_id":2176554965214439,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38850,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1001019672,"tcpack":260322006,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:00.266107+0800","flow_id":1503134941597902,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59484,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1056016610,"tcpack":3296224975,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:00.300889+0800","flow_id":1269885772622294,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51216,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1654773147,"tcpack":659912754,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:00.416596+0800","flow_id":411612083791719,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":853,"dest_ip":"192.168.0.120","dest_port":51380,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":420,"bytes_toclient":0,"start":"2023-07-22T08:48:01.423515+0800","end":"2023-07-22T08:48:54.132031+0800","age":53,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:00.416904+0800","flow_id":1027482950381618,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"45.11.104.223","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:23.173693+0800","end":"2023-07-22T08:49:23.173693+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:00.442644+0800","flow_id":2070398464703734,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":48897,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":103,"bytes_toclient":0,"start":"2023-07-22T08:49:27.678660+0800","end":"2023-07-22T08:49:27.678660+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:00.514799+0800","flow_id":1481622634028862,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1534785576,"tcpack":3682152478,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:00.863729+0800","flow_id":162815411822615,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45106,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2998010932,"tcpack":2537779004,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:00.863956+0800","flow_id":193884489994801,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45104,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3727348916,"tcpack":2570752288,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:00.864639+0800","flow_id":194954826696313,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.24.106","src_port":443,"dest_ip":"192.168.0.177","dest_port":40670,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1879500145,"tcpack":455243356,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:00.864027+0800","flow_id":111568049991605,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45122,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2729270001,"tcpack":3721154265,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:00.864405+0800","flow_id":111570069957493,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45116,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3316085095,"tcpack":3695131078,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:00.864304+0800","flow_id":127054364387501,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.220.42","src_port":443,"dest_ip":"192.168.0.177","dest_port":56548,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2949232003,"tcpack":3577302899,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:01.100904+0800","flow_id":547589840879800,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54166,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1189254602,"tcpack":625243591,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:01.106368+0800","flow_id":298284602254041,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5002,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":2873410539,"tcpack":1938216464,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:01.164571+0800","flow_id":127054364387501,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.220.42","src_port":443,"dest_ip":"192.168.0.177","dest_port":56548,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2949232003,"tcpack":3577302899,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:01.170650+0800","flow_id":162815411822615,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45106,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2998010932,"tcpack":2537779004,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:01.176400+0800","flow_id":193884489994801,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45104,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3727348916,"tcpack":2570752288,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:01.170650+0800","flow_id":111570069957493,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45116,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3316085095,"tcpack":3695131078,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:01.170781+0800","flow_id":194954826696313,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.24.106","src_port":443,"dest_ip":"192.168.0.177","dest_port":40670,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1879500145,"tcpack":455243356,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:01.170781+0800","flow_id":111568049991605,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45122,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2729270001,"tcpack":3721154265,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:01.356519+0800","flow_id":688745750283095,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54172,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3482312322,"tcpack":2145283298,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:01.443157+0800","flow_id":283850436135219,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":52905,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":70,"bytes_toclient":0,"start":"2023-07-22T08:49:29.459305+0800","end":"2023-07-22T08:49:29.459305+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:01.443427+0800","flow_id":1665594909020624,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":36252,"dest_ip":"34.120.208.123","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:47:49.387801+0800","end":"2023-07-22T08:48:53.233922+0800","age":64,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"02","tcp_flags_ts":"02","tcp_flags_tc":"00","syn":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:01.469504+0800","flow_id":1172642523865531,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":60272,"dest_ip":"182.239.127.168","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:48:52.666243+0800","end":"2023-07-22T08:48:55.698497+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:01.469572+0800","flow_id":1127830484181688,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":60300,"dest_ip":"182.239.127.168","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:48:52.917953+0800","end":"2023-07-22T08:48:55.954387+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:01.469772+0800","flow_id":1104791079906287,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":34276,"dest_ip":"125.64.3.134","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:48:35.388301+0800","end":"2023-07-22T08:48:58.737092+0800","age":23,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:01.469862+0800","flow_id":302680135596453,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.100","dest_port":52905,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":118,"bytes_toclient":0,"start":"2023-07-22T08:49:29.463689+0800","end":"2023-07-22T08:49:29.463689+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:01.664341+0800","flow_id":2176554965214439,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38850,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1001019672,"tcpack":260322006,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:02.301938+0800","flow_id":1269885772622294,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51216,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1654773147,"tcpack":659912754,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:02.494698+0800","flow_id":1264934024282909,"in_iface":"eth2","event_type":"flow","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60272,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:48:52.687731+0800","end":"2023-07-22T08:49:01.760015+0800","age":9,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:02.495047+0800","flow_id":1999424223872940,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":48897,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":87,"bytes_toclient":0,"start":"2023-07-22T08:49:27.662135+0800","end":"2023-07-22T08:49:27.662135+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:03.110464+0800","flow_id":1300738865302964,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2443299563,"tcpack":3225922527,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:03.120659+0800","flow_id":1349733794323144,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44902,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1302521129,"tcpack":2270904086,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:03.130771+0800","flow_id":986661794867240,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41194,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2470950191,"tcpack":1563178582,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:03.142669+0800","flow_id":1338119739940270,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47576,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2151277092,"tcpack":407765849,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:03.147344+0800","flow_id":1349188034731632,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48750,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":4081657290,"tcpack":1060443933,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:03.147450+0800","flow_id":922650848497169,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48722,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3377164554,"tcpack":2656666502,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:03.147343+0800","flow_id":949645883086967,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48730,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3440171,"tcpack":3316410762,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:03.153676+0800","flow_id":950341419977161,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44898,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":290104983,"tcpack":176478161,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:03.165859+0800","flow_id":1374096837292686,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41200,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1156045344,"tcpack":384691083,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:03.172134+0800","flow_id":1350974201271751,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48738,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2135386973,"tcpack":2428611954,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:03.184640+0800","flow_id":127054364387501,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.220.42","src_port":443,"dest_ip":"192.168.0.177","dest_port":56548,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2949232003,"tcpack":3577302899,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:03.177792+0800","flow_id":111570069957493,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45116,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3316085095,"tcpack":3695131078,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:03.196049+0800","flow_id":193884489994801,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45104,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3727348916,"tcpack":2570752288,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:03.190425+0800","flow_id":111568049991605,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45122,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2729270001,"tcpack":3721154265,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:03.201943+0800","flow_id":162815411822615,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45106,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2998010932,"tcpack":2537779004,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:03.226605+0800","flow_id":194954826696313,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.24.106","src_port":443,"dest_ip":"192.168.0.177","dest_port":40670,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1879500145,"tcpack":455243356,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:03.495517+0800","flow_id":261804269474403,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41880,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:48:48.323100+0800","end":"2023-07-22T08:48:57.679552+0800","age":9,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:03.495989+0800","flow_id":901097827440801,"in_iface":"eth2","event_type":"flow","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":34276,"proto":"TCP","flow":{"pkts_toserver":14,"pkts_toclient":0,"bytes_toserver":1036,"bytes_toclient":0,"start":"2023-07-22T08:48:35.471947+0800","end":"2023-07-22T08:48:58.822688+0800","age":23,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:03.518947+0800","flow_id":1305304229063041,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":33686,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":115,"bytes_toclient":0,"start":"2023-07-22T08:49:32.959274+0800","end":"2023-07-22T08:49:32.959274+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:03.519315+0800","flow_id":613474204169227,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":35308,"dest_ip":"192.168.0.255","dest_port":20002,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":1021,"bytes_toclient":0,"start":"2023-07-22T08:49:30.142835+0800","end":"2023-07-22T08:49:30.142835+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:03.519501+0800","flow_id":1545928256501303,"in_iface":"eth2","event_type":"flow","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36238,"proto":"TCP","flow":{"pkts_toserver":16,"pkts_toclient":0,"bytes_toserver":1184,"bytes_toclient":0,"start":"2023-07-22T08:47:49.163331+0800","end":"2023-07-22T08:48:59.632756+0800","age":70,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:03.815544+0800","event_type":"stats","stats":{"uptime":136,"capture":{"kernel_packets":3699,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":641429,"poll_signal":0,"poll_timeout":20300,"poll_data":621129,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":3703,"bytes":1785480,"invalid":0,"ipv4":3251,"ipv6":42,"ethernet":3703,"arp":136,"unknown_ethertype":274,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1238,"udp":2009,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":42,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":482,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":425,"synack":780,"rst":13,"active_sessions":47,"sessions":84,"ssn_memcap_drop":0,"ssn_from_cache":5,"ssn_from_pool":79,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9705216,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":466,"active":153,"tcp":170,"udp":278,"icmpv4":2,"icmpv6":16,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":12,"flows_evicted_pkt_inject":12,"flows_evicted":2,"flows_injected":12,"flows_injected_max":0},"end":{"state":{"new":313,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":37,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":18,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":933,"flows_notimeout":620,"flows_timeout":313,"flows_evicted":313,"flows_evicted_needs_work":12},"spare":10097,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":299,"queue_avg":0,"queue_max":8},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":58,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":84,"nfs_udp":0,"krb5_udp":0,"failed_udp":113},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":29,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":86,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:50:04.302283+0800","flow_id":1269885772622294,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51216,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1654773147,"tcpack":659912754,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:04.424238+0800","flow_id":1503134941597902,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59484,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1056016610,"tcpack":3296224975,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:04.544338+0800","flow_id":1590303092687892,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"47.243.51.23","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:33.173663+0800","end":"2023-07-22T08:49:33.173663+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:04.544622+0800","flow_id":1264036626286535,"in_iface":"eth2","event_type":"flow","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60276,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:48:52.687522+0800","end":"2023-07-22T08:49:01.760014+0800","age":9,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:04.544759+0800","flow_id":1105965432754953,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":56034,"dest_ip":"27.185.201.156","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:48:35.388574+0800","end":"2023-07-22T08:48:58.736781+0800","age":23,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:04.686287+0800","flow_id":1481622634028862,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1534785576,"tcpack":3682152478,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:05.570767+0800","flow_id":2053920016956820,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4990,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:48:55.543751+0800","end":"2023-07-22T08:49:02.984019+0800","age":7,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:05.571093+0800","flow_id":2022457626658441,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":4990,"dest_ip":"185.125.188.133","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:48:55.339818+0800","end":"2023-07-22T08:48:58.539245+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:05.571151+0800","flow_id":921257727820093,"in_iface":"eth2","event_type":"flow","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":56034,"proto":"TCP","flow":{"pkts_toserver":14,"pkts_toclient":0,"bytes_toserver":1036,"bytes_toclient":0,"start":"2023-07-22T08:48:35.476641+0800","end":"2023-07-22T08:48:58.811670+0800","age":23,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:05.697363+0800","flow_id":2176554965214439,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38850,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1001019672,"tcpack":260322006,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:06.316000+0800","flow_id":1269885772622294,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51216,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1654773147,"tcpack":659912754,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:06.326012+0800","flow_id":1269885772622294,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51216,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1654773147,"tcpack":659912754,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:06.595255+0800","flow_id":1658389654408042,"in_iface":"eth2","event_type":"flow","src_ip":"47.243.51.23","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:33.189515+0800","end":"2023-07-22T08:49:33.189515+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:06.595710+0800","flow_id":1449726617391670,"in_iface":"eth2","event_type":"flow","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":36252,"proto":"TCP","flow":{"pkts_toserver":16,"pkts_toclient":0,"bytes_toserver":1184,"bytes_toclient":0,"start":"2023-07-22T08:47:49.403076+0800","end":"2023-07-22T08:48:59.622866+0800","age":70,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:07.206300+0800","flow_id":111570069957493,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45116,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3316085095,"tcpack":3695131078,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:07.215429+0800","flow_id":127054364387501,"in_iface":"eth2","event_type":"drop","src_ip":"142.251.220.42","src_port":443,"dest_ip":"192.168.0.177","dest_port":56548,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2949232003,"tcpack":3577302899,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:07.227970+0800","flow_id":193884489994801,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45104,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3727348916,"tcpack":2570752288,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:07.222716+0800","flow_id":111568049991605,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45122,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2729270001,"tcpack":3721154265,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:07.234451+0800","flow_id":162815411822615,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45106,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2998010932,"tcpack":2537779004,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:07.258296+0800","flow_id":194954826696313,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.24.106","src_port":443,"dest_ip":"192.168.0.177","dest_port":40670,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1879500145,"tcpack":455243356,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:07.620373+0800","flow_id":194312280033264,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":51212,"dest_ip":"1.13.11.21","dest_port":50443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":434,"bytes_toclient":0,"start":"2023-07-22T08:48:48.569529+0800","end":"2023-07-22T08:49:00.182886+0800","age":12,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:07.620924+0800","flow_id":2128834374158605,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":53943,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":89,"bytes_toclient":0,"start":"2023-07-22T08:49:35.757801+0800","end":"2023-07-22T08:49:35.757801+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:08.052122+0800","flow_id":223864158811903,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41896,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2474404128,"tcpack":1217752448,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:08.298143+0800","flow_id":1269885772622294,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51216,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1654773147,"tcpack":659912754,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:08.621396+0800","flow_id":1195846254742208,"in_iface":"eth2","event_type":"flow","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60290,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:48:52.933789+0800","end":"2023-07-22T08:49:02.014012+0800","age":10,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:08.646568+0800","flow_id":1140159543924784,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":53018,"dest_ip":"94.74.89.198","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:48:52.658680+0800","end":"2023-07-22T08:49:07.987754+0800","age":15,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:08.646932+0800","flow_id":1194941631653457,"in_iface":"eth2","event_type":"flow","src_ip":"182.239.127.168","src_port":443,"dest_ip":"192.168.0.177","dest_port":60300,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:48:52.933579+0800","end":"2023-07-22T08:49:02.020095+0800","age":10,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:09.064649+0800","flow_id":223864158811903,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41896,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2474404128,"tcpack":1217752448,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:09.076392+0800","flow_id":223864158811903,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41896,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2474404128,"tcpack":1217752448,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:09.672201+0800","flow_id":1138281986160797,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":45228,"dest_ip":"94.74.90.89","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:48:52.658242+0800","end":"2023-07-22T08:49:07.987963+0800","age":15,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:09.672873+0800","flow_id":1213492626953159,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":33686,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":87,"bytes_toclient":0,"start":"2023-07-22T08:49:32.937898+0800","end":"2023-07-22T08:49:32.937898+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:09.673093+0800","flow_id":147559922308115,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":50680,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:49:36.624180+0800","end":"2023-07-22T08:49:36.624180+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:10.654121+0800","flow_id":839103834263623,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.170","src_port":50682,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":1700,"rrname":"devs-pe.tplinkcloud.com.cn","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:50:10.697071+0800","flow_id":169630392430983,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.170","dest_port":50680,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":164,"bytes_toclient":0,"start":"2023-07-22T08:49:36.629319+0800","end":"2023-07-22T08:49:36.629319+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:11.084809+0800","flow_id":223864158811903,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41896,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2474404128,"tcpack":1217752448,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:11.294012+0800","flow_id":223864158811903,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41896,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2474404128,"tcpack":1217752448,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:11.724545+0800","flow_id":581994565976004,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":41884,"dest_ip":"185.125.188.132","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:49:06.594258+0800","end":"2023-07-22T08:49:09.632643+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:11.725001+0800","flow_id":1009257596178561,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":59600,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":257,"bytes_toclient":0,"start":"2023-07-22T08:49:39.234986+0800","end":"2023-07-22T08:49:39.234986+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:11.822748+0800","event_type":"stats","stats":{"uptime":144,"capture":{"kernel_packets":3775,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":666427,"poll_signal":0,"poll_timeout":21548,"poll_data":644879,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":3778,"bytes":1791122,"invalid":0,"ipv4":3299,"ipv6":43,"ethernet":3778,"arp":145,"unknown_ethertype":291,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1280,"udp":2015,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":43,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":474,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":433,"synack":814,"rst":13,"active_sessions":42,"sessions":85,"ssn_memcap_drop":0,"ssn_from_cache":6,"ssn_from_pool":79,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9704800,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":475,"active":142,"tcp":172,"udp":284,"icmpv4":2,"icmpv6":17,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":18,"flows_evicted_pkt_inject":18,"flows_evicted":2,"flows_injected":18,"flows_injected_max":0},"end":{"state":{"new":333,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":43,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":19,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":966,"flows_notimeout":637,"flows_timeout":329,"flows_evicted":329,"flows_evicted_needs_work":16},"spare":10112,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":313,"queue_avg":0,"queue_max":8},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":62,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":85,"nfs_udp":0,"krb5_udp":0,"failed_udp":114},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":31,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":87,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:50:12.332286+0800","flow_id":1269885772622294,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51216,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1654773147,"tcpack":659912754,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:12.750314+0800","flow_id":931574455658295,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":59600,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":89,"bytes_toclient":0,"start":"2023-07-22T08:49:39.216899+0800","end":"2023-07-22T08:49:39.216899+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:13.721053+0800","flow_id":1408049770191546,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51217,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":352701400,"tcpack":660722390,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:13.750844+0800","flow_id":1971028563720710,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":53943,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":233,"bytes_toclient":0,"start":"2023-07-22T08:49:35.786595+0800","end":"2023-07-22T08:49:35.786595+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:13.751149+0800","flow_id":204240627498116,"in_iface":"eth2","event_type":"flow","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51212,"proto":"TCP","flow":{"pkts_toserver":10,"pkts_toclient":0,"bytes_toserver":620,"bytes_toclient":0,"start":"2023-07-22T08:48:48.637377+0800","end":"2023-07-22T08:49:06.346305+0800","age":18,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:14.764931+0800","flow_id":1408049770191546,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51217,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":352701400,"tcpack":660722390,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:14.800159+0800","flow_id":1378451980173069,"in_iface":"eth2","event_type":"flow","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":45228,"proto":"TCP","flow":{"pkts_toserver":8,"pkts_toclient":0,"bytes_toserver":592,"bytes_toclient":0,"start":"2023-07-22T08:48:52.714161+0800","end":"2023-07-22T08:49:08.055821+0800","age":16,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:15.314292+0800","flow_id":1408049770191546,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51217,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":352701400,"tcpack":660722390,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:15.346750+0800","flow_id":2052231745849949,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5006,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3740746263,"tcpack":1414202353,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:15.500562+0800","flow_id":223864158811903,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41896,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2474404128,"tcpack":1217752448,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:16.347789+0800","flow_id":2052231745849949,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5006,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3740746263,"tcpack":1414202353,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:16.857723+0800","flow_id":398188487014141,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":56223,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":102,"bytes_toclient":0,"start":"2023-07-22T08:49:45.616998+0800","end":"2023-07-22T08:49:45.616998+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:16.858541+0800","flow_id":526105876795050,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":53456,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:49:45.581245+0800","end":"2023-07-22T08:49:45.581245+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:17.244285+0800","flow_id":547589840879800,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54166,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":440377381,"tcpack":625243591,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:17.315653+0800","flow_id":1408049770191546,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51217,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":352701400,"tcpack":660722390,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:17.357775+0800","flow_id":2052231745849949,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5006,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3740746263,"tcpack":1414202353,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:17.495915+0800","flow_id":688745750283095,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54172,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3991248235,"tcpack":2145283298,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:17.549262+0800","flow_id":547589840879800,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54166,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":440377381,"tcpack":625243591,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:17.796432+0800","flow_id":688745750283095,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54172,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3991248235,"tcpack":2145283298,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:17.886029+0800","flow_id":102056085725176,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":51223,"dest_ip":"142.250.199.78","dest_port":443,"proto":"UDP","app_proto":"quic","flow":{"pkts_toserver":4,"pkts_toclient":0,"bytes_toserver":1707,"bytes_toclient":0,"start":"2023-07-22T08:49:44.220369+0800","end":"2023-07-22T08:49:44.284180+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:17.886433+0800","flow_id":1726322911912469,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":43541,"dest_ip":"142.251.220.86","dest_port":443,"proto":"UDP","app_proto":"quic","flow":{"pkts_toserver":48,"pkts_toclient":0,"bytes_toserver":7228,"bytes_toclient":0,"start":"2023-07-22T08:49:42.795156+0800","end":"2023-07-22T08:49:45.835027+0800","age":3,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:17.886792+0800","flow_id":1977434489791120,"in_iface":"eth2","event_type":"flow","src_ip":"142.251.220.13","src_port":443,"dest_ip":"192.168.0.177","dest_port":54603,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":20,"pkts_toclient":0,"bytes_toserver":7698,"bytes_toclient":0,"start":"2023-07-22T08:49:43.132727+0800","end":"2023-07-22T08:49:43.444822+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:18.547911+0800","flow_id":2052231745849949,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5006,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3740746263,"tcpack":1414202353,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:18.912309+0800","flow_id":1379022640036363,"in_iface":"eth2","event_type":"flow","src_ip":"94.74.89.198","src_port":80,"dest_ip":"192.168.0.120","dest_port":53018,"proto":"TCP","flow":{"pkts_toserver":11,"pkts_toclient":0,"bytes_toserver":814,"bytes_toclient":0,"start":"2023-07-22T08:48:52.714294+0800","end":"2023-07-22T08:49:15.167325+0800","age":23,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:18.913001+0800","flow_id":1016457311862143,"in_iface":"eth2","event_type":"flow","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":46273,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":9,"pkts_toclient":0,"bytes_toserver":7104,"bytes_toclient":0,"start":"2023-07-22T08:49:47.040054+0800","end":"2023-07-22T08:49:47.105011+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:18.913389+0800","flow_id":68990661541867,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":58990,"dest_ip":"172.217.31.1","dest_port":443,"proto":"UDP","app_proto":"quic","flow":{"pkts_toserver":21,"pkts_toclient":0,"bytes_toserver":3199,"bytes_toclient":0,"start":"2023-07-22T08:49:44.868031+0800","end":"2023-07-22T08:49:45.781427+0800","age":1,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:18.914132+0800","flow_id":924322803799446,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":46273,"dest_ip":"142.250.207.78","dest_port":443,"proto":"UDP","app_proto":"quic","flow":{"pkts_toserver":10,"pkts_toclient":0,"bytes_toserver":2361,"bytes_toclient":0,"start":"2023-07-22T08:49:47.018602+0800","end":"2023-07-22T08:49:47.105734+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:19.013829+0800","flow_id":903820375378227,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.100","src_port":52905,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":8251,"rrname":"reddit.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:50:19.310308+0800","flow_id":1408049770191546,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51217,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":352701400,"tcpack":660722390,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:19.461079+0800","flow_id":903820375378227,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.100","src_port":52905,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":44135,"rrname":"netflix.com","rrtype":"A","tx_id":1,"opcode":0}}
{"timestamp":"2023-07-22T08:50:19.571696+0800","flow_id":547589840879800,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54166,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":440377381,"tcpack":625243591,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:19.829989+0800","event_type":"stats","stats":{"uptime":152,"capture":{"kernel_packets":3808,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":679821,"poll_signal":0,"poll_timeout":22630,"poll_data":657191,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":3817,"bytes":1795060,"invalid":0,"ipv4":3326,"ipv6":43,"ethernet":3817,"arp":145,"unknown_ethertype":303,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1300,"udp":2022,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":43,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":470,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":440,"synack":827,"rst":13,"active_sessions":44,"sessions":87,"ssn_memcap_drop":0,"ssn_from_cache":7,"ssn_from_pool":80,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9704960,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":486,"active":143,"tcp":176,"udp":291,"icmpv4":2,"icmpv6":17,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":18,"flows_evicted_pkt_inject":18,"flows_evicted":2,"flows_injected":18,"flows_injected_max":0},"end":{"state":{"new":343,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":43,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":20,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":991,"flows_notimeout":650,"flows_timeout":341,"flows_evicted":341,"flows_evicted_needs_work":18},"spare":10123,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":323,"queue_avg":0,"queue_max":8},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":68,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":85,"nfs_udp":0,"krb5_udp":0,"failed_udp":115},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":34,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":87,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:50:19.852144+0800","flow_id":688745750283095,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54172,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3991248235,"tcpack":2145283298,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:19.948034+0800","flow_id":324029634635758,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":53456,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":114,"bytes_toclient":0,"start":"2023-07-22T08:49:45.599732+0800","end":"2023-07-22T08:49:45.599732+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:19.948319+0800","flow_id":669012338141674,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41884,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:49:06.811126+0800","end":"2023-07-22T08:49:16.105333+0800","age":10,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:19.948660+0800","flow_id":1867830243225797,"in_iface":"eth2","event_type":"flow","src_ip":"142.251.220.86","src_port":443,"dest_ip":"192.168.0.177","dest_port":43541,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":135,"pkts_toclient":0,"bytes_toserver":171574,"bytes_toclient":0,"start":"2023-07-22T08:49:42.828104+0800","end":"2023-07-22T08:49:45.843428+0800","age":3,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:19.949118+0800","flow_id":415177209672000,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":4994,"dest_ip":"185.125.188.133","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:49:13.686489+0800","end":"2023-07-22T08:49:16.885861+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:20.564937+0800","flow_id":2052231745849949,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5006,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3740746263,"tcpack":1414202353,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:20.568870+0800","flow_id":1503134941597902,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59484,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2885787874,"tcpack":3296224975,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:20.805895+0800","flow_id":1481622634028862,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3361009410,"tcpack":3682152478,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:20.872217+0800","flow_id":1503134941597902,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59484,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2885787874,"tcpack":3296224975,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:20.974104+0800","flow_id":2087890843009670,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":54603,"dest_ip":"142.251.220.13","dest_port":443,"proto":"UDP","app_proto":"quic","flow":{"pkts_toserver":13,"pkts_toclient":0,"bytes_toserver":3262,"bytes_toclient":0,"start":"2023-07-22T08:49:43.092908+0800","end":"2023-07-22T08:49:43.433554+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:20.974989+0800","flow_id":333550058409053,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":35818,"dest_ip":"125.64.3.135","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":4,"pkts_toclient":0,"bytes_toserver":296,"bytes_toclient":0,"start":"2023-07-22T08:49:13.012124+0800","end":"2023-07-22T08:49:18.154042+0800","age":5,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:20.975096+0800","flow_id":226907251284212,"in_iface":"eth2","event_type":"flow","src_ip":"172.217.31.1","src_port":443,"dest_ip":"192.168.0.177","dest_port":58990,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":104,"pkts_toclient":0,"bytes_toserver":138560,"bytes_toclient":0,"start":"2023-07-22T08:49:44.904798+0800","end":"2023-07-22T08:49:45.827947+0800","age":1,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:20.975782+0800","flow_id":237321585172809,"in_iface":"eth2","event_type":"flow","src_ip":"142.250.199.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":51223,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":8,"pkts_toclient":0,"bytes_toserver":3352,"bytes_toclient":0,"start":"2023-07-22T08:49:44.251863+0800","end":"2023-07-22T08:49:44.327756+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:21.111922+0800","flow_id":1481622634028862,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3361009410,"tcpack":3682152478,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:21.313739+0800","flow_id":1408049770191546,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51217,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":352701400,"tcpack":660722390,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:22.006268+0800","flow_id":989086095058518,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":37780,"dest_ip":"94.74.90.89","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:49:15.951185+0800","end":"2023-07-22T08:49:18.966483+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:22.006496+0800","flow_id":1696892541747112,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":54026,"dest_ip":"142.251.130.14","dest_port":443,"proto":"UDP","app_proto":"quic","flow":{"pkts_toserver":48,"pkts_toclient":0,"bytes_toserver":12357,"bytes_toclient":0,"start":"2023-07-22T08:49:42.395088+0800","end":"2023-07-22T08:49:49.258569+0800","age":7,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:22.006884+0800","flow_id":404226839363586,"in_iface":"eth2","event_type":"flow","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":35818,"proto":"TCP","flow":{"pkts_toserver":8,"pkts_toclient":0,"bytes_toserver":592,"bytes_toclient":0,"start":"2023-07-22T08:49:13.094116+0800","end":"2023-07-22T08:49:18.243952+0800","age":5,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:22.007656+0800","flow_id":358246061590435,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":58444,"dest_ip":"27.185.201.152","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":4,"pkts_toclient":0,"bytes_toserver":296,"bytes_toclient":0,"start":"2023-07-22T08:49:13.017874+0800","end":"2023-07-22T08:49:18.153743+0800","age":5,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:22.880894+0800","flow_id":1503134941597902,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59484,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2885787874,"tcpack":3296224975,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:23.038877+0800","flow_id":1307524615131812,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":41495,"dest_ip":"172.217.24.106","dest_port":443,"proto":"UDP","app_proto":"quic","flow":{"pkts_toserver":16,"pkts_toclient":0,"bytes_toserver":4292,"bytes_toclient":0,"start":"2023-07-22T08:49:48.828719+0800","end":"2023-07-22T08:49:49.228030+0800","age":1,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:23.039871+0800","flow_id":550744639952197,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":51213,"dest_ip":"146.56.252.164","dest_port":50443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":434,"bytes_toclient":0,"start":"2023-07-22T08:49:05.586982+0800","end":"2023-07-22T08:49:17.200146+0800","age":12,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:23.040262+0800","flow_id":438624154375564,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":54097,"dest_ip":"192.168.0.255","dest_port":20002,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":1021,"bytes_toclient":0,"start":"2023-07-22T08:49:45.495341+0800","end":"2023-07-22T08:49:45.495341+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:23.040784+0800","flow_id":526104013199908,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":56223,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:49:45.581245+0800","end":"2023-07-22T08:49:45.581245+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:23.159477+0800","flow_id":1481622634028862,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3361009410,"tcpack":3682152478,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:23.318712+0800","flow_id":1408049770191546,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51217,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":352701400,"tcpack":660722390,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:23.604280+0800","flow_id":547589840879800,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54166,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":440377381,"tcpack":625243591,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:23.883906+0800","flow_id":688745750283095,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54172,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3991248235,"tcpack":2145283298,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:24.067836+0800","flow_id":31798308079115,"in_iface":"eth2","event_type":"flow","src_ip":"58.176.194.96","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:52.204011+0800","end":"2023-07-22T08:49:52.204011+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:24.068663+0800","flow_id":288562691083771,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":48938,"dest_ip":"34.110.186.80","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:48:49.657010+0800","end":"2023-07-22T08:49:21.141642+0800","age":32,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:24.657702+0800","flow_id":2052231745849949,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5006,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3740746263,"tcpack":1414202353,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:25.095413+0800","flow_id":452144856469593,"in_iface":"eth2","event_type":"flow","src_ip":"27.185.201.152","src_port":80,"dest_ip":"192.168.0.120","dest_port":58444,"proto":"TCP","flow":{"pkts_toserver":8,"pkts_toclient":0,"bytes_toserver":592,"bytes_toclient":0,"start":"2023-07-22T08:49:13.105273+0800","end":"2023-07-22T08:49:18.230827+0800","age":5,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:25.096039+0800","flow_id":2153427696131250,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"203.9.150.169","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:51.173703+0800","end":"2023-07-22T08:49:51.173703+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:25.096649+0800","flow_id":505649179766019,"in_iface":"eth2","event_type":"flow","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51213,"proto":"TCP","flow":{"pkts_toserver":10,"pkts_toclient":0,"bytes_toserver":620,"bytes_toclient":0,"start":"2023-07-22T08:49:05.642018+0800","end":"2023-07-22T08:49:21.319956+0800","age":16,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:25.331683+0800","flow_id":1408049770191546,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51217,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":352701400,"tcpack":660722390,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:26.122360+0800","flow_id":1871815131053183,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"205.189.160.58","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:50.173671+0800","end":"2023-07-22T08:49:50.173671+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:26.122843+0800","flow_id":864278317876081,"in_iface":"eth2","event_type":"flow","src_ip":"118.143.17.82","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:55.201230+0800","end":"2023-07-22T08:49:55.201230+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:26.123417+0800","flow_id":990141964273286,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":49890,"dest_ip":"94.74.90.89","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:49:15.951431+0800","end":"2023-07-22T08:49:18.966184+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:26.123505+0800","flow_id":514189907252385,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.170","dest_port":50681,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":164,"bytes_toclient":0,"start":"2023-07-22T08:49:53.644007+0800","end":"2023-07-22T08:49:53.644007+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:26.123769+0800","flow_id":2205562225481233,"in_iface":"eth2","event_type":"flow","src_ip":"203.9.150.169","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:51.185842+0800","end":"2023-07-22T08:49:51.185842+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:26.123993+0800","flow_id":1878956935468584,"in_iface":"eth2","event_type":"flow","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":54026,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":109,"pkts_toclient":0,"bytes_toserver":92377,"bytes_toclient":0,"start":"2023-07-22T08:49:42.437478+0800","end":"2023-07-22T08:49:49.274018+0800","age":7,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:26.912254+0800","flow_id":1503134941597902,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59484,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2885787874,"tcpack":3296224975,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:27.148796+0800","flow_id":339293543521832,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":48936,"dest_ip":"34.110.186.80","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:48:49.406677+0800","end":"2023-07-22T08:49:20.885685+0800","age":31,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:27.149061+0800","flow_id":478241182773656,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4994,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:49:13.897781+0800","end":"2023-07-22T08:49:23.215224+0800","age":10,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:27.149695+0800","flow_id":183137814509534,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"58.176.194.96","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:52.173712+0800","end":"2023-07-22T08:49:52.173712+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:27.190223+0800","flow_id":1481622634028862,"in_iface":"eth2","event_type":"drop","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59488,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3361009410,"tcpack":3682152478,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:27.371040+0800","flow_id":1408049770191546,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51217,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":352701400,"tcpack":660722390,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:27.633270+0800","flow_id":1031025089963042,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":42679,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":53174,"rrname":"sirius.mwbsys.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:50:27.668872+0800","flow_id":902460100059633,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.170","src_port":50683,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":1701,"rrname":"devs-pe.tplinkcloud.com.cn","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:50:27.841117+0800","event_type":"stats","stats":{"uptime":160,"capture":{"kernel_packets":3876,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":690979,"poll_signal":0,"poll_timeout":24030,"poll_data":666949,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":3882,"bytes":1799855,"invalid":0,"ipv4":3356,"ipv6":43,"ethernet":3882,"arp":161,"unknown_ethertype":322,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1324,"udp":2028,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":43,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":463,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":447,"synack":844,"rst":13,"active_sessions":37,"sessions":87,"ssn_memcap_drop":0,"ssn_from_cache":7,"ssn_from_pool":80,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9704288,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":490,"active":113,"tcp":176,"udp":295,"icmpv4":2,"icmpv6":17,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":25,"flows_evicted_pkt_inject":25,"flows_evicted":2,"flows_injected":25,"flows_injected_max":0},"end":{"state":{"new":377,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":50,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":21,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":1056,"flows_notimeout":681,"flows_timeout":375,"flows_evicted":375,"flows_evicted_needs_work":25},"spare":10150,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":350,"queue_avg":0,"queue_max":8},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":70,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":86,"nfs_udp":0,"krb5_udp":0,"failed_udp":116},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":35,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":89,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:50:27.923156+0800","flow_id":868701760663178,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55318,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":1448032719,"tcpack":2578529475,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:28.176899+0800","flow_id":1202951157120158,"in_iface":"eth2","event_type":"flow","src_ip":"172.217.24.106","src_port":443,"dest_ip":"192.168.0.177","dest_port":41495,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":39,"pkts_toclient":0,"bytes_toserver":37577,"bytes_toclient":0,"start":"2023-07-22T08:49:48.869907+0800","end":"2023-07-22T08:49:49.269969+0800","age":1,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:28.177180+0800","flow_id":495424196509945,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":50681,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:49:53.639637+0800","end":"2023-07-22T08:49:53.639637+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:28.194422+0800","flow_id":1397986505601020,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55332,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":143551237,"tcpack":3697590224,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:28.955132+0800","flow_id":868701760663178,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55318,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":1448032719,"tcpack":2578529475,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:28.968115+0800","flow_id":868701760663178,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55318,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":1448032719,"tcpack":2578529475,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:29.023899+0800","flow_id":903820375378227,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.100","src_port":52905,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":41168,"rrname":"amazon.com","rrtype":"A","tx_id":2,"opcode":0}}
{"timestamp":"2023-07-22T08:50:29.177830+0800","flow_id":1694923105372231,"in_iface":"eth2","event_type":"flow","src_ip":"205.189.160.58","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:50.198022+0800","end":"2023-07-22T08:49:50.198022+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:29.177819+0800","flow_id":1397986505601020,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55332,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":143551237,"tcpack":3697590224,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:29.203453+0800","flow_id":1152976785714978,"in_iface":"eth2","event_type":"flow","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.120","dest_port":37780,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:49:16.006304+0800","end":"2023-07-22T08:49:25.068172+0800","age":9,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:30.201231+0800","flow_id":1397986505601020,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55332,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":143551237,"tcpack":3697590224,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:30.230292+0800","flow_id":2153430428962024,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"162.159.200.123","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:59.173704+0800","end":"2023-07-22T08:49:59.173704+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:30.230597+0800","flow_id":529388881728438,"in_iface":"eth2","event_type":"flow","src_ip":"45.125.1.20","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:53.188793+0800","end":"2023-07-22T08:49:53.188793+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:30.607384+0800","flow_id":1764273470278950,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41900,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2565437303,"tcpack":2952712300,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:30.727580+0800","flow_id":1717558841379171,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51218,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":2789753470,"tcpack":661532094,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:30.969351+0800","flow_id":868701760663178,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55318,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":1448032719,"tcpack":2578529475,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:31.195602+0800","flow_id":1397986505601020,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55332,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":143551237,"tcpack":3697590224,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:31.231194+0800","flow_id":463527992580982,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"45.125.1.20","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:53.173459+0800","end":"2023-07-22T08:49:53.173459+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:31.231487+0800","flow_id":2153432447148150,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"162.159.200.1","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:59.173705+0800","end":"2023-07-22T08:49:59.173705+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:31.231784+0800","flow_id":1027603742287048,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"118.143.17.82","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:55.173721+0800","end":"2023-07-22T08:49:55.173721+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:31.255134+0800","flow_id":1153952421477612,"in_iface":"eth2","event_type":"flow","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":49890,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:49:16.006531+0800","end":"2023-07-22T08:49:25.122091+0800","age":9,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:31.255813+0800","flow_id":1505636196908574,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":41888,"dest_ip":"185.125.188.132","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:49:25.940382+0800","end":"2023-07-22T08:49:29.045804+0800","age":4,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:31.255820+0800","flow_id":2241774681294739,"in_iface":"eth2","event_type":"flow","src_ip":"162.159.200.1","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:59.194273+0800","end":"2023-07-22T08:49:59.194273+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:31.403602+0800","flow_id":1408049770191546,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51217,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":352701400,"tcpack":660722390,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:31.563608+0800","flow_id":2176554965214439,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38850,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1763967471,"tcpack":260322006,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:31.616775+0800","flow_id":1764273470278950,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41900,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2565437303,"tcpack":2952712300,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:31.747755+0800","flow_id":1717558841379171,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51218,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":2789753470,"tcpack":661532094,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:31.870297+0800","flow_id":2176554965214439,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38850,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1763967471,"tcpack":260322006,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:32.282125+0800","flow_id":418358475852912,"in_iface":"eth2","event_type":"flow","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48936,"proto":"TCP","flow":{"pkts_toserver":12,"pkts_toclient":0,"bytes_toserver":888,"bytes_toclient":0,"start":"2023-07-22T08:48:49.425086+0800","end":"2023-07-22T08:49:27.288159+0800","age":38,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:32.282477+0800","flow_id":380108404067827,"in_iface":"eth2","event_type":"flow","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":48938,"proto":"TCP","flow":{"pkts_toserver":12,"pkts_toclient":0,"bytes_toserver":888,"bytes_toclient":0,"start":"2023-07-22T08:48:49.678324+0800","end":"2023-07-22T08:49:27.505593+0800","age":38,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:32.282750+0800","flow_id":2153428003623256,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"17.253.84.253","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:59.173704+0800","end":"2023-07-22T08:49:59.173704+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:32.283262+0800","flow_id":2040896554308611,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":38862,"dest_ip":"172.217.27.10","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:49:27.933935+0800","end":"2023-07-22T08:49:30.970264+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:32.342678+0800","flow_id":1717558841379171,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51218,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":2789753470,"tcpack":661532094,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:32.623407+0800","flow_id":1764273470278950,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41900,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2565437303,"tcpack":2952712300,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:32.986041+0800","flow_id":868701760663178,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55318,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":1448032719,"tcpack":2578529475,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:33.201581+0800","flow_id":302835402847523,"in_iface":"eth2","event_type":"drop","src_ip":"52.22.124.11","src_port":443,"dest_ip":"192.168.0.177","dest_port":51524,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":237,"ipid":0,"tcpseq":670602590,"tcpack":2447396702,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:33.214130+0800","flow_id":1397986505601020,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55332,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":143551237,"tcpack":3697590224,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:33.308871+0800","flow_id":2223911785320510,"in_iface":"eth2","event_type":"flow","src_ip":"162.159.200.123","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:59.190114+0800","end":"2023-07-22T08:49:59.190114+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:33.689459+0800","flow_id":1764273470278950,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41900,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2565437303,"tcpack":2952712300,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:33.927701+0800","flow_id":2176554965214439,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38850,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1763967471,"tcpack":260322006,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:34.210138+0800","flow_id":302835402847523,"in_iface":"eth2","event_type":"drop","src_ip":"52.22.124.11","src_port":443,"dest_ip":"192.168.0.177","dest_port":51524,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":237,"ipid":0,"tcpseq":670602590,"tcpack":2447396702,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:34.326749+0800","flow_id":1717558841379171,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51218,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":2789753470,"tcpack":661532094,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:34.335669+0800","flow_id":1747465020235212,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41888,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:49:26.144719+0800","end":"2023-07-22T08:49:33.256882+0800","age":7,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:34.335946+0800","flow_id":2223911248256688,"in_iface":"eth2","event_type":"flow","src_ip":"17.253.84.253","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:49:59.190114+0800","end":"2023-07-22T08:49:59.190114+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:34.336501+0800","flow_id":244852810181773,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":58433,"dest_ip":"192.168.0.255","dest_port":20002,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":1021,"bytes_toclient":0,"start":"2023-07-22T08:50:00.843441+0800","end":"2023-07-22T08:50:00.843441+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:34.606045+0800","flow_id":632620368437177,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":51405,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":43971,"rrname":"www.pcmarket.com.hk","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:50:34.627583+0800","flow_id":725124609994052,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":53738,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":20288,"rrname":"api.ghostery.net","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:50:34.627584+0800","flow_id":725128798585556,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":52237,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":18410,"rrname":"api.ghostery.net","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:50:34.716767+0800","flow_id":826691301414380,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46016,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":766135381,"tcpack":158863950,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:34.856624+0800","flow_id":582950930813841,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37178,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1250601166,"tcpack":3404844620,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:34.958731+0800","flow_id":740022580030684,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46020,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":239,"ipid":0,"tcpseq":3336014644,"tcpack":2499293603,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:35.095665+0800","flow_id":868701760663178,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55318,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":1448032719,"tcpack":2578529475,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:35.125336+0800","flow_id":1101265006492717,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37190,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1826380386,"tcpack":3624496723,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:35.223451+0800","flow_id":302835402847523,"in_iface":"eth2","event_type":"drop","src_ip":"52.22.124.11","src_port":443,"dest_ip":"192.168.0.177","dest_port":51524,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":237,"ipid":0,"tcpseq":670602590,"tcpack":2447396702,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:35.696607+0800","flow_id":1764273470278950,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41900,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2565437303,"tcpack":2952712300,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:35.737724+0800","flow_id":826691301414380,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46016,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":766135381,"tcpack":158863950,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:35.854207+0800","flow_id":582950930813841,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37178,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1250601166,"tcpack":3404844620,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:35.849493+0800","event_type":"stats","stats":{"uptime":168,"capture":{"kernel_packets":3967,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":707108,"poll_signal":0,"poll_timeout":25417,"poll_data":681691,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":3976,"bytes":1808234,"invalid":0,"ipv4":3428,"ipv6":43,"ethernet":3976,"arp":165,"unknown_ethertype":340,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1381,"udp":2043,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":43,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":454,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":469,"synack":879,"rst":13,"active_sessions":43,"sessions":96,"ssn_memcap_drop":0,"ssn_from_cache":14,"ssn_from_pool":82,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9704544,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":521,"active":125,"tcp":194,"udp":308,"icmpv4":2,"icmpv6":17,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":28,"flows_evicted_pkt_inject":28,"flows_evicted":2,"flows_injected":28,"flows_injected_max":0},"end":{"state":{"new":396,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":53,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":22,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":1093,"flows_notimeout":699,"flows_timeout":394,"flows_evicted":394,"flows_evicted_needs_work":28},"spare":10166,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":366,"queue_avg":0,"queue_max":8},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":72,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":91,"nfs_udp":0,"krb5_udp":0,"failed_udp":122},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":36,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":95,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:50:35.964666+0800","flow_id":740022580030684,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46020,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":239,"ipid":0,"tcpseq":3336014644,"tcpack":2499293603,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:35.988963+0800","flow_id":740022580030684,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46020,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":239,"ipid":0,"tcpseq":3336014644,"tcpack":2499293603,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:36.114155+0800","flow_id":1101265006492717,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37190,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1826380386,"tcpack":3624496723,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:36.237229+0800","flow_id":302835402847523,"in_iface":"eth2","event_type":"drop","src_ip":"52.22.124.11","src_port":443,"dest_ip":"192.168.0.177","dest_port":51524,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":237,"ipid":0,"tcpseq":670602590,"tcpack":2447396702,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:36.332620+0800","flow_id":1717558841379171,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51218,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":2789753470,"tcpack":661532094,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:36.399544+0800","flow_id":1707444086184831,"in_iface":"eth2","event_type":"flow","src_ip":"fe80:0000:0000:0000:68ba:73ff:fea0:e476","dest_ip":"ff02:0000:0000:0000:0000:0000:0000:0002","proto":"IPv6-ICMP","icmp_type":133,"icmp_code":0,"flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":70,"bytes_toclient":0,"start":"2023-07-22T08:49:58.921833+0800","end":"2023-07-22T08:49:58.921833+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:36.399777+0800","flow_id":1971254786662767,"in_iface":"eth1","event_type":"flow","src_ip":"fe80:0000:0000:0000:6cba:73ff:fea0:e476","dest_ip":"ff02:0000:0000:0000:0000:0000:0000:0002","proto":"IPv6-ICMP","icmp_type":133,"icmp_code":0,"flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":70,"bytes_toclient":0,"start":"2023-07-22T08:49:59.655576+0800","end":"2023-07-22T08:49:59.655576+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:36.400095+0800","flow_id":1928896238856047,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":35516,"dest_ip":"151.101.109.140","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:49:02.055890+0800","end":"2023-07-22T08:49:33.434619+0800","age":31,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:36.400337+0800","flow_id":1881229739571625,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":35528,"dest_ip":"151.101.109.140","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:49:02.306935+0800","end":"2023-07-22T08:49:33.690431+0800","age":31,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:36.455253+0800","flow_id":1392348876209388,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":49890,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":303434062,"tcpack":1094145864,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:36.455469+0800","flow_id":1393275910958882,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.120","dest_port":37780,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3131895578,"tcpack":1701976821,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:36.764347+0800","flow_id":826691301414380,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46016,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":766135381,"tcpack":158863950,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:36.871327+0800","flow_id":582950930813841,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37178,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1250601166,"tcpack":3404844620,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:37.201595+0800","flow_id":1101265006492717,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37190,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1826380386,"tcpack":3624496723,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:37.418540+0800","flow_id":1164306212999892,"in_iface":"eth2","event_type":"flow","src_ip":"209.58.185.100","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:50:04.205550+0800","end":"2023-07-22T08:50:04.205550+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:37.418844+0800","flow_id":1417532609025237,"in_iface":"eth2","event_type":"flow","src_ip":"157.119.101.135","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:50:05.198973+0800","end":"2023-07-22T08:50:05.198973+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:37.419300+0800","flow_id":1969451156594589,"in_iface":"eth2","event_type":"flow","src_ip":"151.101.109.140","src_port":443,"dest_ip":"192.168.0.177","dest_port":35516,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:49:02.130868+0800","end":"2023-07-22T08:49:34.532634+0800","age":32,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:37.466476+0800","flow_id":1397986505601020,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55332,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":143551237,"tcpack":3697590224,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:37.466558+0800","flow_id":1393275910958882,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.120","dest_port":37780,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3131895578,"tcpack":1701976821,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:37.472076+0800","flow_id":1392348876209388,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":49890,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":303434062,"tcpack":1094145864,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:37.654385+0800","flow_id":1684663964483586,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":35818,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":36,"ipid":0,"tcpseq":2431697352,"tcpack":759551691,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:37.654754+0800","flow_id":1686247874400345,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.152","src_port":80,"dest_ip":"192.168.0.120","dest_port":58444,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":775237028,"tcpack":4133650469,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:37.729213+0800","flow_id":1443096625062455,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5010,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3841504507,"tcpack":4106347338,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:37.742050+0800","flow_id":826691301414380,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46016,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":766135381,"tcpack":158863950,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:37.852368+0800","flow_id":1686247874400345,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.152","src_port":80,"dest_ip":"192.168.0.120","dest_port":58444,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":775237028,"tcpack":4133650469,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:37.864102+0800","flow_id":1684663964483586,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":35818,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":36,"ipid":0,"tcpseq":2431697352,"tcpack":759551691,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:37.869970+0800","flow_id":582950930813841,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37178,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1250601166,"tcpack":3404844620,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:37.954889+0800","flow_id":1567945479931846,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":48834,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":20155,"rrname":"sirius.mwbsys.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:50:37.961846+0800","flow_id":2176554965214439,"in_iface":"eth2","event_type":"drop","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38850,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1763967471,"tcpack":260322006,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:37.999472+0800","flow_id":740022580030684,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46020,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":239,"ipid":0,"tcpseq":3336014644,"tcpack":2499293603,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:38.061676+0800","flow_id":1686247874400345,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.152","src_port":80,"dest_ip":"192.168.0.120","dest_port":58444,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":775237028,"tcpack":4133650469,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:38.071725+0800","flow_id":1684663964483586,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":35818,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":36,"ipid":0,"tcpseq":2431697352,"tcpack":759551691,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:38.130828+0800","flow_id":1101265006492717,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37190,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1826380386,"tcpack":3624496723,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:38.262813+0800","flow_id":302835402847523,"in_iface":"eth2","event_type":"drop","src_ip":"52.22.124.11","src_port":443,"dest_ip":"192.168.0.177","dest_port":51524,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":237,"ipid":0,"tcpseq":670602590,"tcpack":2447396702,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:38.273689+0800","flow_id":1686247874400345,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.152","src_port":80,"dest_ip":"192.168.0.120","dest_port":58444,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":775237028,"tcpack":4133650469,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:38.279339+0800","flow_id":1684663964483586,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":35818,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":36,"ipid":0,"tcpseq":2431697352,"tcpack":759551691,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:38.334750+0800","flow_id":1717558841379171,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51218,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":2789753470,"tcpack":661532094,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:38.445013+0800","flow_id":1308982298444209,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"209.58.185.100","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:50:04.173699+0800","end":"2023-07-22T08:50:04.173699+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:38.679501+0800","flow_id":1686247874400345,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.152","src_port":80,"dest_ip":"192.168.0.120","dest_port":58444,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":775237028,"tcpack":4133650469,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:38.683522+0800","flow_id":1684663964483586,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":35818,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":2431697352,"tcpack":759551691,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:38.733522+0800","flow_id":1443096625062455,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5010,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3841504507,"tcpack":4106347338,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:38.746470+0800","flow_id":1443096625062455,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5010,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3841504507,"tcpack":4106347338,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:39.260491+0800","flow_id":868701760663178,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55318,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":1448032719,"tcpack":2578529475,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:39.472126+0800","flow_id":980571368425399,"in_iface":"eth1","event_type":"flow","src_ip":"fe80:0000:0000:0000:7c0d:b9ff:fe07:7405","dest_ip":"ff02:0000:0000:0000:0000:0000:0000:0002","proto":"IPv6-ICMP","icmp_type":133,"icmp_code":0,"flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":70,"bytes_toclient":0,"start":"2023-07-22T08:50:03.621523+0800","end":"2023-07-22T08:50:03.621523+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:39.473090+0800","flow_id":1590299992105219,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"157.119.101.135","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:50:05.173662+0800","end":"2023-07-22T08:50:05.173662+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:39.490092+0800","flow_id":1684663964483586,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":35818,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":2431697352,"tcpack":759551691,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:39.495327+0800","flow_id":1686247874400345,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.152","src_port":80,"dest_ip":"192.168.0.120","dest_port":58444,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":775237028,"tcpack":4133650469,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:39.515756+0800","flow_id":1393275910958882,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.120","dest_port":37780,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3131895578,"tcpack":1701976821,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:39.519426+0800","flow_id":1392348876209388,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":49890,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":303434062,"tcpack":1094145864,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:39.770640+0800","flow_id":826691301414380,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46016,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":766135381,"tcpack":158863950,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:39.824483+0800","flow_id":1764273470278950,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41900,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":2565437303,"tcpack":2952712300,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:39.920679+0800","flow_id":582950930813841,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37178,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1250601166,"tcpack":3404844620,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:39.951985+0800","flow_id":2118420715791681,"in_iface":"eth2","event_type":"drop","src_ip":"52.74.242.21","src_port":443,"dest_ip":"192.168.0.177","dest_port":36198,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":239,"ipid":0,"tcpseq":1383049112,"tcpack":2564977707,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:40.028015+0800","flow_id":740022580030684,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46020,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":239,"ipid":0,"tcpseq":3336014644,"tcpack":2499293603,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:40.161713+0800","flow_id":1101265006492717,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37190,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1826380386,"tcpack":3624496723,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:40.327758+0800","flow_id":1717558841379171,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51218,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":2789753470,"tcpack":661532094,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:40.445442+0800","flow_id":1393275910958882,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.120","dest_port":37780,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3131895578,"tcpack":1701976821,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:40.445860+0800","flow_id":1392348876209388,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":49890,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":303434062,"tcpack":1094145864,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:40.500165+0800","flow_id":2120190754599125,"in_iface":"eth2","event_type":"flow","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38862,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:49:27.952397+0800","end":"2023-07-22T08:49:37.059498+0800","age":10,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:40.748429+0800","flow_id":1443096625062455,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5010,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3841504507,"tcpack":4106347338,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:40.953555+0800","flow_id":1443096625062455,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5010,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3841504507,"tcpack":4106347338,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:40.977338+0800","flow_id":2118420715791681,"in_iface":"eth2","event_type":"drop","src_ip":"52.74.242.21","src_port":443,"dest_ip":"192.168.0.177","dest_port":36198,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":239,"ipid":0,"tcpseq":1383049112,"tcpack":2564977707,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:40.982263+0800","flow_id":2118420715791681,"in_iface":"eth2","event_type":"drop","src_ip":"52.74.242.21","src_port":443,"dest_ip":"192.168.0.177","dest_port":36198,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":239,"ipid":0,"tcpseq":1383049112,"tcpack":2564977707,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:41.533511+0800","flow_id":672500195315536,"in_iface":"eth2","event_type":"flow","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51214,"proto":"TCP","flow":{"pkts_toserver":10,"pkts_toclient":0,"bytes_toserver":620,"bytes_toclient":0,"start":"2023-07-22T08:49:22.680866+0800","end":"2023-07-22T08:49:40.330848+0800","age":18,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:41.534071+0800","flow_id":1921585296563476,"in_iface":"eth2","event_type":"flow","src_ip":"151.101.109.140","src_port":443,"dest_ip":"192.168.0.177","dest_port":35528,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:49:02.381867+0800","end":"2023-07-22T08:49:34.779706+0800","age":32,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:41.534116+0800","flow_id":622016688936190,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":51214,"dest_ip":"1.13.11.21","dest_port":50443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":434,"bytes_toclient":0,"start":"2023-07-22T08:49:22.603576+0800","end":"2023-07-22T08:49:34.215884+0800","age":12,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:41.534688+0800","flow_id":1554394251125718,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":4998,"dest_ip":"185.125.188.133","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:49:33.099766+0800","end":"2023-07-22T08:49:36.299202+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:41.837197+0800","flow_id":826691301414380,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46016,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":766135381,"tcpack":158863950,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:41.938895+0800","flow_id":582950930813841,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37178,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1250601166,"tcpack":3404844620,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:42.191026+0800","flow_id":1101265006492717,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37190,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1826380386,"tcpack":3624496723,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:42.333725+0800","flow_id":1717558841379171,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51218,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":2789753470,"tcpack":661532094,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:42.424137+0800","flow_id":302835402847523,"in_iface":"eth2","event_type":"drop","src_ip":"52.22.124.11","src_port":443,"dest_ip":"192.168.0.177","dest_port":51524,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":237,"ipid":0,"tcpseq":670602590,"tcpack":2447396702,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:42.991782+0800","flow_id":2118420715791681,"in_iface":"eth2","event_type":"drop","src_ip":"52.74.242.21","src_port":443,"dest_ip":"192.168.0.177","dest_port":36198,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":239,"ipid":0,"tcpseq":1383049112,"tcpack":2564977707,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:43.003790+0800","flow_id":2118420715791681,"in_iface":"eth2","event_type":"drop","src_ip":"52.74.242.21","src_port":443,"dest_ip":"192.168.0.177","dest_port":36198,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":239,"ipid":0,"tcpseq":1383049112,"tcpack":2564977707,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:43.288445+0800","flow_id":868701760663178,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55318,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":1448032719,"tcpack":2578529475,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:43.857758+0800","event_type":"stats","stats":{"uptime":176,"capture":{"kernel_packets":4068,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":718867,"poll_signal":0,"poll_timeout":26333,"poll_data":692534,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":4071,"bytes":1815359,"invalid":0,"ipv4":3506,"ipv6":44,"ethernet":4071,"arp":169,"unknown_ethertype":352,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1455,"udp":2047,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":44,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":445,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":491,"synack":931,"rst":13,"active_sessions":45,"sessions":102,"ssn_memcap_drop":0,"ssn_from_cache":20,"ssn_from_pool":82,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9704672,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":538,"active":123,"tcp":206,"udp":312,"icmpv4":2,"icmpv6":18,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":32,"flows_evicted_pkt_inject":32,"flows_evicted":2,"flows_injected":32,"flows_injected_max":0},"end":{"state":{"new":415,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":57,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":23,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":1158,"flows_notimeout":745,"flows_timeout":413,"flows_evicted":413,"flows_evicted_needs_work":32},"spare":10181,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":381,"queue_avg":0,"queue_max":8},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":74,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":92,"nfs_udp":0,"krb5_udp":0,"failed_udp":123},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":37,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":96,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:50:44.094708+0800","flow_id":740022580030684,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46020,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":239,"ipid":0,"tcpseq":3336014644,"tcpack":2499293603,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:44.351194+0800","flow_id":1717558841379171,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51218,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":2789753470,"tcpack":661532094,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:44.446314+0800","flow_id":1392348876209388,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":49890,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":303434062,"tcpack":1094145864,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:44.509177+0800","flow_id":1393275910958882,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.120","dest_port":37780,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":3131895578,"tcpack":1701976821,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:44.617912+0800","flow_id":576979257806917,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.170","dest_port":50682,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":164,"bytes_toclient":0,"start":"2023-07-22T08:50:10.658626+0800","end":"2023-07-22T08:50:10.658626+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:44.618449+0800","flow_id":1552090546460993,"in_iface":"eth2","event_type":"flow","src_ip":"119.28.230.190","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:50:13.230302+0800","end":"2023-07-22T08:50:13.230302+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:44.683291+0800","flow_id":1245865493443721,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.170","src_port":50684,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":1702,"rrname":"devs-pe.tplinkcloud.com.cn","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:50:44.900802+0800","flow_id":1335641998430673,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":48173,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":32952,"rrname":"ff25fb088914b16c708f0a02b6733c9d-1222135310.ap-southeast-1.elb.amazonaws.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:50:44.948801+0800","flow_id":1260320744832428,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":32800,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":15031,"rrname":"ff25fb088914b16c708f0a02b6733c9d-1222135310.ap-southeast-1.elb.amazonaws.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:50:45.132770+0800","flow_id":1443096625062455,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5010,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":3841504507,"tcpack":4106347338,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:45.648875+0800","flow_id":1582763096891204,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":4998,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:49:33.302979+0800","end":"2023-07-22T08:49:40.623590+0800","age":7,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:45.884418+0800","flow_id":826691301414380,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46016,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":766135381,"tcpack":158863950,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:45.991472+0800","flow_id":582950930813841,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37178,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1250601166,"tcpack":3404844620,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:46.241102+0800","flow_id":1101265006492717,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37190,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1826380386,"tcpack":3624496723,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:46.676662+0800","flow_id":839103834263623,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":50682,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:50:10.654121+0800","end":"2023-07-22T08:50:10.654121+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:46.677206+0800","flow_id":1100196798697783,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":41334,"dest_ip":"122.248.242.180","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:49:39.649375+0800","end":"2023-07-22T08:49:42.648929+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:47.184875+0800","flow_id":2118420715791681,"in_iface":"eth2","event_type":"drop","src_ip":"52.74.242.21","src_port":443,"dest_ip":"192.168.0.177","dest_port":36198,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":239,"ipid":0,"tcpseq":1383049112,"tcpack":2564977707,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:47.701915+0800","flow_id":2153369502656447,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"118.143.17.83","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:50:15.173690+0800","end":"2023-07-22T08:50:15.173690+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:47.702753+0800","flow_id":254663288667027,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":41056,"dest_ip":"192.168.0.255","dest_port":20002,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":1021,"bytes_toclient":0,"start":"2023-07-22T08:50:16.190365+0800","end":"2023-07-22T08:50:16.190365+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:47.736624+0800","flow_id":2037878156113352,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51219,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":3115753002,"tcpack":662341866,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:48.383877+0800","flow_id":1717558841379171,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51218,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":2789753470,"tcpack":661532094,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:48.730321+0800","flow_id":2225738341079958,"in_iface":"eth2","event_type":"flow","src_ip":"118.143.17.83","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:50:15.190540+0800","end":"2023-07-22T08:50:15.190540+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:48.744309+0800","flow_id":2037878156113352,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51219,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":3115753002,"tcpack":662341866,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:49.337449+0800","flow_id":2037878156113352,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51219,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":3115753002,"tcpack":662341866,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:50.002990+0800","flow_id":547589840879800,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54166,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2618997236,"tcpack":625243591,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:50.003057+0800","flow_id":688745750283095,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54172,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3834834739,"tcpack":2145283298,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:50.037459+0800","flow_id":826691301414380,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46016,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":766135381,"tcpack":158863950,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:50.137974+0800","flow_id":582950930813841,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37178,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1250601166,"tcpack":3404844620,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:50.309126+0800","flow_id":547589840879800,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54166,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2618997236,"tcpack":625243591,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:50.309125+0800","flow_id":688745750283095,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54172,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3834834739,"tcpack":2145283298,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:50.388416+0800","flow_id":1101265006492717,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37190,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1826380386,"tcpack":3624496723,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:50.786029+0800","flow_id":183045801907755,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"223.255.185.3","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:50:16.173690+0800","end":"2023-07-22T08:50:16.173690+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:50.786543+0800","flow_id":1590540512532629,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"119.28.230.190","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:50:13.173718+0800","end":"2023-07-22T08:50:13.173718+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:51.357359+0800","flow_id":2037878156113352,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51219,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":3115753002,"tcpack":662341866,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:51.816811+0800","flow_id":1073474550779826,"in_iface":"eth2","event_type":"flow","src_ip":"122.248.242.180","src_port":443,"dest_ip":"192.168.0.100","dest_port":41334,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:49:39.708689+0800","end":"2023-07-22T08:49:48.936324+0800","age":9,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:51.817341+0800","flow_id":27011597029933,"in_iface":"eth2","event_type":"flow","src_ip":"223.255.185.3","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:50:16.202897+0800","end":"2023-07-22T08:50:16.202897+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:51.864775+0800","event_type":"stats","stats":{"uptime":184,"capture":{"kernel_packets":4136,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":728801,"poll_signal":0,"poll_timeout":27731,"poll_data":701070,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":4142,"bytes":1821989,"invalid":0,"ipv4":3553,"ipv6":44,"ethernet":4142,"arp":175,"unknown_ethertype":370,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1495,"udp":2054,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":44,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":439,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":503,"synack":959,"rst":13,"active_sessions":45,"sessions":103,"ssn_memcap_drop":0,"ssn_from_cache":21,"ssn_from_pool":82,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9704800,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":547,"active":124,"tcp":208,"udp":319,"icmpv4":2,"icmpv6":18,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":33,"flows_evicted_pkt_inject":33,"flows_evicted":2,"flows_injected":33,"flows_injected_max":0},"end":{"state":{"new":423,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":58,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":25,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":1182,"flows_notimeout":761,"flows_timeout":421,"flows_evicted":421,"flows_evicted_needs_work":33},"spare":10188,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":388,"queue_avg":0,"queue_max":8},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":74,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":95,"nfs_udp":0,"krb5_udp":0,"failed_udp":127},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":37,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":99,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:50:52.316025+0800","flow_id":547589840879800,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54166,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2618997236,"tcpack":625243591,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:52.363914+0800","flow_id":688745750283095,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54172,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3834834739,"tcpack":2145283298,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:53.356731+0800","flow_id":2037878156113352,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51219,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":3115753002,"tcpack":662341866,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:53.990815+0800","flow_id":1440770410880709,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41904,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":1384739280,"tcpack":212805932,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:54.895757+0800","flow_id":1992733177856383,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":53738,"dest_ip":"185.125.190.18","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:49:35.791649+0800","end":"2023-07-22T08:49:51.095131+0800","age":16,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:55.018436+0800","flow_id":1440770410880709,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41904,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":1384739280,"tcpack":212805932,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:55.030128+0800","flow_id":1440770410880709,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41904,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":1384739280,"tcpack":212805932,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:55.341999+0800","flow_id":2037878156113352,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51219,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":3115753002,"tcpack":662341866,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:55.925734+0800","flow_id":674847822371497,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":41892,"dest_ip":"185.125.188.132","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:49:46.353733+0800","end":"2023-07-22T08:49:49.525858+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:56.348347+0800","flow_id":547589840879800,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54166,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2618997236,"tcpack":625243591,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:56.395651+0800","flow_id":688745750283095,"in_iface":"eth2","event_type":"drop","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54172,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3834834739,"tcpack":2145283298,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:56.952272+0800","flow_id":1065929755652415,"in_iface":"eth2","event_type":"flow","src_ip":"203.205.254.125","src_port":443,"dest_ip":"192.168.0.120","dest_port":37790,"proto":"TCP","flow":{"pkts_toserver":17,"pkts_toclient":0,"bytes_toserver":3791,"bytes_toclient":0,"start":"2023-07-22T08:47:55.182645+0800","end":"2023-07-22T08:49:55.630676+0800","age":120,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:57.039114+0800","flow_id":1440770410880709,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41904,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":1384739280,"tcpack":212805932,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:57.149258+0800","flow_id":1440770410880709,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41904,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":1384739280,"tcpack":212805932,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:57.347458+0800","flow_id":2037878156113352,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51219,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":3115753002,"tcpack":662341866,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:57.979850+0800","flow_id":307605394367234,"in_iface":"eth2","event_type":"flow","src_ip":"223.255.185.2","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:50:25.202691+0800","end":"2023-07-22T08:50:25.202691+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:50:57.980320+0800","flow_id":1267740399510632,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":47576,"dest_ip":"34.117.65.55","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:48:52.491776+0800","end":"2023-07-22T08:49:56.727206+0800","age":64,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:57.979882+0800","flow_id":1094733399726211,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":44898,"dest_ip":"142.250.66.110","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:48:51.844711+0800","end":"2023-07-22T08:49:56.727206+0800","age":65,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:59.006079+0800","flow_id":692045478575606,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41892,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:49:46.554345+0800","end":"2023-07-22T08:49:53.743931+0800","age":7,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:59.006725+0800","flow_id":2037673139653514,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.190.18","src_port":80,"dest_ip":"192.168.0.177","dest_port":53738,"proto":"TCP","flow":{"pkts_toserver":8,"pkts_toclient":0,"bytes_toserver":592,"bytes_toclient":0,"start":"2023-07-22T08:49:35.998720+0800","end":"2023-07-22T08:49:51.300100+0800","age":16,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:50:59.007306+0800","flow_id":970800459370979,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":51215,"dest_ip":"146.56.252.164","dest_port":50443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":434,"bytes_toclient":0,"start":"2023-07-22T08:49:39.619248+0800","end":"2023-07-22T08:49:51.231366+0800","age":12,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:50:59.347123+0800","flow_id":2037878156113352,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51219,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":3115753002,"tcpack":662341866,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:59.424926+0800","flow_id":868701760663178,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55318,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":507003571,"tcpack":2578529475,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:50:59.658286+0800","flow_id":856995445518221,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.237.239","src_port":443,"dest_ip":"192.168.0.177","dest_port":40586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":125,"tos":0,"ttl":58,"ipid":39067,"tcpseq":692071303,"tcpack":3282604984,"tcpwin":272,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:50:59.871343+0800","event_type":"stats","stats":{"uptime":192,"capture":{"kernel_packets":4184,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":733727,"poll_signal":0,"poll_timeout":29132,"poll_data":704595,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":4191,"bytes":1825722,"invalid":0,"ipv4":3582,"ipv6":44,"ethernet":4191,"arp":177,"unknown_ethertype":388,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1520,"udp":2058,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":44,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":435,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":512,"synack":974,"rst":13,"active_sessions":41,"sessions":104,"ssn_memcap_drop":0,"ssn_from_cache":21,"ssn_from_pool":83,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9704288,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":554,"active":122,"tcp":211,"udp":323,"icmpv4":2,"icmpv6":18,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":38,"flows_evicted_pkt_inject":38,"flows_evicted":2,"flows_injected":38,"flows_injected_max":0},"end":{"state":{"new":432,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":63,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":25,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":1204,"flows_notimeout":777,"flows_timeout":427,"flows_evicted":427,"flows_evicted_needs_work":35},"spare":10192,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":392,"queue_avg":0,"queue_max":8},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":78,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":95,"nfs_udp":0,"krb5_udp":0,"failed_udp":127},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":39,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":99,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:50:59.893387+0800","flow_id":856995445518221,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.237.239","src_port":443,"dest_ip":"192.168.0.177","dest_port":40586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":125,"tos":0,"ttl":58,"ipid":39068,"tcpseq":692071303,"tcpack":3282604984,"tcpwin":272,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:00.034746+0800","flow_id":1098171454941476,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":48730,"dest_ip":"172.217.27.14","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:48:51.845511+0800","end":"2023-07-22T08:49:56.727208+0800","age":65,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:00.035275+0800","flow_id":1097658004763712,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":48722,"dest_ip":"172.217.27.14","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:48:51.845392+0800","end":"2023-07-22T08:49:56.727207+0800","age":65,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:00.135075+0800","flow_id":856995445518221,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.237.239","src_port":443,"dest_ip":"192.168.0.177","dest_port":40586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":125,"tos":0,"ttl":58,"ipid":39069,"tcpseq":692071303,"tcpack":3282604984,"tcpwin":272,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:00.441217+0800","flow_id":868701760663178,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55318,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":507003571,"tcpack":2578529475,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:00.606165+0800","flow_id":856995445518221,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.237.239","src_port":443,"dest_ip":"192.168.0.177","dest_port":40586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":125,"tos":0,"ttl":58,"ipid":39070,"tcpseq":692071303,"tcpack":3282604984,"tcpwin":272,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:00.829799+0800","flow_id":1312162767328244,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.122","src_port":48098,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":47303,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:51:00.829491+0800","flow_id":1310840161422774,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.122","src_port":37845,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":58382,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:51:01.032540+0800","flow_id":1547136435285823,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":443,"dest_ip":"192.168.0.122","dest_port":58490,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":4174921714,"tcpack":520908158,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:01.055884+0800","flow_id":1647397994192407,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":80,"dest_ip":"192.168.0.122","dest_port":42314,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":881899052,"tcpack":2889355390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:01.061255+0800","flow_id":1025780829551013,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.100","dest_port":52905,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":371,"bytes_toclient":0,"start":"2023-07-22T08:50:19.042225+0800","end":"2023-07-22T08:50:29.028330+0800","age":10,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:01.062039+0800","flow_id":64920222202918,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":45104,"dest_ip":"142.250.204.99","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:48:56.080651+0800","end":"2023-07-22T08:50:00.822906+0800","age":64,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:01.062596+0800","flow_id":14484017680837,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":45116,"dest_ip":"142.250.204.99","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:48:56.331052+0800","end":"2023-07-22T08:50:00.822907+0800","age":64,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:01.062965+0800","flow_id":1256862939386108,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":48750,"dest_ip":"172.217.27.14","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:48:52.096028+0800","end":"2023-07-22T08:49:56.727208+0800","age":64,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:01.208454+0800","flow_id":1458255441584404,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5014,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":460305954,"tcpack":2699910863,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:01.239667+0800","flow_id":1547136435285823,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":443,"dest_ip":"192.168.0.122","dest_port":58490,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":4174921714,"tcpack":520908158,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:01.261081+0800","flow_id":1647397994192407,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":80,"dest_ip":"192.168.0.122","dest_port":42314,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":881899052,"tcpack":2889355390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:01.326312+0800","flow_id":1440770410880709,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41904,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":1384739280,"tcpack":212805932,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:01.355269+0800","flow_id":2037878156113352,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51219,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":3115753002,"tcpack":662341866,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:01.446352+0800","flow_id":1547136435285823,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":443,"dest_ip":"192.168.0.122","dest_port":58490,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":4174921714,"tcpack":520908158,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:01.469892+0800","flow_id":1647397994192407,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":80,"dest_ip":"192.168.0.122","dest_port":42314,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":881899052,"tcpack":2889355390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:01.582557+0800","flow_id":856995445518221,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.237.239","src_port":443,"dest_ip":"192.168.0.177","dest_port":40586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":125,"tos":0,"ttl":58,"ipid":39071,"tcpseq":692071303,"tcpack":3282604984,"tcpwin":272,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:01.654509+0800","flow_id":1547136435285823,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":443,"dest_ip":"192.168.0.122","dest_port":58490,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":4174921714,"tcpack":520908158,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:01.678340+0800","flow_id":1647397994192407,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":80,"dest_ip":"192.168.0.122","dest_port":42314,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":881899052,"tcpack":2889355390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:01.697788+0800","flow_id":1589604783277779,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.170","src_port":50685,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":1703,"rrname":"devs-pe.tplinkcloud.com.cn","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:51:02.061657+0800","flow_id":1547136435285823,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":443,"dest_ip":"192.168.0.122","dest_port":58490,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":4174921714,"tcpack":520908158,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:02.085218+0800","flow_id":1647397994192407,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":80,"dest_ip":"192.168.0.122","dest_port":42314,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":881899052,"tcpack":2889355390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:02.090806+0800","flow_id":927342159639727,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.170","dest_port":50683,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":164,"bytes_toclient":0,"start":"2023-07-22T08:50:27.674665+0800","end":"2023-07-22T08:50:27.674665+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:02.091175+0800","flow_id":1275837306351984,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":41200,"dest_ip":"142.251.130.14","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:48:52.034910+0800","end":"2023-07-22T08:49:56.727245+0800","age":64,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:02.090830+0800","flow_id":29626793635205,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":56548,"dest_ip":"142.251.220.42","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:48:56.334578+0800","end":"2023-07-22T08:50:00.822984+0800","age":64,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:02.091659+0800","flow_id":1116250323139591,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":41194,"dest_ip":"142.251.130.14","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:48:51.784185+0800","end":"2023-07-22T08:49:56.727246+0800","age":65,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:02.175129+0800","flow_id":18637086165494,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":45122,"dest_ip":"142.250.204.99","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:48:56.332019+0800","end":"2023-07-22T08:50:00.822908+0800","age":64,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:02.226885+0800","flow_id":1458255441584404,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5014,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":460305954,"tcpack":2699910863,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:02.237535+0800","flow_id":1458255441584404,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5014,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":460305954,"tcpack":2699910863,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:02.458984+0800","flow_id":868701760663178,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55318,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":507003571,"tcpack":2578529475,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:02.885365+0800","flow_id":1547136435285823,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":443,"dest_ip":"192.168.0.122","dest_port":58490,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":4174921714,"tcpack":520908158,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:02.924687+0800","flow_id":1647397994192407,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":80,"dest_ip":"192.168.0.122","dest_port":42314,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":881899052,"tcpack":2889355390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:03.115990+0800","flow_id":1721241083889832,"in_iface":"eth2","event_type":"flow","src_ip":"45.11.104.223","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:50:30.204149+0800","end":"2023-07-22T08:50:30.204149+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:03.116150+0800","flow_id":1254551877240282,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":44902,"dest_ip":"142.250.66.110","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:48:52.095490+0800","end":"2023-07-22T08:49:56.727206+0800","age":64,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:03.116079+0800","flow_id":1256736340165393,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":48738,"dest_ip":"172.217.27.14","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:48:52.095998+0800","end":"2023-07-22T08:49:56.727207+0800","age":64,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:03.116755+0800","flow_id":464814252152254,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"223.255.185.2","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:50:25.173759+0800","end":"2023-07-22T08:50:25.173759+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:03.116892+0800","flow_id":1220725663126694,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":47586,"dest_ip":"34.117.65.55","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:48:52.742974+0800","end":"2023-07-22T08:49:56.727205+0800","age":64,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:03.502734+0800","flow_id":856995445518221,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.237.239","src_port":443,"dest_ip":"192.168.0.177","dest_port":40586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":125,"tos":0,"ttl":58,"ipid":39072,"tcpseq":692071303,"tcpack":3282604984,"tcpwin":272,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:04.145272+0800","flow_id":1031025089963042,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":42679,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":77,"bytes_toclient":0,"start":"2023-07-22T08:50:27.633270+0800","end":"2023-07-22T08:50:27.633270+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:04.146138+0800","flow_id":986661794867240,"in_iface":"eth2","event_type":"flow","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41194,"proto":"TCP","flow":{"pkts_toserver":16,"pkts_toclient":0,"bytes_toserver":1184,"bytes_toclient":0,"start":"2023-07-22T08:48:51.819549+0800","end":"2023-07-22T08:50:03.130771+0800","age":72,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:04.147256+0800","flow_id":520811345804602,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":5002,"dest_ip":"185.125.188.133","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:49:53.580012+0800","end":"2023-07-22T08:49:56.779151+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:04.243882+0800","flow_id":1458255441584404,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5014,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":460305954,"tcpack":2699910863,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:04.415714+0800","flow_id":1458255441584404,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5014,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":460305954,"tcpack":2699910863,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:04.661340+0800","flow_id":856995445518221,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.237.239","src_port":443,"dest_ip":"192.168.0.177","dest_port":40586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":108,"tos":0,"ttl":57,"ipid":39073,"tcpseq":692071376,"tcpack":3282604984,"tcpwin":272,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":true,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:04.746266+0800","flow_id":108965559981607,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51220,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3891209144,"tcpack":663151706,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:05.172180+0800","flow_id":1300738865302964,"in_iface":"eth2","event_type":"flow","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47586,"proto":"TCP","flow":{"pkts_toserver":19,"pkts_toclient":0,"bytes_toserver":1406,"bytes_toclient":0,"start":"2023-07-22T08:48:52.761603+0800","end":"2023-07-22T08:50:03.110464+0800","age":71,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:05.172734+0800","flow_id":793212291977544,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":51405,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":201,"bytes_toclient":0,"start":"2023-07-22T08:50:34.643436+0800","end":"2023-07-22T08:50:34.643436+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:05.173129+0800","flow_id":1350974201271751,"in_iface":"eth2","event_type":"flow","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48738,"proto":"TCP","flow":{"pkts_toserver":16,"pkts_toclient":0,"bytes_toserver":1184,"bytes_toclient":0,"start":"2023-07-22T08:48:52.117940+0800","end":"2023-07-22T08:50:03.172134+0800","age":71,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:05.173566+0800","flow_id":1015155398481552,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":42679,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":125,"bytes_toclient":0,"start":"2023-07-22T08:50:27.695111+0800","end":"2023-07-22T08:50:27.695111+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:05.174690+0800","flow_id":949645883086967,"in_iface":"eth2","event_type":"flow","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48730,"proto":"TCP","flow":{"pkts_toserver":16,"pkts_toclient":0,"bytes_toserver":1184,"bytes_toclient":0,"start":"2023-07-22T08:48:51.876466+0800","end":"2023-07-22T08:50:03.147343+0800","age":72,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:05.175047+0800","flow_id":1349733794323144,"in_iface":"eth2","event_type":"flow","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44902,"proto":"TCP","flow":{"pkts_toserver":19,"pkts_toclient":0,"bytes_toserver":1406,"bytes_toclient":0,"start":"2023-07-22T08:48:52.117651+0800","end":"2023-07-22T08:50:03.120659+0800","age":71,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:05.175412+0800","flow_id":1338119739940270,"in_iface":"eth2","event_type":"flow","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":47576,"proto":"TCP","flow":{"pkts_toserver":16,"pkts_toclient":0,"bytes_toserver":1184,"bytes_toclient":0,"start":"2023-07-22T08:48:52.508163+0800","end":"2023-07-22T08:50:03.142669+0800","age":71,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:05.175864+0800","flow_id":902460100059633,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":50683,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:50:27.668872+0800","end":"2023-07-22T08:50:27.668872+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:05.385144+0800","flow_id":2037878156113352,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51219,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":3115753002,"tcpack":662341866,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:05.769372+0800","flow_id":108965559981607,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51220,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3891209144,"tcpack":663151706,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:06.162235+0800","flow_id":826691301414380,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46016,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":3919983055,"tcpack":158863950,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:06.204900+0800","flow_id":946358258903471,"in_iface":"eth2","event_type":"flow","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51215,"proto":"TCP","flow":{"pkts_toserver":10,"pkts_toclient":0,"bytes_toserver":620,"bytes_toclient":0,"start":"2023-07-22T08:49:39.679093+0800","end":"2023-07-22T08:49:57.352322+0800","age":18,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:06.205222+0800","flow_id":2024148279962430,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":51681,"dest_ip":"192.168.0.255","dest_port":20002,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":1021,"bytes_toclient":0,"start":"2023-07-22T08:50:31.536819+0800","end":"2023-07-22T08:50:31.536819+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:06.206028+0800","flow_id":744561873137693,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":53738,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":140,"bytes_toclient":0,"start":"2023-07-22T08:50:34.697644+0800","end":"2023-07-22T08:50:34.697644+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:06.206244+0800","flow_id":1871675952279602,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"45.11.104.223","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:50:30.173639+0800","end":"2023-07-22T08:50:30.173639+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:06.206906+0800","flow_id":903820375378227,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":52905,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":211,"bytes_toclient":0,"start":"2023-07-22T08:50:19.013829+0800","end":"2023-07-22T08:50:29.023899+0800","age":10,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:06.264235+0800","flow_id":582950930813841,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37178,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1766814228,"tcpack":3404844620,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:06.353539+0800","flow_id":108965559981607,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51220,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3891209144,"tcpack":663151706,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:06.515402+0800","flow_id":1101265006492717,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37190,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1095832075,"tcpack":3624496723,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:06.648985+0800","flow_id":868701760663178,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55318,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":507003571,"tcpack":2578529475,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:07.164182+0800","flow_id":826691301414380,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46016,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":3919983055,"tcpack":158863950,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:07.233955+0800","flow_id":298284602254041,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5002,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:49:53.790345+0800","end":"2023-07-22T08:50:01.106368+0800","age":8,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:07.234002+0800","flow_id":74099512203883,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":40670,"dest_ip":"172.217.24.106","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:48:56.082788+0800","end":"2023-07-22T08:50:00.822908+0800","age":64,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:07.234715+0800","flow_id":69342159070944,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":45106,"dest_ip":"142.250.204.99","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:48:56.081680+0800","end":"2023-07-22T08:50:00.822907+0800","age":64,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:07.282325+0800","flow_id":856995445518221,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.237.239","src_port":443,"dest_ip":"192.168.0.177","dest_port":40586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":181,"tos":0,"ttl":57,"ipid":39074,"tcpseq":692071303,"tcpack":3282604984,"tcpwin":272,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":true,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:07.307916+0800","flow_id":582950930813841,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37178,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1766814228,"tcpack":3404844620,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:07.558596+0800","flow_id":1101265006492717,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37190,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1095832075,"tcpack":3624496723,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:07.878442+0800","event_type":"stats","stats":{"uptime":200,"capture":{"kernel_packets":4253,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":741143,"poll_signal":0,"poll_timeout":30059,"poll_data":711084,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":4257,"bytes":1832671,"invalid":0,"ipv4":3633,"ipv6":45,"ethernet":4257,"arp":179,"unknown_ethertype":400,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1556,"udp":2073,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":45,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":430,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":518,"synack":998,"rst":13,"active_sessions":32,"sessions":108,"ssn_memcap_drop":0,"ssn_from_cache":24,"ssn_from_pool":84,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9701728,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":578,"active":115,"tcp":219,"udp":338,"icmpv4":2,"icmpv6":19,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":51,"flows_evicted_pkt_inject":51,"flows_evicted":3,"flows_injected":51,"flows_injected_max":1},"end":{"state":{"new":463,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":76,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":27,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":1271,"flows_notimeout":810,"flows_timeout":461,"flows_evicted":461,"flows_evicted_needs_work":51},"spare":10210,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":410,"queue_avg":0,"queue_max":8},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":86,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":98,"nfs_udp":0,"krb5_udp":0,"failed_udp":131},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":43,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":102,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:51:08.261626+0800","flow_id":922650848497169,"in_iface":"eth2","event_type":"flow","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48722,"proto":"TCP","flow":{"pkts_toserver":16,"pkts_toclient":0,"bytes_toserver":1184,"bytes_toclient":0,"start":"2023-07-22T08:48:51.870181+0800","end":"2023-07-22T08:50:03.147450+0800","age":72,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:08.353680+0800","flow_id":108965559981607,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51220,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3891209144,"tcpack":663151706,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:08.439312+0800","flow_id":1458255441584404,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5014,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":460305954,"tcpack":2699910863,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:09.178513+0800","flow_id":826691301414380,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46016,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":3919983055,"tcpack":158863950,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:09.292353+0800","flow_id":1349188034731632,"in_iface":"eth2","event_type":"flow","src_ip":"172.217.27.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":48750,"proto":"TCP","flow":{"pkts_toserver":16,"pkts_toclient":0,"bytes_toserver":1184,"bytes_toclient":0,"start":"2023-07-22T08:48:52.117524+0800","end":"2023-07-22T08:50:03.147344+0800","age":71,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:09.292807+0800","flow_id":632620368437177,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":51405,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":79,"bytes_toclient":0,"start":"2023-07-22T08:50:34.606045+0800","end":"2023-07-22T08:50:34.606045+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:09.293234+0800","flow_id":1782677045749275,"in_iface":"eth1","event_type":"flow","src_ip":"fe80:0000:0000:0000:374b:175a:2f40:bba1","dest_ip":"ff02:0000:0000:0000:0000:0000:0000:0002","proto":"IPv6-ICMP","icmp_type":133,"icmp_code":0,"flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":70,"bytes_toclient":0,"start":"2023-07-22T08:50:38.087381+0800","end":"2023-07-22T08:50:38.087381+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:09.293620+0800","flow_id":127054364387501,"in_iface":"eth2","event_type":"flow","src_ip":"142.251.220.42","src_port":443,"dest_ip":"192.168.0.177","dest_port":56548,"proto":"TCP","flow":{"pkts_toserver":16,"pkts_toclient":0,"bytes_toserver":1184,"bytes_toclient":0,"start":"2023-07-22T08:48:56.357262+0800","end":"2023-07-22T08:50:07.215429+0800","age":71,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:09.294142+0800","flow_id":1374096837292686,"in_iface":"eth2","event_type":"flow","src_ip":"142.251.130.14","src_port":443,"dest_ip":"192.168.0.177","dest_port":41200,"proto":"TCP","flow":{"pkts_toserver":16,"pkts_toclient":0,"bytes_toserver":1184,"bytes_toclient":0,"start":"2023-07-22T08:48:52.057787+0800","end":"2023-07-22T08:50:03.165859+0800","age":71,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:09.377147+0800","flow_id":582950930813841,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37178,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1766814228,"tcpack":3404844620,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:09.461571+0800","flow_id":1419482738870579,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.100","src_port":52905,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":23150,"rrname":"google.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:51:09.640194+0800","flow_id":1101265006492717,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37190,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1095832075,"tcpack":3624496723,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:10.321427+0800","flow_id":725128798585556,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":52237,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":76,"bytes_toclient":0,"start":"2023-07-22T08:50:34.627584+0800","end":"2023-07-22T08:50:34.627584+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:10.321950+0800","flow_id":1567945479931846,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":48834,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":77,"bytes_toclient":0,"start":"2023-07-22T08:50:37.954889+0800","end":"2023-07-22T08:50:37.954889+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:10.322462+0800","flow_id":950341419977161,"in_iface":"eth2","event_type":"flow","src_ip":"142.250.66.110","src_port":443,"dest_ip":"192.168.0.177","dest_port":44898,"proto":"TCP","flow":{"pkts_toserver":16,"pkts_toclient":0,"bytes_toserver":1184,"bytes_toclient":0,"start":"2023-07-22T08:48:51.876628+0800","end":"2023-07-22T08:50:03.153676+0800","age":72,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:10.363141+0800","flow_id":108965559981607,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51220,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3891209144,"tcpack":663151706,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:11.350312+0800","flow_id":719996533402559,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":52237,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":157,"bytes_toclient":0,"start":"2023-07-22T08:50:34.691925+0800","end":"2023-07-22T08:50:34.691925+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:11.350829+0800","flow_id":725124609994052,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":53738,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":76,"bytes_toclient":0,"start":"2023-07-22T08:50:34.627583+0800","end":"2023-07-22T08:50:34.627583+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:11.351187+0800","flow_id":111568049991605,"in_iface":"eth2","event_type":"flow","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45122,"proto":"TCP","flow":{"pkts_toserver":16,"pkts_toclient":0,"bytes_toserver":1184,"bytes_toclient":0,"start":"2023-07-22T08:48:56.353656+0800","end":"2023-07-22T08:50:07.222716+0800","age":71,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:11.351989+0800","flow_id":1318192196612898,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":51216,"dest_ip":"1.13.11.21","dest_port":50443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":434,"bytes_toclient":0,"start":"2023-07-22T08:49:56.634595+0800","end":"2023-07-22T08:50:08.246076+0800","age":12,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:12.357788+0800","flow_id":108965559981607,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51220,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3891209144,"tcpack":663151706,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:12.376977+0800","flow_id":560995445508970,"in_iface":"eth2","event_type":"flow","src_ip":"47.243.51.23","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:50:41.196152+0800","end":"2023-07-22T08:50:41.196152+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:12.377813+0800","flow_id":162815411822615,"in_iface":"eth2","event_type":"flow","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45106,"proto":"TCP","flow":{"pkts_toserver":16,"pkts_toclient":0,"bytes_toserver":1184,"bytes_toclient":0,"start":"2023-07-22T08:48:56.103444+0800","end":"2023-07-22T08:50:07.234451+0800","age":71,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:13.274617+0800","flow_id":826691301414380,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46016,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":3919983055,"tcpack":158863950,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:13.408161+0800","flow_id":111570069957493,"in_iface":"eth2","event_type":"flow","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45116,"proto":"TCP","flow":{"pkts_toserver":16,"pkts_toclient":0,"bytes_toserver":1184,"bytes_toclient":0,"start":"2023-07-22T08:48:56.353656+0800","end":"2023-07-22T08:50:07.206300+0800","age":71,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:13.409238+0800","flow_id":194954826696313,"in_iface":"eth2","event_type":"flow","src_ip":"172.217.24.106","src_port":443,"dest_ip":"192.168.0.177","dest_port":40670,"proto":"TCP","flow":{"pkts_toserver":16,"pkts_toclient":0,"bytes_toserver":1184,"bytes_toclient":0,"start":"2023-07-22T08:48:56.110927+0800","end":"2023-07-22T08:50:07.258296+0800","age":71,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:13.409274+0800","flow_id":2172836587060764,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":41896,"dest_ip":"185.125.188.132","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:50:07.833582+0800","end":"2023-07-22T08:50:11.072672+0800","age":4,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:13.459195+0800","flow_id":582950930813841,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37178,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1766814228,"tcpack":3404844620,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:13.719981+0800","flow_id":1101265006492717,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37190,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":1095832075,"tcpack":3624496723,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:14.358933+0800","flow_id":108965559981607,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51220,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3891209144,"tcpack":663151706,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:14.434888+0800","flow_id":193884489994801,"in_iface":"eth2","event_type":"flow","src_ip":"142.250.204.99","src_port":443,"dest_ip":"192.168.0.177","dest_port":45104,"proto":"TCP","flow":{"pkts_toserver":19,"pkts_toclient":0,"bytes_toserver":1406,"bytes_toclient":0,"start":"2023-07-22T08:48:56.110678+0800","end":"2023-07-22T08:50:07.227970+0800","age":71,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:15.154044+0800","flow_id":856995445518221,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.237.239","src_port":443,"dest_ip":"192.168.0.177","dest_port":40586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":181,"tos":0,"ttl":57,"ipid":39075,"tcpseq":692071303,"tcpack":3282604984,"tcpwin":272,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":true,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:15.463377+0800","flow_id":1727149224326540,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":48834,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":161,"bytes_toclient":0,"start":"2023-07-22T08:50:38.008917+0800","end":"2023-07-22T08:50:38.008917+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:15.464014+0800","flow_id":1260320744832428,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":32800,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":136,"bytes_toclient":0,"start":"2023-07-22T08:50:44.948801+0800","end":"2023-07-22T08:50:44.948801+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:15.887874+0800","event_type":"stats","stats":{"uptime":208,"capture":{"kernel_packets":4313,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":747323,"poll_signal":0,"poll_timeout":31456,"poll_data":715867,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":4321,"bytes":1837622,"invalid":0,"ipv4":3671,"ipv6":45,"ethernet":4321,"arp":185,"unknown_ethertype":420,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1584,"udp":2083,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":45,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":425,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":526,"synack":1017,"rst":13,"active_sessions":28,"sessions":108,"ssn_memcap_drop":0,"ssn_from_cache":24,"ssn_from_pool":84,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9701632,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":588,"active":98,"tcp":219,"udp":348,"icmpv4":2,"icmpv6":19,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":55,"flows_evicted_pkt_inject":55,"flows_evicted":3,"flows_injected":55,"flows_injected_max":1},"end":{"state":{"new":490,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":80,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":28,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":1322,"flows_notimeout":834,"flows_timeout":488,"flows_evicted":488,"flows_evicted_needs_work":55},"spare":10233,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":433,"queue_avg":0,"queue_max":8},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":94,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":99,"nfs_udp":0,"krb5_udp":0,"failed_udp":132},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":47,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":103,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:51:16.377618+0800","flow_id":108965559981607,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51220,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3891209144,"tcpack":663151706,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:16.494612+0800","flow_id":1236702563378050,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":48173,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":218,"bytes_toclient":0,"start":"2023-07-22T08:50:44.943302+0800","end":"2023-07-22T08:50:44.943302+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:16.495409+0800","flow_id":1281443386274425,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":32800,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":136,"bytes_toclient":0,"start":"2023-07-22T08:50:44.953719+0800","end":"2023-07-22T08:50:44.953719+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:17.522566+0800","flow_id":1245865493443721,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":50684,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:50:44.683291+0800","end":"2023-07-22T08:50:44.683291+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:17.523323+0800","flow_id":464347351270420,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"47.243.51.23","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:50:41.173650+0800","end":"2023-07-22T08:50:41.173650+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:18.071748+0800","flow_id":1715534081209168,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":44247,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":48958,"rrname":"incoming.telemetry.mozilla.org","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:51:18.072103+0800","flow_id":1717057195028817,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":46108,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":2301,"rrname":"incoming.telemetry.mozilla.org","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:51:18.120105+0800","flow_id":1923223298507383,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":39581,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":10394,"rrname":"prod.ingestion-edge.prod.dataops.mozgcp.net","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:51:18.145482+0800","flow_id":1750744509440145,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45338,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2380459254,"tcpack":859035198,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:18.403085+0800","flow_id":1731240024006489,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45340,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1882463079,"tcpack":1910857664,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:18.441955+0800","flow_id":108965559981607,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51220,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3891209144,"tcpack":663151706,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:18.453361+0800","flow_id":1750744509440145,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45338,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2380459254,"tcpack":859035198,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:18.457755+0800","flow_id":1966043140742998,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41908,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":1385340544,"tcpack":2505070645,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:18.549638+0800","flow_id":1265730345362474,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.170","dest_port":50684,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":164,"bytes_toclient":0,"start":"2023-07-22T08:50:44.687916+0800","end":"2023-07-22T08:50:44.687916+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:18.550113+0800","flow_id":1269885772622294,"in_iface":"eth2","event_type":"flow","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51216,"proto":"TCP","flow":{"pkts_toserver":10,"pkts_toclient":0,"bytes_toserver":620,"bytes_toclient":0,"start":"2023-07-22T08:49:56.688884+0800","end":"2023-07-22T08:50:12.332286+0800","age":16,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:18.550808+0800","flow_id":223864158811903,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41896,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:50:08.052122+0800","end":"2023-07-22T08:50:15.500562+0800","age":7,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:18.710523+0800","flow_id":1731240024006489,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45340,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1882463079,"tcpack":1910857664,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:18.712630+0800","flow_id":1934823722004447,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.170","src_port":50686,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":1704,"rrname":"devs-pe.tplinkcloud.com.cn","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:51:19.183046+0800","flow_id":1750744509440145,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45338,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2380459254,"tcpack":859035198,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:19.427862+0800","flow_id":1731240024006489,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45340,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1882463079,"tcpack":1910857664,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:19.464625+0800","flow_id":1966043140742998,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41908,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":1385340544,"tcpack":2505070645,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:19.470447+0800","flow_id":1966043140742998,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41908,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":1385340544,"tcpack":2505070645,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:19.578385+0800","flow_id":1335641998430673,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":48173,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":136,"bytes_toclient":0,"start":"2023-07-22T08:50:44.900802+0800","end":"2023-07-22T08:50:44.900802+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:20.607858+0800","flow_id":2234163687988963,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":5006,"dest_ip":"185.125.188.133","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:50:15.126965+0800","end":"2023-07-22T08:50:18.325987+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:21.202792+0800","flow_id":1750744509440145,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45338,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2380459254,"tcpack":859035198,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:21.445832+0800","flow_id":1731240024006489,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45340,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1882463079,"tcpack":1910857664,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:21.481251+0800","flow_id":1966043140742998,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41908,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":1385340544,"tcpack":2505070645,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:21.636378+0800","flow_id":1655909333419697,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":59488,"dest_ip":"34.110.186.80","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:49:49.385546+0800","end":"2023-07-22T08:50:20.790617+0800","age":31,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:21.673748+0800","flow_id":1966043140742998,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41908,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":1385340544,"tcpack":2505070645,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:21.770685+0800","flow_id":495319232425438,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51221,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":1541994968,"tcpack":663961614,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:22.472856+0800","flow_id":108965559981607,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51220,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":3891209144,"tcpack":663151706,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:22.796161+0800","flow_id":495319232425438,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51221,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":1541994968,"tcpack":663961614,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:23.261417+0800","flow_id":1750744509440145,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45338,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2380459254,"tcpack":859035198,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:23.366007+0800","flow_id":495319232425438,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51221,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":1541994968,"tcpack":663961614,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:23.450942+0800","flow_id":1731240024006489,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45340,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1882463079,"tcpack":1910857664,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:23.693101+0800","flow_id":1857747489824067,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":47490,"dest_ip":"192.168.0.255","dest_port":20002,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":1021,"bytes_toclient":0,"start":"2023-07-22T08:50:46.891292+0800","end":"2023-07-22T08:50:46.891292+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:23.693881+0800","flow_id":1424636344049507,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":59484,"dest_ip":"34.110.186.80","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:49:49.135090+0800","end":"2023-07-22T08:50:20.534763+0800","age":31,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:23.898559+0800","event_type":"stats","stats":{"uptime":216,"capture":{"kernel_packets":4381,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":755575,"poll_signal":0,"poll_timeout":32852,"poll_data":722723,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":4385,"bytes":1843063,"invalid":0,"ipv4":3715,"ipv6":45,"ethernet":4385,"arp":188,"unknown_ethertype":437,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1618,"udp":2093,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":45,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":420,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":538,"synack":1038,"rst":13,"active_sessions":29,"sessions":112,"ssn_memcap_drop":0,"ssn_from_cache":28,"ssn_from_pool":84,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9701472,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":606,"active":103,"tcp":227,"udp":358,"icmpv4":2,"icmpv6":19,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":58,"flows_evicted_pkt_inject":58,"flows_evicted":3,"flows_injected":58,"flows_injected_max":1},"end":{"state":{"new":503,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":83,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":29,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":1346,"flows_notimeout":847,"flows_timeout":499,"flows_evicted":499,"flows_evicted_needs_work":56},"spare":10243,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":443,"queue_avg":0,"queue_max":8},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":96,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":103,"nfs_udp":0,"krb5_udp":0,"failed_udp":136},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":48,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":107,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:51:25.322785+0800","flow_id":1750744509440145,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45338,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2380459254,"tcpack":859035198,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:25.370864+0800","flow_id":495319232425438,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51221,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":1541994968,"tcpack":663961614,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:25.575920+0800","flow_id":1731240024006489,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45340,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1882463079,"tcpack":1910857664,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:25.731181+0800","flow_id":1451550880330932,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5018,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":3121307130,"tcpack":4218766096,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:25.896747+0800","flow_id":1966043140742998,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41908,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":1385340544,"tcpack":2505070645,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:26.733284+0800","flow_id":1451550880330932,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5018,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":3121307130,"tcpack":4218766096,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:26.749554+0800","flow_id":1451550880330932,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5018,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":3121307130,"tcpack":4218766096,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:27.381321+0800","flow_id":495319232425438,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51221,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":1541994968,"tcpack":663961614,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:28.753900+0800","flow_id":1451550880330932,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5018,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":3121307130,"tcpack":4218766096,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:28.830545+0800","flow_id":2052231745849949,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5006,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:50:15.346750+0800","end":"2023-07-22T08:50:24.657702+0800","age":9,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:28.831219+0800","flow_id":1503134941597902,"in_iface":"eth2","event_type":"flow","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59484,"proto":"TCP","flow":{"pkts_toserver":12,"pkts_toclient":0,"bytes_toserver":888,"bytes_toclient":0,"start":"2023-07-22T08:49:49.153367+0800","end":"2023-07-22T08:50:26.912254+0800","age":37,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:28.948192+0800","flow_id":1451550880330932,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5018,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":3121307130,"tcpack":4218766096,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:29.339907+0800","flow_id":1750744509440145,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45338,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2380459254,"tcpack":859035198,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:29.381216+0800","flow_id":495319232425438,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51221,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":1541994968,"tcpack":663961614,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:29.593887+0800","flow_id":1731240024006489,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45340,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1882463079,"tcpack":1910857664,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:30.513482+0800","flow_id":856995445518221,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.237.239","src_port":443,"dest_ip":"192.168.0.177","dest_port":40586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":181,"tos":0,"ttl":57,"ipid":39076,"tcpseq":692071303,"tcpack":3282604984,"tcpwin":272,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":true,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:30.887200+0800","flow_id":1027712472882354,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"203.9.150.169","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:50:59.173746+0800","end":"2023-07-22T08:50:59.173746+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:31.380980+0800","flow_id":495319232425438,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51221,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":1541994968,"tcpack":663961614,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:31.907926+0800","event_type":"stats","stats":{"uptime":224,"capture":{"kernel_packets":4422,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":781551,"poll_signal":0,"poll_timeout":33788,"poll_data":747763,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":4426,"bytes":1846138,"invalid":0,"ipv4":3740,"ipv6":45,"ethernet":4426,"arp":192,"unknown_ethertype":449,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1639,"udp":2097,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":45,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":417,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":546,"synack":1051,"rst":13,"active_sessions":30,"sessions":113,"ssn_memcap_drop":0,"ssn_from_cache":29,"ssn_from_pool":84,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9701600,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":612,"active":106,"tcp":229,"udp":362,"icmpv4":2,"icmpv6":19,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":58,"flows_evicted_pkt_inject":58,"flows_evicted":3,"flows_injected":58,"flows_injected_max":1},"end":{"state":{"new":506,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":83,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":30,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":1367,"flows_notimeout":863,"flows_timeout":504,"flows_evicted":504,"flows_evicted_needs_work":58},"spare":10246,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":446,"queue_avg":0,"queue_max":8},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":100,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":103,"nfs_udp":0,"krb5_udp":0,"failed_udp":136},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":50,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":107,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:51:31.913374+0800","flow_id":746254526626943,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"205.189.160.58","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:50:58.173750+0800","end":"2023-07-22T08:50:58.173750+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:31.913916+0800","flow_id":1663449429556848,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":51217,"dest_ip":"146.56.252.164","dest_port":50443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":434,"bytes_toclient":0,"start":"2023-07-22T08:50:13.649446+0800","end":"2023-07-22T08:50:25.260924+0800","age":12,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:31.913905+0800","flow_id":939037619768009,"in_iface":"eth1","event_type":"flow","src_ip":"fe80:0000:0000:0000:9a93:2853:5788:c411","dest_ip":"ff02:0000:0000:0000:0000:0000:0000:0002","proto":"IPv6-ICMP","icmp_type":133,"icmp_code":0,"flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":70,"bytes_toclient":0,"start":"2023-07-22T08:50:59.873996+0800","end":"2023-07-22T08:50:59.873996+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:32.938259+0800","flow_id":1310840161422774,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.122","src_port":37845,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:51:00.829491+0800","end":"2023-07-22T08:51:00.829491+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:32.938928+0800","flow_id":1407314876027207,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.122","dest_port":37845,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":301,"bytes_toclient":0,"start":"2023-07-22T08:51:00.917490+0800","end":"2023-07-22T08:51:00.917490+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:32.939364+0800","flow_id":861632598824465,"in_iface":"eth2","event_type":"flow","src_ip":"203.9.150.169","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:50:59.200614+0800","end":"2023-07-22T08:50:59.200614+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:32.939770+0800","flow_id":1408049770191546,"in_iface":"eth2","event_type":"flow","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51217,"proto":"TCP","flow":{"pkts_toserver":10,"pkts_toclient":0,"bytes_toserver":620,"bytes_toclient":0,"start":"2023-07-22T08:50:13.721053+0800","end":"2023-07-22T08:50:31.403602+0800","age":18,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:32.940190+0800","flow_id":1481622634028862,"in_iface":"eth2","event_type":"flow","src_ip":"34.110.186.80","src_port":443,"dest_ip":"192.168.0.177","dest_port":59488,"proto":"TCP","flow":{"pkts_toserver":12,"pkts_toclient":0,"bytes_toserver":888,"bytes_toclient":0,"start":"2023-07-22T08:49:49.410503+0800","end":"2023-07-22T08:50:27.190223+0800","age":38,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:33.006394+0800","flow_id":1451550880330932,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5018,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":3121307130,"tcpack":4218766096,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:33.219149+0800","flow_id":868701760663178,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55318,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":1773169180,"tcpack":2578529475,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:33.385221+0800","flow_id":495319232425438,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51221,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":1541994968,"tcpack":663961614,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:33.513610+0800","flow_id":1750744509440145,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45338,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":2380459254,"tcpack":859035198,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:33.770186+0800","flow_id":1731240024006489,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45340,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1882463079,"tcpack":1910857664,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:33.969072+0800","flow_id":1308784318281694,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"58.176.194.96","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:00.173653+0800","end":"2023-07-22T08:51:00.173653+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:33.969649+0800","flow_id":578605270566983,"in_iface":"eth2","event_type":"flow","src_ip":"205.189.160.58","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:50:58.200253+0800","end":"2023-07-22T08:50:58.200253+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:34.237431+0800","flow_id":868701760663178,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55318,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":1773169180,"tcpack":2578529475,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:35.404555+0800","flow_id":495319232425438,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51221,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":1541994968,"tcpack":663961614,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:35.726933+0800","flow_id":1996256965101629,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.170","src_port":50687,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":1705,"rrname":"devs-pe.tplinkcloud.com.cn","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:51:36.024971+0800","flow_id":1925991987303350,"in_iface":"eth2","event_type":"flow","src_ip":"45.125.1.20","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:02.186285+0800","end":"2023-07-22T08:51:02.186285+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:36.025602+0800","flow_id":1312162767328244,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.122","src_port":48098,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":98,"bytes_toclient":0,"start":"2023-07-22T08:51:00.829799+0800","end":"2023-07-22T08:51:00.829799+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:36.026086+0800","flow_id":1872126941813622,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"45.125.1.20","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:02.173744+0800","end":"2023-07-22T08:51:02.173744+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:36.026651+0800","flow_id":2086840111422399,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":38850,"dest_ip":"172.217.27.10","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:49:27.682488+0800","end":"2023-07-22T08:50:31.542217+0800","age":64,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:36.249942+0800","flow_id":868701760663178,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55318,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":1773169180,"tcpack":2578529475,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:37.052136+0800","flow_id":464397903290486,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"162.159.200.1","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:05.173662+0800","end":"2023-07-22T08:51:05.173662+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:37.052837+0800","flow_id":182753610392776,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"118.143.17.82","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:04.173622+0800","end":"2023-07-22T08:51:04.173622+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:37.053452+0800","flow_id":1607172624903772,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.170","dest_port":50685,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":164,"bytes_toclient":0,"start":"2023-07-22T08:51:01.701879+0800","end":"2023-07-22T08:51:01.701879+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:37.054233+0800","flow_id":982656867005796,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":55332,"dest_ip":"34.231.233.183","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:50:27.949688+0800","end":"2023-07-22T08:50:30.970338+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:38.088068+0800","flow_id":1402781933733387,"in_iface":"eth2","event_type":"flow","src_ip":"58.176.194.96","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:00.195538+0800","end":"2023-07-22T08:51:00.195538+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:38.088620+0800","flow_id":317869850855315,"in_iface":"eth2","event_type":"flow","src_ip":"162.159.200.1","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:05.205081+0800","end":"2023-07-22T08:51:05.205081+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:38.089257+0800","flow_id":1026905326522712,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"17.253.84.253","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:07.173559+0800","end":"2023-07-22T08:51:07.173559+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:38.089677+0800","flow_id":1407318989181346,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.122","dest_port":48098,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":301,"bytes_toclient":0,"start":"2023-07-22T08:51:00.917490+0800","end":"2023-07-22T08:51:00.917490+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:38.781000+0800","flow_id":821096777727328,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51222,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":323736269,"tcpack":664771590,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:39.119073+0800","flow_id":1915379873852704,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":41900,"dest_ip":"185.125.188.132","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:50:30.380423+0800","end":"2023-07-22T08:50:33.472673+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:39.119214+0800","flow_id":1880846134132060,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":49516,"dest_ip":"192.168.0.255","dest_port":20002,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":1021,"bytes_toclient":0,"start":"2023-07-22T08:51:02.241310+0800","end":"2023-07-22T08:51:02.241310+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:39.197501+0800","flow_id":826691301414380,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46016,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":2843768669,"tcpack":158863950,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:39.297794+0800","flow_id":582950930813841,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37178,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":3012910168,"tcpack":3404844620,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:39.298114+0800","flow_id":1101265006492717,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37190,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":125621531,"tcpack":3624496723,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:39.436608+0800","flow_id":495319232425438,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51221,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":1541994968,"tcpack":663961614,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:39.819522+0800","flow_id":821096777727328,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51222,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":323736269,"tcpack":664771590,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:39.913911+0800","event_type":"stats","stats":{"uptime":232,"capture":{"kernel_packets":4466,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":785975,"poll_signal":0,"poll_timeout":35200,"poll_data":750775,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":4470,"bytes":1849744,"invalid":0,"ipv4":3763,"ipv6":45,"ethernet":4470,"arp":194,"unknown_ethertype":468,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1656,"udp":2103,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":45,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":413,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":552,"synack":1061,"rst":13,"active_sessions":28,"sessions":114,"ssn_memcap_drop":0,"ssn_from_cache":29,"ssn_from_pool":85,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9701440,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":619,"active":90,"tcp":230,"udp":368,"icmpv4":2,"icmpv6":19,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":61,"flows_evicted_pkt_inject":61,"flows_evicted":3,"flows_injected":61,"flows_injected_max":1},"end":{"state":{"new":529,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":86,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":31,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":1408,"flows_notimeout":881,"flows_timeout":527,"flows_evicted":527,"flows_evicted_needs_work":61},"spare":10266,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":466,"queue_avg":0,"queue_max":8},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":104,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":104,"nfs_udp":0,"krb5_udp":0,"failed_udp":137},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":52,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":108,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:51:40.039049+0800","flow_id":1547136435285823,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":443,"dest_ip":"192.168.0.122","dest_port":58490,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":2480414618,"tcpack":520908158,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:40.054882+0800","flow_id":1647397994192407,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":80,"dest_ip":"192.168.0.122","dest_port":42314,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":57748291,"tcpack":2889355390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:40.121827+0800","flow_id":41031871480689,"in_iface":"eth2","event_type":"flow","src_ip":"118.143.17.82","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:04.206161+0800","end":"2023-07-22T08:51:04.206161+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:40.122019+0800","flow_id":1589604783277779,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":50685,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:51:01.697788+0800","end":"2023-07-22T08:51:01.697788+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:40.146582+0800","flow_id":1141859199602750,"in_iface":"eth2","event_type":"flow","src_ip":"162.159.200.123","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:08.200323+0800","end":"2023-07-22T08:51:08.200323+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:40.147077+0800","flow_id":1107675017830064,"in_iface":"eth2","event_type":"flow","src_ip":"17.253.84.253","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:07.192364+0800","end":"2023-07-22T08:51:07.192364+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:40.217215+0800","flow_id":826691301414380,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46016,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":2843768669,"tcpack":158863950,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:40.239391+0800","flow_id":1547136435285823,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":443,"dest_ip":"192.168.0.122","dest_port":58490,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":2480414618,"tcpack":520908158,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:40.258770+0800","flow_id":1647397994192407,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":80,"dest_ip":"192.168.0.122","dest_port":42314,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":57748291,"tcpack":2889355390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:40.326651+0800","flow_id":1101265006492717,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37190,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":125621531,"tcpack":3624496723,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:40.343719+0800","flow_id":582950930813841,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37178,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":3012910168,"tcpack":3404844620,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:40.386865+0800","flow_id":821096777727328,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51222,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":323736269,"tcpack":664771590,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:40.441864+0800","flow_id":868701760663178,"in_iface":"eth2","event_type":"drop","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55318,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":229,"ipid":0,"tcpseq":1773169180,"tcpack":2578529475,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:40.453262+0800","flow_id":1547136435285823,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":443,"dest_ip":"192.168.0.122","dest_port":58490,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":2480414618,"tcpack":520908158,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:40.466663+0800","flow_id":1647397994192407,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":80,"dest_ip":"192.168.0.122","dest_port":42314,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":57748291,"tcpack":2889355390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:40.654161+0800","flow_id":1547136435285823,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":443,"dest_ip":"192.168.0.122","dest_port":58490,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":2480414618,"tcpack":520908158,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:40.676810+0800","flow_id":1647397994192407,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":80,"dest_ip":"192.168.0.122","dest_port":42314,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":36,"ipid":0,"tcpseq":57748291,"tcpack":2889355390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:41.063251+0800","flow_id":1547136435285823,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":443,"dest_ip":"192.168.0.122","dest_port":58490,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":2480414618,"tcpack":520908158,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:41.082298+0800","flow_id":1647397994192407,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":80,"dest_ip":"192.168.0.122","dest_port":42314,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":57748291,"tcpack":2889355390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:41.175295+0800","flow_id":1619355892649053,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":35818,"dest_ip":"125.64.3.135","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":74,"bytes_toclient":0,"start":"2023-07-22T08:50:37.573643+0800","end":"2023-07-22T08:50:37.573643+0800","age":0,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:41.836043+0800","flow_id":1620453121529643,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":443,"dest_ip":"192.168.0.122","dest_port":37900,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":772087672,"tcpack":1447924325,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:41.836536+0800","flow_id":1622573538848590,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.122","dest_port":40586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2642364026,"tcpack":2949673831,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:41.904994+0800","flow_id":1647397994192407,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":80,"dest_ip":"192.168.0.122","dest_port":42314,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":57748291,"tcpack":2889355390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:41.910504+0800","flow_id":1547136435285823,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":443,"dest_ip":"192.168.0.122","dest_port":58490,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":2480414618,"tcpack":520908158,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:41.978497+0800","flow_id":1547136435285823,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":443,"dest_ip":"192.168.0.122","dest_port":58490,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":2480414618,"tcpack":520908158,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:42.007007+0800","flow_id":1647397994192407,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":80,"dest_ip":"192.168.0.122","dest_port":42314,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":57748291,"tcpack":2889355390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:42.200281+0800","flow_id":2176554965214439,"in_iface":"eth2","event_type":"flow","src_ip":"172.217.27.10","src_port":443,"dest_ip":"192.168.0.177","dest_port":38850,"proto":"TCP","flow":{"pkts_toserver":16,"pkts_toclient":0,"bytes_toserver":1184,"bytes_toclient":0,"start":"2023-07-22T08:49:27.703376+0800","end":"2023-07-22T08:50:37.961846+0800","age":70,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:42.201016+0800","flow_id":1397986505601020,"in_iface":"eth2","event_type":"flow","src_ip":"34.231.233.183","src_port":443,"dest_ip":"192.168.0.177","dest_port":55332,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:50:28.194422+0800","end":"2023-07-22T08:50:37.466476+0800","age":9,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:42.201167+0800","flow_id":147802942090115,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":51524,"dest_ip":"52.22.124.11","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:50:32.951917+0800","end":"2023-07-22T08:50:35.990268+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:42.201022+0800","flow_id":1381371228005974,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":37780,"dest_ip":"94.74.90.89","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":2,"pkts_toclient":0,"bytes_toserver":148,"bytes_toclient":0,"start":"2023-07-22T08:50:36.387161+0800","end":"2023-07-22T08:50:40.390124+0800","age":4,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:42.234140+0800","flow_id":826691301414380,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46016,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":2843768669,"tcpack":158863950,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:42.340761+0800","flow_id":1101265006492717,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37190,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":125621531,"tcpack":3624496723,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:42.382256+0800","flow_id":821096777727328,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51222,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":323736269,"tcpack":664771590,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:42.424553+0800","flow_id":582950930813841,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37178,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":3012910168,"tcpack":3404844620,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:42.829452+0800","flow_id":1620453121529643,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":443,"dest_ip":"192.168.0.122","dest_port":37900,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":772087672,"tcpack":1447924325,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:42.829814+0800","flow_id":1622573538848590,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.122","dest_port":40586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2642364026,"tcpack":2949673831,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:42.988109+0800","flow_id":1710623197205575,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41912,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":730218648,"tcpack":3574623148,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:43.189192+0800","flow_id":2219949525434524,"in_iface":"eth2","event_type":"drop","src_ip":"192.168.0.1","src_port":853,"dest_ip":"192.168.0.122","dest_port":58332,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":40,"tos":0,"ttl":64,"ipid":0,"tcpseq":0,"tcpack":3217478197,"tcpwin":0,"syn":false,"ack":true,"psh":false,"rst":true,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream error"}}
{"timestamp":"2023-07-22T08:51:43.228146+0800","flow_id":1684663964483586,"in_iface":"eth2","event_type":"flow","src_ip":"125.64.3.135","src_port":443,"dest_ip":"192.168.0.120","dest_port":35818,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:50:37.654385+0800","end":"2023-07-22T08:50:39.490092+0800","age":2,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:43.228761+0800","flow_id":1419482738870579,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.100","src_port":52905,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":70,"bytes_toclient":0,"start":"2023-07-22T08:51:09.461571+0800","end":"2023-07-22T08:51:09.461571+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:43.229093+0800","flow_id":1620429575702435,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":58444,"dest_ip":"27.185.201.152","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":74,"bytes_toclient":0,"start":"2023-07-22T08:50:37.573893+0800","end":"2023-07-22T08:50:37.573893+0800","age":0,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:43.229221+0800","flow_id":1308859469941992,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"162.159.200.123","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:08.173670+0800","end":"2023-07-22T08:51:08.173670+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:43.229715+0800","flow_id":2001743231341268,"in_iface":"eth2","event_type":"flow","src_ip":"209.58.185.100","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:11.203923+0800","end":"2023-07-22T08:51:11.203923+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:43.230796+0800","flow_id":1976565552272597,"in_iface":"eth2","event_type":"flow","src_ip":"157.119.101.135","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:11.198061+0800","end":"2023-07-22T08:51:11.198061+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:43.231404+0800","flow_id":753626133976445,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":46020,"dest_ip":"13.250.129.249","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:50:34.896363+0800","end":"2023-07-22T08:50:37.942338+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:43.841197+0800","flow_id":1622573538848590,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.122","dest_port":40586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2642364026,"tcpack":2949673831,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:44.005732+0800","flow_id":1710623197205575,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41912,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":730218648,"tcpack":3574623148,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:44.016892+0800","flow_id":1547136435285823,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":443,"dest_ip":"192.168.0.122","dest_port":58490,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":2480414618,"tcpack":520908158,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:44.051078+0800","flow_id":1647397994192407,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":80,"dest_ip":"192.168.0.122","dest_port":42314,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":57748291,"tcpack":2889355390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:44.184980+0800","flow_id":1620453121529643,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":443,"dest_ip":"192.168.0.122","dest_port":37900,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":772087672,"tcpack":1447924325,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:44.255338+0800","flow_id":1417033897438064,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":5010,"dest_ip":"185.125.188.133","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:50:37.526536+0800","end":"2023-07-22T08:50:40.726041+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:44.255483+0800","flow_id":1541086710757797,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.100","dest_port":52905,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:51:09.489884+0800","end":"2023-07-22T08:51:09.489884+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:44.388844+0800","flow_id":821096777727328,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51222,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":323736269,"tcpack":664771590,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:44.860972+0800","flow_id":1622573538848590,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.122","dest_port":40586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2642364026,"tcpack":2949673831,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:44.861215+0800","flow_id":1620453121529643,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":443,"dest_ip":"192.168.0.122","dest_port":37900,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":772087672,"tcpack":1447924325,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:45.037409+0800","flow_id":1710623197205575,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41912,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":730218648,"tcpack":3574623148,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:45.279461+0800","flow_id":1392348876209388,"in_iface":"eth2","event_type":"flow","src_ip":"94.74.90.89","src_port":443,"dest_ip":"192.168.0.120","dest_port":49890,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:50:36.455253+0800","end":"2023-07-22T08:50:44.446314+0800","age":8,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:45.279952+0800","flow_id":2153325624197553,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"209.58.185.100","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:11.173680+0800","end":"2023-07-22T08:51:11.173680+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:45.280656+0800","flow_id":1764273470278950,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41900,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:50:30.607384+0800","end":"2023-07-22T08:50:39.824483+0800","age":9,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:45.281050+0800","flow_id":1686247874400345,"in_iface":"eth2","event_type":"flow","src_ip":"27.185.201.152","src_port":80,"dest_ip":"192.168.0.120","dest_port":58444,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:50:37.654754+0800","end":"2023-07-22T08:50:39.495327+0800","age":2,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:46.162746+0800","flow_id":698991525023017,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.120","src_port":4411,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":56844,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:51:46.163341+0800","flow_id":701545473097817,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.120","src_port":64723,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":4021,"rrname":"connectivitycheck.platform.hicloud.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:51:46.228049+0800","flow_id":1710623197205575,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41912,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":730218648,"tcpack":3574623148,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:46.297296+0800","flow_id":826691301414380,"in_iface":"eth2","event_type":"drop","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46016,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":238,"ipid":0,"tcpseq":2843768669,"tcpack":158863950,"tcpwin":26847,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:46.306291+0800","flow_id":2153322959970563,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"157.119.101.135","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:11.173679+0800","end":"2023-07-22T08:51:11.173679+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:46.306564+0800","flow_id":1443096625062455,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5010,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:50:37.729213+0800","end":"2023-07-22T08:50:45.132770+0800","age":8,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:46.307100+0800","flow_id":1725451592443614,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":51218,"dest_ip":"1.13.11.21","dest_port":50443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":434,"bytes_toclient":0,"start":"2023-07-22T08:50:30.663882+0800","end":"2023-07-22T08:50:42.275610+0800","age":12,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:46.307156+0800","flow_id":302835402847523,"in_iface":"eth2","event_type":"flow","src_ip":"52.22.124.11","src_port":443,"dest_ip":"192.168.0.177","dest_port":51524,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:50:33.201581+0800","end":"2023-07-22T08:50:42.424137+0800","age":9,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:46.370579+0800","flow_id":1101265006492717,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37190,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":125621531,"tcpack":3624496723,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:46.390758+0800","flow_id":821096777727328,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51222,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":323736269,"tcpack":664771590,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:46.401730+0800","flow_id":599518166685813,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":36306,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2811380237,"tcpack":573816759,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:46.395167+0800","flow_id":571330694600468,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":41304,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":3162578752,"tcpack":3207562450,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:46.514479+0800","flow_id":582950930813841,"in_iface":"eth2","event_type":"drop","src_ip":"13.224.2.108","src_port":443,"dest_ip":"192.168.0.177","dest_port":37178,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":242,"ipid":0,"tcpseq":3012910168,"tcpack":3404844620,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:46.595897+0800","flow_id":571330694600468,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":41304,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":3162578752,"tcpack":3207562450,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:46.608619+0800","flow_id":599518166685813,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":36306,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2811380237,"tcpack":573816759,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:46.803381+0800","flow_id":571330694600468,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":41304,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":3162578752,"tcpack":3207562450,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:46.816366+0800","flow_id":599518166685813,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":36306,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2811380237,"tcpack":573816759,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:46.854648+0800","flow_id":1622573538848590,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.122","dest_port":40586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2642364026,"tcpack":2949673831,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:46.855055+0800","flow_id":1620453121529643,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":443,"dest_ip":"192.168.0.122","dest_port":37900,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":772087672,"tcpack":1447924325,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:47.010329+0800","flow_id":571330694600468,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":41304,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":3162578752,"tcpack":3207562450,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:47.023064+0800","flow_id":599518166685813,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":36306,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2811380237,"tcpack":573816759,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:47.334133+0800","flow_id":1383277500745350,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.120","src_port":49890,"dest_ip":"94.74.90.89","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":2,"pkts_toclient":0,"bytes_toserver":148,"bytes_toclient":0,"start":"2023-07-22T08:50:36.387605+0800","end":"2023-07-22T08:50:40.389829+0800","age":4,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:47.419612+0800","flow_id":571330694600468,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":41304,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":3162578752,"tcpack":3207562450,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:47.423579+0800","flow_id":571330694600468,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":41304,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":3162578752,"tcpack":3207562450,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:47.432108+0800","flow_id":599518166685813,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":36306,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2811380237,"tcpack":573816759,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:47.437193+0800","flow_id":599518166685813,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":36306,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2811380237,"tcpack":573816759,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:47.920989+0800","event_type":"stats","stats":{"uptime":240,"capture":{"kernel_packets":4582,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":811718,"poll_signal":0,"poll_timeout":36578,"poll_data":775140,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":4589,"bytes":1858932,"invalid":0,"ipv4":3858,"ipv6":45,"ethernet":4589,"arp":201,"unknown_ethertype":485,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1747,"udp":2107,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":45,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":405,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":581,"synack":1122,"rst":14,"active_sessions":25,"sessions":120,"ssn_memcap_drop":0,"ssn_from_cache":34,"ssn_from_pool":86,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9701696,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":636,"active":85,"tcp":243,"udp":372,"icmpv4":2,"icmpv6":19,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":70,"flows_evicted_pkt_inject":70,"flows_evicted":3,"flows_injected":70,"flows_injected_max":1},"end":{"state":{"new":551,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":95,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":32,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":1448,"flows_notimeout":901,"flows_timeout":547,"flows_evicted":547,"flows_evicted_needs_work":68},"spare":10279,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":479,"queue_avg":0,"queue_max":8},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":104,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":106,"nfs_udp":0,"krb5_udp":0,"failed_udp":139},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":52,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":110,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:51:48.144921+0800","flow_id":1647397994192407,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.135","src_port":80,"dest_ip":"192.168.0.122","dest_port":42314,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":57748291,"tcpack":2889355390,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:48.155730+0800","flow_id":1547136435285823,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":443,"dest_ip":"192.168.0.122","dest_port":58490,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":36,"ipid":0,"tcpseq":2480414618,"tcpack":520908158,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:48.237309+0800","flow_id":1710623197205575,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41912,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":730218648,"tcpack":3574623148,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:48.384904+0800","flow_id":821096777727328,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51222,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":323736269,"tcpack":664771590,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:48.898351+0800","flow_id":1622573538848590,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.122","dest_port":40586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2642364026,"tcpack":2949673831,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:49.158803+0800","flow_id":1526480035845891,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.120","src_port":19323,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":56682,"rrname":"connectivitycheck.cbg-app.huawei.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:51:49.158803+0800","flow_id":1526479663367539,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.120","src_port":4703,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":44636,"rrname":"connectivitycheck.cbg-app.huawei.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:51:49.187190+0800","flow_id":1620453121529643,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":443,"dest_ip":"192.168.0.122","dest_port":37900,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":772087672,"tcpack":1447924325,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:49.248643+0800","flow_id":1630864489372632,"in_iface":"eth2","event_type":"drop","src_ip":"121.36.117.98","src_port":80,"dest_ip":"192.168.0.120","dest_port":37406,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":41,"ipid":0,"tcpseq":3030632440,"tcpack":812202683,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:49.275739+0800","flow_id":1465767367040542,"in_iface":"eth2","event_type":"drop","src_ip":"49.4.45.202","src_port":443,"dest_ip":"192.168.0.120","dest_port":38196,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":39,"ipid":0,"tcpseq":2657603506,"tcpack":3595807456,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:49.393688+0800","flow_id":740022580030684,"in_iface":"eth2","event_type":"flow","src_ip":"13.250.129.249","src_port":443,"dest_ip":"192.168.0.177","dest_port":46020,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:50:34.958731+0800","end":"2023-07-22T08:50:44.094708+0800","age":10,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:49.393777+0800","flow_id":2171885679880507,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":36198,"dest_ip":"52.74.242.21","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:50:39.898897+0800","end":"2023-07-22T08:50:42.937917+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:49.425763+0800","flow_id":571330694600468,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":41304,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":35,"ipid":0,"tcpseq":3162578752,"tcpack":3207562450,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:49.442412+0800","flow_id":599518166685813,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":36306,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2811380237,"tcpack":573816759,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:49.649155+0800","flow_id":1750744509440145,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45338,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1945322588,"tcpack":859035198,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:49.892473+0800","flow_id":1731240024006489,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45340,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":5934004,"tcpack":1910857664,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:49.948607+0800","flow_id":1750744509440145,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45338,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1945322588,"tcpack":859035198,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:50.192600+0800","flow_id":1731240024006489,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45340,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":5934004,"tcpack":1910857664,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:50.257957+0800","flow_id":1630864489372632,"in_iface":"eth2","event_type":"drop","src_ip":"121.36.117.98","src_port":80,"dest_ip":"192.168.0.120","dest_port":37406,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":41,"ipid":0,"tcpseq":3030632440,"tcpack":812202683,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:50.272193+0800","flow_id":1732010161339554,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5022,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":1934049491,"tcpack":1277741443,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:50.275461+0800","flow_id":1630864489372632,"in_iface":"eth2","event_type":"drop","src_ip":"121.36.117.98","src_port":80,"dest_ip":"192.168.0.120","dest_port":37406,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":41,"ipid":0,"tcpseq":3030632440,"tcpack":812202683,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:50.285814+0800","flow_id":1465767367040542,"in_iface":"eth2","event_type":"drop","src_ip":"49.4.45.202","src_port":443,"dest_ip":"192.168.0.120","dest_port":38196,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":39,"ipid":0,"tcpseq":2657603506,"tcpack":3595807456,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:50.390444+0800","flow_id":821096777727328,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51222,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":323736269,"tcpack":664771590,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:50.421018+0800","flow_id":1393275910958882,"in_iface":"eth2","event_type":"flow","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.120","dest_port":37780,"proto":"TCP","flow":{"pkts_toserver":5,"pkts_toclient":0,"bytes_toserver":370,"bytes_toclient":0,"start":"2023-07-22T08:50:36.455469+0800","end":"2023-07-22T08:50:44.509177+0800","age":8,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:50.421413+0800","flow_id":1934823722004447,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":50686,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:51:18.712630+0800","end":"2023-07-22T08:51:18.712630+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:50.421862+0800","flow_id":1717057195028817,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":46108,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:18.072103+0800","end":"2023-07-22T08:51:18.072103+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:50.936065+0800","flow_id":1622573538848590,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.122","dest_port":40586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2642364026,"tcpack":2949673831,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:50.936378+0800","flow_id":1620453121529643,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":443,"dest_ip":"192.168.0.122","dest_port":37900,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":772087672,"tcpack":1447924325,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:51.278807+0800","flow_id":1732010161339554,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5022,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":1934049491,"tcpack":1277741443,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:51.278808+0800","flow_id":1732010161339554,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5022,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":1934049491,"tcpack":1277741443,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:51.293001+0800","flow_id":1465767367040542,"in_iface":"eth2","event_type":"drop","src_ip":"49.4.45.202","src_port":443,"dest_ip":"192.168.0.120","dest_port":38196,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":39,"ipid":0,"tcpseq":2657603506,"tcpack":3595807456,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:51.446033+0800","flow_id":571330694600468,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":41304,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":3162578752,"tcpack":3207562450,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:51.461353+0800","flow_id":438765623793537,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":54166,"dest_ip":"142.250.207.78","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:49:45.757518+0800","end":"2023-07-22T08:50:49.973950+0800","age":64,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:51.461705+0800","flow_id":1727790442968360,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.170","dest_port":50686,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":164,"bytes_toclient":0,"start":"2023-07-22T08:51:18.729962+0800","end":"2023-07-22T08:51:18.729962+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:51.468384+0800","flow_id":599518166685813,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":36306,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2811380237,"tcpack":573816759,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:51.965105+0800","flow_id":1750744509440145,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45338,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1945322588,"tcpack":859035198,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:52.257275+0800","flow_id":1731240024006489,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45340,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":5934004,"tcpack":1910857664,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:52.269840+0800","flow_id":1710623197205575,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41912,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":49,"ipid":0,"tcpseq":730218648,"tcpack":3574623148,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:52.303712+0800","flow_id":1630864489372632,"in_iface":"eth2","event_type":"drop","src_ip":"121.36.117.98","src_port":80,"dest_ip":"192.168.0.120","dest_port":37406,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":41,"ipid":0,"tcpseq":3030632440,"tcpack":812202683,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:52.316275+0800","flow_id":1465767367040542,"in_iface":"eth2","event_type":"drop","src_ip":"49.4.45.202","src_port":443,"dest_ip":"192.168.0.120","dest_port":38196,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":39,"ipid":0,"tcpseq":2657603506,"tcpack":3595807456,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:52.427465+0800","flow_id":821096777727328,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51222,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":323736269,"tcpack":664771590,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:52.489240+0800","flow_id":1942114698886875,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":39581,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":103,"bytes_toclient":0,"start":"2023-07-22T08:51:18.124503+0800","end":"2023-07-22T08:51:18.124503+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:52.491191+0800","flow_id":139325053837992,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":46004,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":50543,"rrname":"push.services.mozilla.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:51:52.491564+0800","flow_id":140927140910524,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":54852,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":3714,"rrname":"push.services.mozilla.com","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:51:52.602502+0800","flow_id":54452111014913,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":50481,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":51919,"rrname":"autopush.prod.mozaws.net","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:51:52.618793+0800","flow_id":124425102161270,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.177","src_port":35053,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":943,"rrname":"autopush.prod.mozaws.net","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:51:52.650467+0800","flow_id":260462486659709,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":45058,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1347269371,"tcpack":713768312,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:52.741743+0800","flow_id":89540196956872,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.170","src_port":50688,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":1706,"rrname":"devs-pe.tplinkcloud.com.cn","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:51:52.896940+0800","flow_id":193156069232336,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":45066,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":901147621,"tcpack":198160116,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:52.955980+0800","flow_id":260462486659709,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":45058,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1347269371,"tcpack":713768312,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:53.198923+0800","flow_id":193156069232336,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":45066,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":901147621,"tcpack":198160116,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:53.292841+0800","flow_id":1732010161339554,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5022,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":1934049491,"tcpack":1277741443,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:53.470868+0800","flow_id":1732010161339554,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5022,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":1934049491,"tcpack":1277741443,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:53.521092+0800","flow_id":1715534081209168,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":44247,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:18.071748+0800","end":"2023-07-22T08:51:18.071748+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:53.667399+0800","flow_id":260462486659709,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":45058,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1347269371,"tcpack":713768312,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:53.925263+0800","flow_id":193156069232336,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":45066,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":901147621,"tcpack":198160116,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:54.322595+0800","flow_id":1630864489372632,"in_iface":"eth2","event_type":"drop","src_ip":"121.36.117.98","src_port":80,"dest_ip":"192.168.0.120","dest_port":37406,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":41,"ipid":0,"tcpseq":3030632440,"tcpack":812202683,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:54.334703+0800","flow_id":1465767367040542,"in_iface":"eth2","event_type":"drop","src_ip":"49.4.45.202","src_port":443,"dest_ip":"192.168.0.120","dest_port":38196,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":39,"ipid":0,"tcpseq":2657603506,"tcpack":3595807456,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:54.546118+0800","flow_id":1912544542577259,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":46108,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":296,"bytes_toclient":0,"start":"2023-07-22T08:51:18.117618+0800","end":"2023-07-22T08:51:18.117618+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:54.547148+0800","flow_id":596824909012909,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":54172,"dest_ip":"142.250.207.78","dest_port":443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":518,"bytes_toclient":0,"start":"2023-07-22T08:49:46.007887+0800","end":"2023-07-22T08:50:49.973950+0800","age":63,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:51:54.799799+0800","flow_id":620361258430783,"in_iface":"eth2","event_type":"drop","src_ip":"203.205.254.125","src_port":443,"dest_ip":"192.168.0.120","dest_port":37790,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":209,"tos":104,"ttl":54,"ipid":6874,"tcpseq":2361333913,"tcpack":54125386,"tcpwin":161,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:54.978368+0800","flow_id":1622573538848590,"in_iface":"eth2","event_type":"drop","src_ip":"94.74.90.89","src_port":80,"dest_ip":"192.168.0.122","dest_port":40586,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":52,"ipid":0,"tcpseq":2642364026,"tcpack":2949673831,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:55.185422+0800","flow_id":1620453121529643,"in_iface":"eth2","event_type":"drop","src_ip":"159.138.85.194","src_port":443,"dest_ip":"192.168.0.122","dest_port":37900,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":52,"tos":0,"ttl":45,"ipid":0,"tcpseq":772087672,"tcpack":1447924325,"tcpwin":29200,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:55.539596+0800","flow_id":599518166685813,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.120","dest_port":36306,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2811380237,"tcpack":573816759,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:55.543452+0800","flow_id":571330694600468,"in_iface":"eth2","event_type":"drop","src_ip":"125.64.3.134","src_port":80,"dest_ip":"192.168.0.120","dest_port":41304,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":37,"ipid":0,"tcpseq":3162578752,"tcpack":3207562450,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:55.575953+0800","flow_id":2118420715791681,"in_iface":"eth2","event_type":"flow","src_ip":"52.74.242.21","src_port":443,"dest_ip":"192.168.0.177","dest_port":36198,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:50:39.951985+0800","end":"2023-07-22T08:50:47.184875+0800","age":8,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:55.576788+0800","flow_id":1841215407520218,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.177","dest_port":44247,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:51:18.101011+0800","end":"2023-07-22T08:51:18.101011+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:55.577302+0800","flow_id":1923223298507383,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.177","src_port":39581,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":103,"bytes_toclient":0,"start":"2023-07-22T08:51:18.120105+0800","end":"2023-07-22T08:51:18.120105+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:55.682884+0800","flow_id":260462486659709,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":45058,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1347269371,"tcpack":713768312,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:55.700152+0800","flow_id":260462486659709,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":45058,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1347269371,"tcpack":713768312,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:55.793785+0800","flow_id":876009007334561,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51223,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1800289332,"tcpack":665581634,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:55.930680+0800","event_type":"stats","stats":{"uptime":248,"capture":{"kernel_packets":4677,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":828990,"poll_signal":0,"poll_timeout":37485,"poll_data":791505,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":4685,"bytes":1866604,"invalid":0,"ipv4":3937,"ipv6":45,"ethernet":4685,"arp":205,"unknown_ethertype":498,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1810,"udp":2123,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":45,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":398,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":605,"synack":1161,"rst":14,"active_sessions":28,"sessions":125,"ssn_memcap_drop":0,"ssn_from_cache":39,"ssn_from_pool":86,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9701984,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":662,"active":95,"tcp":253,"udp":388,"icmpv4":2,"icmpv6":19,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":72,"flows_evicted_pkt_inject":72,"flows_evicted":3,"flows_injected":72,"flows_injected_max":1},"end":{"state":{"new":567,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":97,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":33,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":1496,"flows_notimeout":931,"flows_timeout":565,"flows_evicted":565,"flows_evicted_needs_work":72},"spare":10293,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":493,"queue_avg":0,"queue_max":8},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":106,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":113,"nfs_udp":0,"krb5_udp":0,"failed_udp":146},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":53,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":117,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:51:55.950459+0800","flow_id":193156069232336,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":45066,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":901147621,"tcpack":198160116,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:55.962346+0800","flow_id":193156069232336,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":45066,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":901147621,"tcpack":198160116,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:55.996124+0800","flow_id":1750744509440145,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45338,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1945322588,"tcpack":859035198,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:56.288700+0800","flow_id":1731240024006489,"in_iface":"eth2","event_type":"drop","src_ip":"34.120.208.123","src_port":443,"dest_ip":"192.168.0.177","dest_port":45340,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":5934004,"tcpack":1910857664,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:56.338410+0800","flow_id":1630864489372632,"in_iface":"eth2","event_type":"drop","src_ip":"121.36.117.98","src_port":80,"dest_ip":"192.168.0.120","dest_port":37406,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":41,"ipid":0,"tcpseq":3030632440,"tcpack":812202683,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:56.349479+0800","flow_id":1465767367040542,"in_iface":"eth2","event_type":"drop","src_ip":"49.4.45.202","src_port":443,"dest_ip":"192.168.0.120","dest_port":38196,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":39,"ipid":0,"tcpseq":2657603506,"tcpack":3595807456,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:56.458417+0800","flow_id":821096777727328,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51222,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":323736269,"tcpack":664771590,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:56.602316+0800","flow_id":1717558841379171,"in_iface":"eth2","event_type":"flow","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51218,"proto":"TCP","flow":{"pkts_toserver":10,"pkts_toclient":0,"bytes_toserver":620,"bytes_toclient":0,"start":"2023-07-22T08:50:30.727580+0800","end":"2023-07-22T08:50:48.383877+0800","age":18,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:56.603042+0800","flow_id":1590510879774251,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"223.255.185.3","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:25.173711+0800","end":"2023-07-22T08:51:25.173711+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:56.603495+0800","flow_id":464395792554133,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"119.28.230.190","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:21.173661+0800","end":"2023-07-22T08:51:21.173661+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:56.844554+0800","flow_id":876009007334561,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51223,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1800289332,"tcpack":665581634,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:57.097551+0800","flow_id":1544879807271804,"in_iface":"eth2","event_type":"drop","src_ip":"218.12.76.158","src_port":80,"dest_ip":"192.168.0.122","dest_port":44338,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":44,"ipid":0,"tcpseq":1902281446,"tcpack":421031897,"tcpwin":26960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:57.104067+0800","flow_id":1572867919914056,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.122","dest_port":56372,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2372652403,"tcpack":4009297641,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:51:57.298112+0800","flow_id":1544879807271804,"in_iface":"eth2","event_type":"drop","src_ip":"218.12.76.158","src_port":80,"dest_ip":"192.168.0.122","dest_port":44338,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":44,"ipid":0,"tcpseq":1902281446,"tcpack":421031897,"tcpwin":26960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:57.308837+0800","flow_id":1572867919914056,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.122","dest_port":56372,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2372652403,"tcpack":4009297641,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:57.397670+0800","flow_id":876009007334561,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51223,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1800289332,"tcpack":665581634,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:57.506795+0800","flow_id":1544879807271804,"in_iface":"eth2","event_type":"drop","src_ip":"218.12.76.158","src_port":80,"dest_ip":"192.168.0.122","dest_port":44338,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":44,"ipid":0,"tcpseq":1902281446,"tcpack":421031897,"tcpwin":26960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:57.518852+0800","flow_id":1572867919914056,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.122","dest_port":56372,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2372652403,"tcpack":4009297641,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:57.583560+0800","flow_id":1732010161339554,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5022,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":1934049491,"tcpack":1277741443,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:57.629740+0800","flow_id":688745750283095,"in_iface":"eth2","event_type":"flow","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54172,"proto":"TCP","flow":{"pkts_toserver":16,"pkts_toclient":0,"bytes_toserver":1184,"bytes_toclient":0,"start":"2023-07-22T08:49:46.029289+0800","end":"2023-07-22T08:50:56.395651+0800","age":70,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:51:57.712816+0800","flow_id":1544879807271804,"in_iface":"eth2","event_type":"drop","src_ip":"218.12.76.158","src_port":80,"dest_ip":"192.168.0.122","dest_port":44338,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":44,"ipid":0,"tcpseq":1902281446,"tcpack":421031897,"tcpwin":26960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:57.726407+0800","flow_id":1572867919914056,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.122","dest_port":56372,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2372652403,"tcpack":4009297641,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:58.117520+0800","flow_id":1544879807271804,"in_iface":"eth2","event_type":"drop","src_ip":"218.12.76.158","src_port":80,"dest_ip":"192.168.0.122","dest_port":44338,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":44,"ipid":0,"tcpseq":1902281446,"tcpack":421031897,"tcpwin":26960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:58.133884+0800","flow_id":1572867919914056,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.122","dest_port":56372,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2372652403,"tcpack":4009297641,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:58.137125+0800","flow_id":1572867919914056,"in_iface":"eth2","event_type":"drop","src_ip":"27.185.201.156","src_port":443,"dest_ip":"192.168.0.122","dest_port":56372,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":38,"ipid":0,"tcpseq":2372652403,"tcpack":4009297641,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:58.343653+0800","flow_id":1630864489372632,"in_iface":"eth2","event_type":"drop","src_ip":"121.36.117.98","src_port":80,"dest_ip":"192.168.0.120","dest_port":37406,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":41,"ipid":0,"tcpseq":3030632440,"tcpack":812202683,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:58.355358+0800","flow_id":1465767367040542,"in_iface":"eth2","event_type":"drop","src_ip":"49.4.45.202","src_port":443,"dest_ip":"192.168.0.120","dest_port":38196,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":39,"ipid":0,"tcpseq":2657603506,"tcpack":3595807456,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:58.659550+0800","flow_id":1432058608308781,"in_iface":"eth2","event_type":"flow","src_ip":"223.255.185.3","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:25.202355+0800","end":"2023-07-22T08:51:25.202355+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:58.659947+0800","flow_id":338427277891905,"in_iface":"eth2","event_type":"flow","src_ip":"119.28.230.190","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:21.209868+0800","end":"2023-07-22T08:51:21.209868+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:51:59.398565+0800","flow_id":876009007334561,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51223,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1800289332,"tcpack":665581634,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:59.462615+0800","flow_id":1986916638148915,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.100","src_port":52905,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":16624,"rrname":"bing.com","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:51:59.718375+0800","flow_id":260462486659709,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":45058,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1347269371,"tcpack":713768312,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:59.880932+0800","flow_id":260462486659709,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":45058,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1347269371,"tcpack":713768312,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:51:59.983633+0800","flow_id":193156069232336,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":45066,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":901147621,"tcpack":198160116,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:52:00.137542+0800","flow_id":193156069232336,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":45066,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":901147621,"tcpack":198160116,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:52:00.714190+0800","flow_id":1309069126576063,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"118.143.17.83","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:24.173719+0800","end":"2023-07-22T08:51:24.173719+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:52:00.715152+0800","flow_id":2069481408213990,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":51219,"dest_ip":"146.56.252.164","dest_port":50443,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":0,"bytes_toserver":434,"bytes_toclient":0,"start":"2023-07-22T08:50:47.678446+0800","end":"2023-07-22T08:50:59.290322+0800","age":12,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:52:01.399363+0800","flow_id":876009007334561,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51223,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1800289332,"tcpack":665581634,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:52:01.741285+0800","flow_id":547589840879800,"in_iface":"eth2","event_type":"flow","src_ip":"142.250.207.78","src_port":443,"dest_ip":"192.168.0.177","dest_port":54166,"proto":"TCP","flow":{"pkts_toserver":16,"pkts_toclient":0,"bytes_toserver":1184,"bytes_toclient":0,"start":"2023-07-22T08:49:45.782855+0800","end":"2023-07-22T08:50:56.348347+0800","age":71,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:52:01.742094+0800","flow_id":1142255531252630,"in_iface":"eth2","event_type":"flow","src_ip":"118.143.17.83","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:24.200416+0800","end":"2023-07-22T08:51:24.200416+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:52:02.354381+0800","flow_id":1630864489372632,"in_iface":"eth2","event_type":"drop","src_ip":"121.36.117.98","src_port":80,"dest_ip":"192.168.0.120","dest_port":37406,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":41,"ipid":0,"tcpseq":3030632440,"tcpack":812202683,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:52:02.365740+0800","flow_id":1465767367040542,"in_iface":"eth2","event_type":"drop","src_ip":"49.4.45.202","src_port":443,"dest_ip":"192.168.0.120","dest_port":38196,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":39,"ipid":0,"tcpseq":2657603506,"tcpack":3595807456,"tcpwin":28960,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:52:02.767325+0800","flow_id":1663378054309376,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":41904,"dest_ip":"185.125.188.132","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:50:53.780501+0800","end":"2023-07-22T08:50:56.939303+0800","age":3,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:52:03.424765+0800","flow_id":876009007334561,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51223,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1800289332,"tcpack":665581634,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:52:03.796400+0800","flow_id":1440770410880709,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41904,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:50:53.990815+0800","end":"2023-07-22T08:51:01.326312+0800","age":8,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:52:03.938572+0800","event_type":"stats","stats":{"uptime":256,"capture":{"kernel_packets":4773,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":837330,"poll_signal":0,"poll_timeout":38878,"poll_data":798452,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":4776,"bytes":1873508,"invalid":0,"ipv4":4002,"ipv6":47,"ethernet":4776,"arp":211,"unknown_ethertype":516,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1871,"udp":2127,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":47,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":392,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":624,"synack":1202,"rst":14,"active_sessions":28,"sessions":128,"ssn_memcap_drop":0,"ssn_from_cache":42,"ssn_from_pool":86,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9702144,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":675,"active":92,"tcp":260,"udp":392,"icmpv4":2,"icmpv6":21,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":75,"flows_evicted_pkt_inject":75,"flows_evicted":3,"flows_injected":75,"flows_injected_max":1},"end":{"state":{"new":583,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":100,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":34,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":1540,"flows_notimeout":959,"flows_timeout":581,"flows_evicted":581,"flows_evicted_needs_work":75},"spare":10306,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":506,"queue_avg":0,"queue_max":8},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":107,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":114,"nfs_udp":0,"krb5_udp":0,"failed_udp":148},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":54,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":118,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:52:05.419987+0800","flow_id":876009007334561,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51223,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1800289332,"tcpack":665581634,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:52:07.418885+0800","flow_id":876009007334561,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51223,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1800289332,"tcpack":665581634,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:52:07.521201+0800","flow_id":2238542067916551,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41916,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":4063179404,"tcpack":3492452640,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:52:07.912483+0800","flow_id":1169047228552233,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":5014,"dest_ip":"185.125.188.133","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":3,"pkts_toclient":0,"bytes_toserver":222,"bytes_toclient":0,"start":"2023-07-22T08:51:00.993086+0800","end":"2023-07-22T08:51:04.192479+0800","age":4,"state":"new","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"12","tcp_flags_ts":"12","tcp_flags_tc":"00","syn":true,"ack":true,"state":"syn_sent","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-07-22T08:52:08.088655+0800","flow_id":260462486659709,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":45058,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1190788618,"tcpack":713768312,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:52:08.334557+0800","flow_id":193156069232336,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":45066,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3917980625,"tcpack":198160116,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:52:08.393715+0800","flow_id":260462486659709,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":45058,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1190788618,"tcpack":713768312,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:52:08.529807+0800","flow_id":2238542067916551,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41916,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":4063179404,"tcpack":3492452640,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:52:08.643543+0800","flow_id":193156069232336,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":45066,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3917980625,"tcpack":198160116,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:52:08.942841+0800","flow_id":11831215179944,"in_iface":"eth2","event_type":"flow","src_ip":"45.11.104.223","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:36.199362+0800","end":"2023-07-22T08:51:36.199362+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:52:08.943347+0800","flow_id":1872081761523134,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"223.255.185.2","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:34.173734+0800","end":"2023-07-22T08:51:34.173734+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:52:09.453898+0800","flow_id":876009007334561,"in_iface":"eth2","event_type":"drop","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51223,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":0,"ttl":42,"ipid":0,"tcpseq":1800289332,"tcpack":665581634,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:52:09.544315+0800","flow_id":2238542067916551,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41916,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":4063179404,"tcpack":3492452640,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:52:09.755935+0800","flow_id":431969841289798,"in_iface":"eth1","event_type":"dns","src_ip":"192.168.0.170","src_port":50689,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"type":"query","id":1707,"rrname":"devs-pe.tplinkcloud.com.cn","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2023-07-22T08:52:09.972867+0800","flow_id":2013482334547414,"in_iface":"eth2","event_type":"flow","src_ip":"192.168.0.1","src_port":53,"dest_ip":"192.168.0.170","dest_port":50687,"proto":"UDP","app_proto":"failed","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":164,"bytes_toclient":0,"start":"2023-07-22T08:51:35.730944+0800","end":"2023-07-22T08:51:35.730944+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:52:10.425949+0800","flow_id":260462486659709,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":45058,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":1190788618,"tcpack":713768312,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:52:10.675868+0800","flow_id":193156069232336,"in_iface":"eth2","event_type":"drop","src_ip":"34.117.65.55","src_port":443,"dest_ip":"192.168.0.177","dest_port":45066,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":57,"ipid":0,"tcpseq":3917980625,"tcpack":198160116,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:52:10.750413+0800","flow_id":2238542067916551,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41916,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":4063179404,"tcpack":3492452640,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:52:10.994212+0800","flow_id":1996256965101629,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.170","src_port":50687,"dest_ip":"192.168.0.1","dest_port":53,"proto":"UDP","app_proto":"dns","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":86,"bytes_toclient":0,"start":"2023-07-22T08:51:35.726933+0800","end":"2023-07-22T08:51:35.726933+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:52:11.945821+0800","event_type":"stats","stats":{"uptime":264,"capture":{"kernel_packets":4833,"kernel_drops":0,"errors":0,"afpacket":{"busy_loop_avg":1,"polls":842022,"poll_signal":0,"poll_timeout":40276,"poll_data":801746,"poll_errors":0,"send_errors":0}},"decoder":{"pkts":4837,"bytes":1878210,"invalid":0,"ipv4":4036,"ipv6":48,"ethernet":4837,"arp":219,"unknown_ethertype":534,"chdlc":0,"raw":0,"null":0,"sll":0,"tcp":1893,"udp":2139,"sctp":0,"esp":0,"icmpv4":4,"icmpv6":48,"ppp":0,"pppoe":0,"geneve":0,"gre":0,"vlan":0,"vlan_qinq":0,"vlan_qinqinq":0,"vxlan":0,"vntag":0,"ieee8021ah":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":388,"max_pkt_size":1399,"max_mac_addrs_src":0,"max_mac_addrs_dst":0,"erspan":0,"nsh":0,"event":{"ipv4":{"pkt_too_small":0,"hlen_too_small":0,"iplen_smaller_than_hlen":0,"trunc_pkt":0,"opt_invalid":0,"opt_invalid_len":0,"opt_malformed":0,"opt_pad_required":0,"opt_eol_required":0,"opt_duplicate":0,"opt_unknown":0,"wrong_ip_version":0,"icmpv6":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_ignored":0},"icmpv4":{"pkt_too_small":0,"unknown_type":0,"unknown_code":0,"ipv4_trunc_pkt":0,"ipv4_unknown_ver":0},"icmpv6":{"unknown_type":0,"unknown_code":0,"pkt_too_small":0,"ipv6_unknown_version":0,"ipv6_trunc_pkt":0,"mld_message_with_invalid_hl":0,"unassigned_type":0,"experimentation_type":0},"ipv6":{"pkt_too_small":0,"trunc_pkt":0,"trunc_exthdr":0,"exthdr_dupl_fh":0,"exthdr_useless_fh":0,"exthdr_dupl_rh":0,"exthdr_dupl_hh":0,"exthdr_dupl_dh":0,"exthdr_dupl_ah":0,"exthdr_dupl_eh":0,"exthdr_invalid_optlen":0,"wrong_ip_version":0,"exthdr_ah_res_not_null":0,"hopopts_unknown_opt":0,"hopopts_only_padding":0,"dstopts_unknown_opt":0,"dstopts_only_padding":0,"rh_type_0":0,"zero_len_padn":10,"fh_non_zero_reserved_field":0,"data_after_none_header":0,"unknown_next_header":0,"icmpv4":0,"frag_pkt_too_large":0,"frag_overlap":0,"frag_invalid_length":0,"frag_ignored":0,"ipv4_in_ipv6_too_small":0,"ipv4_in_ipv6_wrong_version":0,"ipv6_in_ipv6_too_small":0,"ipv6_in_ipv6_wrong_version":0},"tcp":{"pkt_too_small":0,"hlen_too_small":0,"invalid_optlen":0,"opt_invalid_len":0,"opt_duplicate":0},"udp":{"pkt_too_small":0,"hlen_too_small":0,"hlen_invalid":0,"len_invalid":0},"sll":{"pkt_too_small":0},"ethernet":{"pkt_too_small":0},"ppp":{"pkt_too_small":0,"vju_pkt_too_small":0,"ip4_pkt_too_small":0,"ip6_pkt_too_small":0,"wrong_type":0,"unsup_proto":0},"pppoe":{"pkt_too_small":0,"wrong_code":0,"malformed_tags":0},"gre":{"pkt_too_small":0,"wrong_version":0,"version0_recur":0,"version0_flags":0,"version0_hdr_too_big":0,"version0_malformed_sre_hdr":0,"version1_chksum":0,"version1_route":0,"version1_ssr":0,"version1_recur":0,"version1_flags":0,"version1_no_key":0,"version1_wrong_protocol":0,"version1_malformed_sre_hdr":0,"version1_hdr_too_big":0},"vlan":{"header_too_small":0,"unknown_type":0,"too_many_layers":0},"ieee8021ah":{"header_too_small":0},"vntag":{"header_too_small":0,"unknown_type":0},"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"sctp":{"pkt_too_small":0},"esp":{"pkt_too_small":0},"mpls":{"header_too_small":0,"pkt_too_small":0,"bad_label_router_alert":0,"bad_label_implicit_null":0,"bad_label_reserved":0,"unknown_payload_type":0},"vxlan":{"unknown_payload_type":0},"geneve":{"unknown_payload_type":0},"erspan":{"header_too_small":0,"unsupported_version":0,"too_many_vlan_layers":0},"dce":{"pkt_too_small":0},"chdlc":{"pkt_too_small":0},"nsh":{"header_too_small":0,"unsupported_version":0,"bad_header_length":0,"reserved_type":0,"unsupported_type":0,"unknown_payload":0}},"too_many_layers":0},"tcp":{"syn":632,"synack":1216,"rst":14,"active_sessions":28,"sessions":129,"ssn_memcap_drop":0,"ssn_from_cache":43,"ssn_from_pool":86,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"midstream_pickups":0,"pkt_on_wrong_thread":0,"ack_unseen_data":0,"segment_memcap_drop":0,"segment_from_cache":0,"segment_from_pool":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"memuse":9702208,"reassembly_memuse":1835008},"flow":{"memcap":0,"total":690,"active":105,"tcp":262,"udp":404,"icmpv4":2,"icmpv6":22,"tcp_reuse":0,"get_used":0,"get_used_eval":0,"get_used_eval_reject":0,"get_used_eval_busy":0,"get_used_failed":0,"wrk":{"spare_sync_avg":100,"spare_sync":16,"spare_sync_incomplete":0,"spare_sync_empty":0,"flows_evicted_needs_work":76,"flows_evicted_pkt_inject":76,"flows_evicted":3,"flows_injected":76,"flows_injected_max":1},"end":{"state":{"new":585,"established":0,"closed":0,"local_bypassed":0,"capture_bypassed":0},"tcp_state":{"none":0,"syn_sent":101,"syn_recv":0,"established":0,"fin_wait1":0,"fin_wait2":0,"time_wait":0,"last_ack":0,"close_wait":0,"closing":0,"closed":0},"tcp_liberal":0},"mgr":{"full_hash_pass":35,"rows_per_sec":9175,"rows_maxlen":1,"flows_checked":1558,"flows_notimeout":975,"flows_timeout":583,"flows_evicted":583,"flows_evicted_needs_work":76},"spare":10307,"emerg_mode_entered":0,"emerg_mode_over":0,"recycler":{"recycled":507,"queue_avg":0,"queue_max":8},"memuse":9757056},"defrag":{"ipv4":{"fragments":0,"reassembled":0},"ipv6":{"fragments":0,"reassembled":0},"max_frag_hits":0},"flow_bypassed":{"local_pkts":0,"local_bytes":0,"local_capture_pkts":0,"local_capture_bytes":0,"closed":0,"pkts":0,"bytes":0},"detect":{"engines":[{"id":0,"last_reload":"2023-07-22T08:48:19.683760+0800","rules_loaded":33918,"rules_failed":0}],"alert":0,"alert_queue_overflow":0,"alerts_suppressed":0},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":117,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":4,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":115,"nfs_udp":0,"krb5_udp":0,"failed_udp":149},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"nfs_tcp":0,"ntp":59,"ftp-data":0,"tftp":0,"ike":0,"krb5_tcp":0,"quic":19,"dhcp":12,"snmp":0,"sip":0,"rfb":0,"mqtt":0,"telnet":0,"rdp":0,"http2":0,"bittorrent-dht":0,"dcerpc_udp":0,"dns_udp":119,"nfs_udp":0,"krb5_udp":0},"error":{"http":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"smtp":{"gap":0,"alloc":0,"parser":0,"internal":0},"tls":{"gap":0,"alloc":0,"parser":0,"internal":0},"ssh":{"gap":0,"alloc":0,"parser":0,"internal":0},"imap":{"gap":0,"alloc":0,"parser":0,"internal":0},"smb":{"gap":0,"alloc":0,"parser":0,"internal":0},"dcerpc_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"dns_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"nfs_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ntp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ftp-data":{"gap":0,"alloc":0,"parser":0,"internal":0},"tftp":{"gap":0,"alloc":0,"parser":0,"internal":0},"ike":{"gap":0,"alloc":0,"parser":0,"internal":0},"krb5_tcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"quic":{"gap":0,"alloc":0,"parser":0,"internal":0},"dhcp":{"gap":0,"alloc":0,"parser":0,"internal":0},"snmp":{"gap":0,"alloc":0,"parser":0,"internal":0},"sip":{"gap":0,"alloc":0,"parser":0,"internal":0},"rfb":{"gap":0,"alloc":0,"parser":0,"internal":0},"mqtt":{"gap":0,"alloc":0,"parser":0,"internal":0},"telnet":{"gap":0,"alloc":0,"parser":0,"internal":0},"rdp":{"gap":0,"alloc":0,"parser":0,"internal":0},"http2":{"gap":0,"alloc":0,"parser":0,"internal":0},"bittorrent-dht":{"gap":0,"alloc":0,"parser":0,"internal":0},"failed_tcp":{"gap":0},"dcerpc_udp":{"alloc":0,"parser":0,"internal":0},"dns_udp":{"alloc":0,"parser":0,"internal":0},"nfs_udp":{"alloc":0,"parser":0,"internal":0},"krb5_udp":{"alloc":0,"parser":0,"internal":0}},"expectations":0},"http":{"memuse":0,"memcap":0},"ftp":{"memuse":0,"memcap":0},"file_store":{"open_files":0}}}
{"timestamp":"2023-07-22T08:52:12.022547+0800","flow_id":1712184254210818,"in_iface":"eth2","event_type":"flow","src_ip":"223.255.185.2","src_port":123,"dest_ip":"192.168.0.200","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:34.202040+0800","end":"2023-07-22T08:51:34.202040+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:52:12.745188+0800","flow_id":2238542067916551,"in_iface":"eth2","event_type":"drop","src_ip":"185.125.188.132","src_port":80,"dest_ip":"192.168.0.200","dest_port":41916,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":60,"tos":0,"ttl":47,"ipid":0,"tcpseq":4063179404,"tcpack":3492452640,"tcpwin":62230,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"flow drop"}}
{"timestamp":"2023-07-22T08:52:12.818475+0800","flow_id":1263527795631432,"in_iface":"eth2","event_type":"drop","src_ip":"1.13.11.21","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51224,"proto":"TCP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":136,"ttl":42,"ipid":0,"tcpseq":599986344,"tcpack":666391746,"tcpwin":65535,"syn":true,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0,"reason":"stream midstream"}}
{"timestamp":"2023-07-22T08:52:13.023027+0800","flow_id":183272768614450,"in_iface":"eth1","event_type":"flow","src_ip":"192.168.0.200","src_port":123,"dest_ip":"45.11.104.223","dest_port":123,"proto":"UDP","app_proto":"ntp","flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":90,"bytes_toclient":0,"start":"2023-07-22T08:51:36.173743+0800","end":"2023-07-22T08:51:36.173743+0800","age":0,"state":"new","reason":"timeout","alerted":false}}
{"timestamp":"2023-07-22T08:52:13.023505+0800","flow_id":2037878156113352,"in_iface":"eth2","event_type":"flow","src_ip":"146.56.252.164","src_port":50443,"dest_ip":"192.168.0.170","dest_port":51219,"proto":"TCP","flow":{"pkts_toserver":10,"pkts_toclient":0,"bytes_toserver":620,"bytes_toclient":0,"start":"2023-07-22T08:50:47.736624+0800","end":"2023-07-22T08:51:05.385144+0800","age":18,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}
{"timestamp":"2023-07-22T08:52:13.049581+0800","flow_id":1458255441584404,"in_iface":"eth2","event_type":"flow","src_ip":"185.125.188.133","src_port":80,"dest_ip":"192.168.0.200","dest_port":5014,"proto":"TCP","flow":{"pkts_toserver":6,"pkts_toclient":0,"bytes_toserver":444,"bytes_toclient":0,"start":"2023-07-22T08:51:01.208454+0800","end":"2023-07-22T08:51:08.439312+0800","age":7,"state":"new","reason":"timeout","alerted":false,"action":"drop"},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}